Embodiment
Hereinafter, will describe in detail according to contactless type communication label of the present invention, portable tag reader with reference to the accompanying drawings and the specific embodiment of the method for product authenticity is provided.
Fig. 1 is the view that is used for interpreter operation according to the present invention.
With reference to figure 1,, have label and read the label reader 20-1 of function and information that 20-2 reads contactless type communication label 10-1,10-2 and 10-3 and show the information that is read according to the present invention.Contactless type communication label 10-1,10-2 and 10-3 are attached to for example clothes, footwear, leatherware, wine, Nong Chanpin ﹠amp; Livestock products, Yao ﹠amp; But various products such as medicine, electronics, machinery, jewelry, handicraft, probation report, admission ticket, the proof that is used for equipment and bill, money market securities and important literature.
Contactless type communication label 10-1,10-2 and 10-3 be the square, type passive, the length of each label and wide be 10-18mm.
Label reader 20-1,20-2 and 20-3 can adopt various forms manufacturing.Label reader 20-1 has width identical with credit card and the thickness identical with the summation of two or three credit card thickness.This size allows the individual can carry label reader 20-1 in its wallet.Label reader 20-1 is by battery-operated and in its front display unit is arranged.Simultaneously, add simple computing function to label reader 20-2.Simultaneously, label reader 20-3 realizes in writing phone.Yet, these label readers only show the configuration of illustrative, and according to label reader of the present invention can for example PDA(Personal Digital Assistant), multi-function watch and MPEG-1Audio Layer3 (MP3) wait and realize by hardware and software being added into the various portable equipments that can be carried by the individual.People with label reader can check the information of any product of having pasted above-mentioned contactless type communication label, thereby by its label reader can be determined the authenticity of trade mark or differentiated fake products near product.
The product code that only is marked in the actual products is printed on the product of adhesive label.For example, on the surface of the outer national wine of certain trade mark, print actual products code ' 7 ', and on the product description of the leather wallet of another trade mark, print actual products code " 9 ".By with its label reader near product, according to the product information on the display unit that outputs to label reader, the individual with label reader can determine the authenticity of trade mark.In other words, when the individual with his label reader during near the label of exotic wine, if this exotic wine is genuine, demonstration actual products code ' 7 ' on the display unit of label reader just.Equally, when the individual during near the label of leather wallet, if leather wallet is a fake products, will export personation warning message (for example " error " or certain predetermined sound) with his label reader so, rather than actual products code " 9 ".Because shown information is confined to a plurality of simple letters, for example can adopt low price parts such as 7 sections to dispose display unit.On the other hand, can export for example voice such as too voice or acoustic information according to reading the result.For example, if detect indecipherable label, label reader repeated multiple times output short pulse tone.If successfully read commercial product code, the voice that read that label reader output is short show the commercial product code that is read simultaneously on output unit.Simultaneously, label reader can be exported the commercial product code that is read with sound mix.If commercial product code is confined to numeral, thereby the amount of so this voice data not quite can be stored in the storer with low capacity.And color can be used as commercial product code.In this case, the color code at mark on the real goods only is printed on the product of adhesive label.Label reader reads color code and shows according to a plurality of light emitting diodes (LED) that the color code that is read for example has R, G, Y and a B color by ON/OFF from label and reads the result.Exist under the indecipherable label condition detecting, label reader can represent to palm off label or bad label by adopting predetermined color type output error message.
Simultaneously, commercial product code repeatedly can be presented on the display unit of label reader in order by once reading of label reader.The commercial product code that on the display unit of label reader, shows in order with comprise that manufacturer, the type of business, trade mark and trade name product information one of at least is corresponding.The record and the form of the corresponding product information of each Commercial goods labels are offered the commodity of adhesive label.If label reader is put on the label, just the mode with form shows a plurality of commercial product codes in order.For example, the label reader that will have 7 sections display units is put into to have on the outer national wine of having pasted label, and at first the product code ' 7501 ' of Xian Shiing is that to discern this product be alcohol product to first form according to the project of product type form.Secondly, be to be printed on another form on the product to discern the brand name of this product be ' Valentine ' with predetermined time interval data presented ' 0014 ' according to the project of name of product form.Secondly, with predetermined time interval data presented ' 0017 ' according to be printed on another form on the product ageing year form project to discern this product be ' Aged 17years '.
Fig. 2 describes the configuration according to contactless type communication label 10 of the present invention.
With reference to figure 2, according to a preferred embodiment of the invention, contactless type communication label 10 comprises contactless type communication device 100, control module 200 and storage unit 300.
Contactless type communication device 100 and label reader 20 be with the wireless mode swap data, extracts power component and with the power component that the extracted power supply as total system from the wireless signal that is received.Control module 200 will be stored in product information in the storage unit 300 and be encrypted as key and by contactless type communication device 100 key is outputed to external unit.Product information and key information are stored in the storage unit 300.
Contactless type communication device 100 comprises antenna 110, power supply unit 131, demodulating unit 133 and modulating unit 135.Antenna 110 with wireless with information transmission to label reader 20 or receive information from label reader.Power supply unit 131 comes to be contactless type communication label 10 supply powers by the power radio wave signal of handling in the signal that receives by antenna 100.The signal that demodulating unit 133 demodulation receive from label reader 20.Antenna 110 is printed patterns or coiling coil and forms around label.Because the configuration of modulating unit 135 and demodulating unit 133 is known technologies of those skilled in the art, is not described in detail at this.According to the present invention,, be suitable so contactless type communication label 10 is fabricated to passive type owing to contactless type communication label 10 being fabricated to small size and will approaching.Like this, power supply unit 131 extracts power component and with the power component that the extracted power supply as total system from the wireless signal that label reader 20 receives.The operation of power supply unit 131 and configuration are known, are not described in detail at this.
Storage unit 300 comprise picture Electrically Erasable Read Only Memory (EEPROM) thereby or nonvolatile semiconductor memory such as flash rom between turnoff time, preserve data.Storage unit 300 actual two storeies, for example ROM (read-only memory) and the Writing/Reading storeies of comprising.But in a preferred embodiment of the invention, storage unit 300 comprises single writing/readable nonvolatile memory.To be stored in the unit 300 in the mode of storing data about the product information 370 of for example product of adhesive labels such as the type of business, manufacturer, trade mark, name of product, grade, model, the production center, build date, dilivery date and sequence number.Simultaneously, storage unit 300 storages are used for traffic encryption key 330 between contactless type communication label 10 and label reader 20.Simultaneously, storage unit 300 storage is used for specifying the required key appointed information 310 of key 330 here at label reader.And storage unit 300 comprises the counting region of the number of times of the product information 370 that is used to store the contactless type communication label 10 that reads by label reader 20.Storage unit 300 can be stored the information of carrying out read operation and for example reading the label reader 20 that reads details of date and time.
The product information 370 that is stored in the storage unit 300 can be the product code form that is made of combination of numbers, color scheme or monogram.Display unit at label reader 20 is to belong under the situation of 7 segment types, will be outputed on the display unit of label reader 20 by the product code that combination of numbers constitutes.Simultaneously, the color code of the shooting sequence of the binary code of the order of the open/close state of product code a plurality of LED that can be arranged by order of representation and/or a plurality of LED that expression has different colours constitutes.In this case, the display unit of label reader 20 is formed by a plurality of LED and label reader drives a plurality of LED according to the product code that receives from contactless type communication tags 10.Have only single product code can be stored in the storage unit 300, but a plurality of product codes can be stored in the storage unit 300 and read in order and show.Simultaneously, product code can pre-determine according to manufacturer, trade mark, the type of business and name of product.Like this, the individual with code table can obtain for example product informations such as manufacturer, trade mark, the type of business and name of product by the product code that order shows.
According to the present invention, the control module 200 of the total system of control contactless type communication label 10 is implemented as the hardware that only is used for as the Digital Logic of stater design, the special IC (ASIC) that for example designs on trigger and gate circuit basis.Those skilled in the art obtain sort circuit easily by various computer-aided design (CAD)s (CAD) instrument commonly used, are not described in detail here.Like this, owing to do not use the master routine of other storage, can avoid bringing the problem of storage period in nonvolatile memory.Yet, in this case, the product information that can change according to label or the key of relevant information as data storage in nonvolatile memory.Countermeasure for the restriction of storage period will be described afterwards.Yet, the invention is not restricted to only be used for the hardware of Digital Logic, and control module 200 can be used as microprocessor and realizes.Simultaneously, characteristic functions of the present invention can obtain by software control.Simultaneously, master routine is stored in the storage unit 300 in addition.In another embodiment of the present invention, thus in fact storage unit 300 comprises two storeies comprises that the part of master routine can store in independent storer.
Control module 200 comprises that encryption/decryption element 210, information provide unit 250, the anti-stop element 230 of Replay Attack and management processing unit, back (post management processing unit) 270.Each of these parts can be separated with management processing unit, back 270 with control module 200, the anti-stop element 230 of Replay Attack and optionally be included in the control module 200.Encryption/decryption element 210 by contactless type communication device 100 with the decrypted signal that received or encrypt the signal that will transmit and the signal of encrypting is transferred to contactless type communication device 100.
The product information 370 that information provides unit 250 to read to be stored in the storage unit 300 also offers encryption/decryption element 210 with the product information 370 that is read.Simultaneously, information provides the reading order of unit 250 responses from label reader 20, reads the product information 370 that is stored in the storage unit 300 by contactless type communication device 100.When reading product information 370, information provides unit 250 that the count value of storage unit 300 is added 1 and checked the count value that is stored in the storage unit 300 before reading product information.If count value is greater than predetermined value, it is the information of inappropriate label and output products information 370 not that information provides unit 250 not respond the number of times that is read from the reading order or the output expression of label reader 20 excessive.Yet in this case, in general, count value increases continuously and record.Check count value by the particular reader of carrying by manager.
The management of the reading times by this label, employing separates label and the label that separates is pasted fake products or the label that will not adopt separates with the actual products of employing and the label that separates is pasted fake products with actual products, can prevent to reuse label effectively.Simultaneously, the area stores count value by externally can not be approaching is also checked the count value of being stored, and can place the repeated use of label effectively and compare with physical measure not produce extra cost.If the label that pastes on the product adopts physics to strengthen pasting, when label separates with product, can adopt physics such as for example destroying the printed patterns antenna to prevent method.Yet this method makes its reason or in order to use the purpose access tag of label in can not carry out label information later stage.Simultaneously, this method can not prevent thoroughly that label from separating with product.Simultaneously, in bulk article, have difficulties.
Along with product is placed on the display, repeatedly read product by label reader immediately, when actual needs is determined the authenticity of product, read the impossible of the label that separates with product.In order to address this is that, need be at overlay film on the surface that label exposes so that reading tag when preventing in deliver goods.For example, overlay film can be the aluminium film that prevents radio communication by the outside surface that covers label.When needs were determined authenticity, overlay film separated with label.
The restriction reference value of the reading times of counter can be done different settings according to product.For example, national wine and agricultural product outside for example; Under the situation of food such as livestock products, once read 2-4 time and the restriction reference value of preferred reading times with counter is restricted to 3-5 time with use by considering that label reads when the deliver goods.Under the situation of clothes, owing to when selling and after buying, may repeatedly carry out genuine product authentication, the reading times restriction reference value of counter preferably is restricted to tens times.By this way, can the reading times restriction reference value suitably be set according to the step number of product characteristics or channel of allocation.Yet the present invention is not limited to an embodiment, wherein, check the count value of counter so as restriction to be read and, for example, the number of times that reads can be not limited to and paste famous painting, antique or diplomatic label.In this case, response is from the reading order of label reader 20, product information that information provides unit 250 to read to be stored in the storage unit 300 and the product information 370 that is read by 100 outputs of contactless type communication device are as long as and read product information 370 and just the Counter Value of storage unit is added 1.Yet in this case, not providing according to the value restricted information of counter of unit is provided information.
Adopting product code to show in proper order among the embodiment of product information 370, information provides unit 250 once to provide a plurality of product codes or according to each of a plurality of product codes is provided in order from the requirement of label reader 20 to label reader 20.When information provides the unit to provide product code in order more than 250 time, measures for encryption/decryption and Replay Attack are prevented to be applied to each data.
The decrypts information that encryption/decryption element 210 will information transmitted be encrypted and will be received from contactless type communicator 100 by contactless type communication device 100.Adopt the 3-DES algorithm as cryptographic algorithm, still, cryptographic algorithm is not limited to the 3-DES algorithm.The 3-DES algorithm is treply used DES and is adopted various forms.In this embodiment, adopt cascade 3-DES, wherein, order adopts three keys.Because these algorithms all are symmetric key algorithms, same encryption key is used for encryption and decryption.
According to general genuine product authentication method, by reading the inside identified code from reader, genuine product authentication is included in the label the inner identified code of storage and determines that whether inner identified code is and the corresponding code of actual products.On the other hand, according to the present invention, genuine product authentication depends on the artificial judgement of the information that shows on the display unit according to reader and should experience encryption/decryption procedures so that show product information accurately.
According to the present invention, first embodiment of contactless type communication label 10 is by unique master key encryption and decryption product information.In this case, the master key 330 that will be used for common unique key of various products is stored in the storage unit 300 of contactless type communication label 10.Label reader 20 also has single unique key, still, can read the product information of various products.Encryption/decryption element 210 adopts master keys 330 to provide unit 250 to being transferred to the information encryption of external unit as encryption key by information, explain the encryption that receives from external unit information and explain information is offered information unit 250 is provided.Owing to can discern product according to the product information that the operation by encryption/decryption element 210 is presented on the label reader 20, so the real information of a plurality of products can be provided.In addition, be initiate if can be applied to the label of new product, information that can reading tag and do not need the existing label reader of upgrading.
According to second embodiment of contactless type communication label 10 of the present invention, master key 330 is stored in the storage unit 300 of contactless type communication label 10 as the unique-encryption key and the encryption key appointed information 310 that will be used for master key 330.Adopt the encryption keys of the company of contactless type communication label 10 according to the type of business and/or manufacturer and/or trade mark and/or a plurality of different configurations of product type preparation.For example, under the situation of main brand label, can determine to adopt different encryption keys according to the type of the product of identic trade mark.Under the situation of the company of production few products, can specify single encryption key for company.In label reader 20, comprise the needed encryption key of all labels that read corresponding product.
One receives the request that is used for product information from label reader 20, and encryption/decryption element 210 just is transferred to encryption key appointed information 310 label reader 20 and makes label reader 20 select identical encryption key as the encryption key 330 that is stored in the label reader 20.For example, encryption key appointed information 310 is distributed to the index of a plurality of encryption keys.Therefore, the information that this that receive from external unit encrypted is explained in the information encryption that encryption/decryption element 210 will adopt this key to provide unit 250 to be transferred to external unit by information, and this explain information is offered information unit 250 is provided.
Like this, by adopting encryption key appointed information 310, although some encryption key is leaked, loss is limited to the corresponding type of business, corresponding manufacturer, corresponding trade mark or corresponding product.Simultaneously, as with the identical mode of embodiment that adopts unique master key, comprise identical encryption key and the label reader of the existing distribution that do not need to upgrade.Yet, also may produce the new label of storing new product information in addition.Simultaneously, if in label reader, obtain the encryption key of sufficient amount, can produce the new product of high safety by distributing unnecessary encryption key.In other words, when making new label, by one in the secret keys that will obtain be stored as unnecessary encryption key and with the corresponding index of encryption key, an appointment in the label reader reception hint and the encryption key that can obtain as unnecessary encryption key is as the encryption key that be used for new label so.
According to the 3rd embodiment of contactless type communication label 10 of the present invention, will according to encryption key 330 corresponding in the type of business, manufacturer, trade mark, brand name and encryption key appointed information 310 at least two references separate and at least two encryption keys 330 of distributing are stored in the storage unit 300 of contactless type communication label 10.
Fig. 4 A is that the 3rd embodiment according to contactless type communication label 10 of the present invention describes exemplary encryption key 410 and exemplary encryption key appointed information 420.With reference to figure 4A, the encryption key 410 of storage comprises according to the type of business, manufacturer and trade mark and determines wherein each three encryption keys 411,413 and 415 in contactless type communication label 10.With all encryption keys 433,453 and 473 and be stored in the label reader 20 accordingly with key 433,453 and 473 as the encrypted indexes 431,451 and 471 of encryption key appointed information.The encryption key of label reader 20 is categorized as three groups, and each group is the allocation table that is used for the encryption key of the type of business, manufacturer and trade mark.For example a plurality of encryption keys 411,413 and 415 can be three encryption keys that are used for each step of 3-DES algorithm.
One receives the request from the product information of label reader 20, the encryption/decryption element 210 of contactless type communication label 10 will as encryption key appointed information 310 promptly 02,01 and 04 index be transferred to label reader 20.Label reader 20 from index, search corresponding encryption key table and select be stored in contactless type communication label 10 in encryption key 410 be 1324, abcd and 2345 identical encryption key settings, be used to read current contactless type communication label 10 as encryption key.After this, by adopting a plurality of encryption keys in order, information encryption and deciphering that 210 pairs of the encryption/decryption element of contactless type communication label are transferred to label reader and receive from label reader.
In case specify encryption keys, label reader 20 can be discerned the type of business, manufacturer, trade mark or name of product under the encryption key.In other words, in Fig. 4 A, the manufacturer that label reader 20 can identify product according to the encryption key indices 421,423 and 425 of the product that is included in the adhesive label 10 in the type of attachment that is received is that ' brand name of Sam-ah enterprise and product is ' CAPACCI '.Like this, in fact, the product information 370 and the encryption key appointed information 310 that are stored in the storage unit 300 can be overlapped each other.In other words, index 421,423 and 425 itself can be a portioned product information.The 3rd embodiment has the advantage of first embodiment and second embodiment and adopts a plurality of encryption keys raising degrees of safety and fully obtain the profit that new product produces by order.
According to the 4th embodiment of contactless type communication label 10 of the present invention, be stored in a plurality of encryption keys 330 and encryption key appointed information 310 in the contactless type communication label 10 and label reader 20 comprises the required encryption key of product information that is used to read all corresponding products.In this embodiment, one receives the request of reading from label reader 20, contactless type communication label 10 is selected in a plurality of encryption keys 330, to be transferred to label reader 20 and make total encryption key mutually the same with the corresponding encryption key appointed information of selected encryption key.Adopt the rotation system or at random system carry out the selection of the encryption key of contactless type communication label 10.After this, contactless type communication label 10 information that adopts selected encryption key pair and label reader 20 to exchange is carried out encryption and decryption.A fourth embodiment in accordance with the invention has two advantages of first embodiment.Because contactless type communication label 10 is responding by changing its encryption key in the read operation each time, so second embodiment can improve the ability of handling the personation reader.
The 5th embodiment according to contactless type communication label 10 of the present invention, with a plurality of encryption key set 330 with encryption key appointed information group 310 is stored in the contactless type communication label 10 and label reader 20 comprises the encryption key of the product information that reads all corresponding products.Each encryption key set of contactless type communication label 10 comprises two encryption keys of classifying and determining according at least two parameters in the type of business, manufacturer, trade mark and the name of product at least.For example, a plurality of encryption keys can be used in three encryption keys in each step of 3-DES algorithm.In other words, the fifth embodiment of the present invention, contactless type communication label 10 comprises the many set of encryption keys 411,413 shown in Fig. 4 A and 415 and many set of encryption keys appointed information 421,423 and 425.Encryption/decryption element 210 adopts a plurality of encryption keys in order and carries out encryption and decryption.Adopt the rotation system or at random system carry out the selection of the encryption key of label.After this, label adopts the information that selected encryption key set is deciphered in order and encryption and label reader exchange.In the 5th embodiment, adopt the mode identical with the 3rd embodiment of contactless type communication label 10, label reader 20 can be discerned the type of business, manufacturer, trade mark and name of product.Like this, adopt the different mode of the 5th embodiment, the product information 370 and the encryption key appointed information 310 of storage unit 300 are overlapped each other.According to the present invention, the 5th embodiment of contactless type communication label 10 has the advantage of first embodiment to the, four embodiment.
According to the present invention, the 6th embodiment of contactless type communication label 10, in contactless type communication label 10, comprise an encryption key with in order to create the encryption key creation function that the encryption key identical with contactless type communication label 10 is used for reader.For example, adopt the company of contactless type communication label 10 to prepare a plurality of encryption keys and distribute different encryption keys according to the type of business and/or manufacturer and/or trade mark and/or name of product.Label reader 20 comprises can create all encryption key creation module for the necessary encryption key of label that reads corresponding product.The encryption key creation function that encryption key creation module adopts a seed or a plurality of seed to found an encryption key and receive from label.Can adopt a seed to change with the function parameter value by the quantity of the encryption key of label reader 20 establishments.Although the seed of limited quantity is stored in the label reader 20, can specifies different encryption keys and not need the label reader 20 of upgrading a plurality of trade marks.Like this, according to the present invention, even after label reader distributes, genuine product authentication system can produce a plurality of new types of business, manufacturer, trade mark and name of product and not need the label reader 20 of upgrading.This company is by to the new encryption key of corresponding product dispensation with corresponding product is pasted this label that is used to create the establishment information of this new encryption key of storage become possibility.Simultaneously, according to the present invention, in genuine product authentication system,, make and adopt identical encryption key to come various products execution genuine product authentication are become possibility because product information is presented on the display unit as sentence.
For example, encryption key creation module can be by setting up the result of round values as the substitution seed as the encryption key creation function that is received.Yet the present invention is not limited to this encryption key creation function, but should be appreciated that this encryption key message comprises the information that is used to specify and creates the encryption key in the label reader 20.For example, encryption key creation function can be the text message that comprises the continuous code sequence of manufacturer code, trade mark code and product code or comprise manufacturer's title, brand name and name of product.Simultaneously, encryption key creation algorithm comprises a plurality of functions and the computing that can adopt a seed and at least one parameter to create encryption key.Like this, by the establishment algorithm of suitable selection encryption key creation module, also can actually obtain a plurality of encryption keys even make when in label reader 20, storing a seed.
Simultaneously, the 6th embodiment according to contactless type communication label 10 of the present invention, one receives the request for product information from label reader 20, the encryption/decryption element 210 of contactless type communication label 10 will be transferred to label reader 20 as the encryption key creation function of encryption key appointed information 310, thus label reader 20 is created and be stored in label reader 20 in the identical encryption key of encryption key 330.Therefore, encryption/decryption element 210 information that adopted the information that these encryption keys provide unit 250 to encrypt will to be transferred to external unit by information or explain the encryption that receives from external unit and provide unit 250 with the information information of outputing to of explanation then.In the 6th embodiment of contactless type communication label 10, the encryption key by more sufficient acquisition is used in the type of business, manufacturer, trade mark or product with the encryption key branch of q.s.Like this, even when encryption key is partly revealed, loss also can be reduced to minimum.Simultaneously, identical with first embodiment, can add the new label that same cipher key is arranged in addition and store new product information, and the existing distributed labels reader that need not to upgrade.Simultaneously, in this embodiment, when the needs new product adds fashionable, if encryption key and the encryption key creation function that is used for encryption key creation that tag storage is new, the identical encryption key of the corresponding label of being stored of seed and the encryption key appointed information that receives from label can be created and be adopted to label reader.Like this, can add more new product and carry out genuine product authentication, thereby keep higher degree of safety.
According to the 7th embodiment of contactless type communication label 10 of the present invention, the storage unit 300 of contactless type communication label 10 is stored two encryption keys 330 of classifying according at least two parameters in the type of business, manufacturer, trade mark and the name of product and determining and corresponding as the encryption key creation function of encrypting appointed information with at least two encryption keys 330 at least.In this embodiment, encryption/decryption element 210 adopts the encryption key of being stored to come enciphered message by order.The encryption key creation function that label reader 20 receives from contactless type communication label 10.Label reader 20 receives from the encryption key creation function of contactless type communication label 10 and creates and be stored in the identical encryption key set of contactless type communication label 10 by specific function or according to the computing of encryption key creation function that is received or integer seed.Compare with the 6th embodiment, the 7th embodiment has a plurality of encryption keys of employing to improve the advantage of security by a plurality of encryption keys.
The 8th embodiment of contactless type communication label 10, the storage unit of contactless type communication label 10 store at least two encryption keys 330 of classifying according at least two parameters in the type of business, manufacturer, trade mark and the name of product and determining and with the index of the identifying information of at least two encryption keys 330 corresponding encryption key creation function and the encryption key creation function that is used to specify.In this embodiment, encryption/decryption element 210 adopts the encryption key of being stored to come information and executing is repeatedly encrypted by order.Label reader 20 receives the index about encryption key creation function of contactless type communication label 10, and creates and is stored in the identical encryption key set of contactless type communication label 10 by specific function or according to the computing of index that is received and integer seed.
Fig. 4 B be describe encryption key 410 according to the 8th embodiment of contactless type communication label 10 of the present invention, encryption key creation function 420 and with encryption key creation function 420 corresponding index.In Fig. 4 B, identical Reference numeral is adopted in the configuration corresponding or identical with Fig. 4 A.With reference to figure 4B, the encryption key 410 that is stored in the contactless type communication label 10 comprises three encryption keys 411,413 and 415, determines wherein each according to the type of business, manufacturer and trade mark.For example, encryption key 411,413 and 415 majority can be three encryption keys that are used in each step of 3-DES algorithm.Parameter 491,493 and 495 as the encryption key creation function 490 that can create three encryption keys 411,413 and 415 can be stored in the storage unit 300, but this not necessarily.If label reader 20 request specify encryption keys are stored in the index 420 that is used to specify encryption key creation function 490 in the storage unit 300 of contactless type communication label 10 and are transferred to label reader 20.The encryption key creation function that is used to create encryption key ' 1324 ' 411 be ' 133 ' 491 and the index that is used to specify this encryption key creation function be ' 02 ' 421.In an identical manner, encryption key ' abcd ' 413, encryption key creation function ' 256 ' 493 are corresponding each other with index ' 01 ' 423, and encryption key ' 2345 ' 415, encryption key creation function ' 267 ' 495 are corresponding each other with index ' 04 ' 425.The encryption key of label reader 20 is divided into three groups, and wherein each group is the encryption key allocation table that is used for the type of business, manufacturer and trade mark.
One receives the product information from label reader 20, and the encryption/decryption element 210 of contactless type communication label 10 is transmitted as encryption key appointed information 310, that is, and and the index ' 02 ', ' 01 ' and ' 04 ' here.Label reader 20 is searched corresponding encryption key table and is extracted the encryption key creation function that is used to create identical encryption key set from these index, promptly, here ' 1234 ', ' abcd ' and ' 2345 ', as the encryption key 410 that is stored in contactless type communication label 10, that is, here from ' 133 ', ' 256 ' and ' 267 ' of each encryption key creation function group 433,453 of encryption key allocation table and 473.Label reader 20 is created corresponding encryption key so that the encryption key conduct of selecting to create is used to read the encryption key of contactless type communication label 10 according to encryption key creation function and seed by carrying out predetermined encryption key establishment algorithm.Therefore adopt this most encryption keys, encryption/decryption element 210 encryption and decryption of contactless type communication label 10 to be transferred to the information of label reader 20 and the information that receives from label reader 20 by order.
According to the 8th embodiment of contactless type communication label 10, in case specify encryption keys, label reader 20 just can be discerned the type of business, manufacturer, trade mark or the brand name of encryption key.In other words, with reference to figure 4B, according to encryption key 410, encryption key creation function 420 and index, label reader 20 can discern the stickup contactless type communication label 10 that is included in the type of attachment product from the encryption key indices 421,423 and 425 that is received, the manufacturer of product is that ' brand name of Samah enterprise and product is ' CAPACCI '.Like this, in the mode different with the 8th embodiment, the product information 370 and the encryption key appointed information 310 of storage unit 300 overlap each other.In other words, index 421,423 and 425 can be a portioned product information 370.This has the advantage of the 6th embodiment and the 7th embodiment according to the eighth embodiment of the present invention.Simultaneously, in the 8th embodiment, because transmission and reception hint have improved degree of safety and be easy to realize the renewal of label reader 20, this will describe afterwards.
By this measure, the reader 20 of label is specified corresponding encryption key, and request is stored in the product information of contactless type communication label 10, receives request responding, and show the response that is received on display unit.If correct contactless type communication label is pasted on the product, the encryption/decryption procedures between label reader 20 and contactless type communication label 10 is successful, like this, and the successful corresponding product information of demonstration on display unit just.As fruit product is fake products or fake product, and the encryption/decryption procedures failure like this, just will show the insignificant information or the fake products warning that not can read by display unit.Like this, client can check the authenticity of product.
Also in order product code is outputed on the display unit from the product code relevant contactless type communication label 10 according to information reading unit 750 receptions of label reader 20 of the present invention are a plurality of with different product informations.In other words, for a kind of product, a plurality of storage codes are stored in the storage unit 300 of contactless type communication label 10 and label reader 20 reads in order and show the product code of being stored.For example, the product code that at first shows in a plurality of product codes is a manufacturer, and second product code that shows is that the product code of trade mark and next demonstration is unique identification symbol of each product.Like this, there is the subscriber of code table can discern product information from displayed code sequence.In one embodiment, display unit has a plurality of color LEDs, and code sequence can be the binary sequence that the expression color LED opens or closes.
The control module 200 of contactless type communication label 10 or contactless type communication label 10 can have leaked encryption key updating block 220.If leaked encryption key updating block 220 is to place the module of contactless type communication label 10 to make the personation label invalid so that the encryption key of at least one agreement is revealed.After encryption key is revealed, expose the module that places in the label of making recently.Leaked encryption key updating block 220 is abandoned the existing encryption key of the existing label reader 20 of attempting to read contactless type communication label 10 and the new encryption key that guides label reader 20 to adopt by 220 appointments of leaked encryption key updating block.
Be applied to unique master key that the leaked encryption key updating block 220 of first embodiment of contactless type communication label 10 will newly adopt according to the present invention and be transferred to label reader 20.Label reader 20 abandon himself master key and the master key that received of record as new encryption key.At this moment, by between contactless type communication label 10 and label reader 20, suitably defining key updating protocol, can reduce because master key is attacked caused danger.
The leaked encryption key updating block 220 that will be applied to second embodiment of contactless type communication label 10 according to the present invention places the corresponding encryption key that also will newly adopt in the label of the type of business, manufacturer, trade mark or the product identical with the encryption key of revealing to be transferred to label reader 20.Label reader 20 abandon the existing encryption key that distributes and the encryption key that will newly receive as the encryption key of the corresponding type of business, corresponding manufacturer, corresponding trade mark or corresponding product be stored in contactless type communication label 10 corresponding index in.
The leaked encryption key updating block 220 that will be applied to the 3rd embodiment of contactless type communication label 10 according to the present invention places in the label contactless type communication label 10 that comprises the kinds such as the type of business, manufacturer, trade mark or product identical with the encryption key of revealing and the corresponding encryption key that will newly adopt is transferred to label reader 20.Label reader 20 adopts the new encryption key renewal that receives and divides the corresponding encryption key of index that is used in contactless type communication label 10 at the form that is used for each kind.For example, in the contactless type communication label 10 shown in Fig. 4 A, specifying the trade mark index is ' 04 '.Distribute ' 2345 ' conduct and trade mark index ' 04 ' corresponding encryption key.But leaked encryption key updating block 220 can be updated to ' 5678 ' with encryption key ' 2345 ' by indicating label reader 20.For this reason, leaked encryption key updating block 220 can directly output to label reader 20 with new encryption key, if can obtain enough unappropriated remaining encryption keys, one of index that can be by selecting the residue encryption key is provided with new encryption key.For example, if with ' 5678 ' corresponding existing index be ' 15 ', leaked encryption key updating block 220 transmission ' 15 ' rather than ' 5678 ' and label reader 20 from the table of self, extracts with ' 15 ' corresponding encryption key ' 5678 ' and with encryption key and is assigned as and index ' 04 ' corresponding encryption key.Therefore, in label reader 20, identical encryption key is corresponding with index ' 04 ' and ' 15 '.
According to the present invention, the leaked encryption key updating block 220 that is applied to the 4th embodiment of contactless type communication label 10 updates stored in the encryption key of the leakage in a plurality of encryption keys in the contactless type communication label 10.Label reader 20 adopt the new encryption key that is received in encryption key table, update stored in the index with the corresponding encryption key of revealing of encryption key.
According to the present invention, the leaked encryption key updating block 220 that is applied to the 5th embodiment of contactless type communication label 10 updates stored in the whole encryption key set in the contactless type communication label 10.Like this, the leaked encryption key updating block 220 of contactless type communication label 10 is transferred to new a plurality of encryption key set of necessity label reader and asks label reader 20 to upgrade and label reader 20 corresponding encryption key set.Label reader 20 is at first specified the encryption key set of distributing to contactless type communication label 10 in the encryption key table of being stored, the order that receives according to encryption key adopts the encryption key that is received to upgrade whole encryption key set then.
According to the present invention, the leaked encryption key updating block 220 that is applied to the 5th embodiment of contactless type communication label 10 updates stored in the whole encryption key set in the label 10.Like this, the leaked encryption key updating block 220 of contactless type communication label 10 is transferred to new a plurality of encryption key set of necessity label reader and asks label reader 20 to upgrade and label reader 20 corresponding encryption key set.Label reader 20 is at first specified the encryption key set of distributing to contactless type communication label 10 in the encryption key table of being stored, and adopts the encryption key that is received to upgrade whole encryption key set according to the order that encryption key receives.
According to the present invention, be applied to the encryption key creation function that the leaked encryption key updating block 220 of the 6th embodiment of contactless type communication label 10 will newly adopt and be transferred to label reader 20.Simultaneously, will be stored in the contactless type communication label 10 with the corresponding encryption key of new encryption key creation function.The existing encrypting key information commonly used of label reader 10 registrations is as the bad label in the blacklist.In this case, if specific labeling requirement authenticity identification, label reader 20 can determine more accurately that whether label is personation label and need not be with reference to blacklist and build date.Like this, just can determine that the label of making is real and label manufacturing specific build date after is palmed off before specific build date.
According to the present invention, be applied to the encryption key creation function that the leaked encryption key updating block 220 of the 7th embodiment of contactless type communication label 10 will newly adopt and be transferred to label reader 20.For example, suppose to have revealed in the encryption key shown in Fig. 4 B encryption key ' 1324 ' 411.Simultaneously, new encryption key ' 1567 ' is stored in the label of new release and storage encryption key ' 1324 ' not, and with new encryption key ' 1567 ' corresponding encryption key creation function be ' 138 '.In this case, leaked encryption key updating block 220 is deleted in the encryption key table 430 of label and index ' 02 ' the corresponding encryption key creation function ' 133 ' of distributing to label, and the new encryption key creation function ' 138 ' of request record.Like this, label reader 20 extracts ' 138 ' as with index ' 02 ' corresponding encryption key creation function and create encryption key ' 1567 ' from encryption key table 430.Therefore, can not read personation key with encryption key ' 1324 ' or the product information that has the label that distributes now, thereby the label of determining this personation or existing distribution is palmed off.
Simultaneously, according to the present invention, the control module 200 of contactless type communication label 10 or contactless type communication label 10 can comprise that Replay Attack prevents stop element 230.In encryption technology, the Replay Attack device attempts in encrypting qualification process that log-on message by subscriber's transmission visits server and the information of will attacking is transferred to server again by attacking.In order to tackle this attack, server is transferred to landing request information client and encrypts this landing request information comprise random digit in landing request information after, comprises identical random digit when the response log-on message with client.When identifying the log-on message received, server is checked this random digit and is had only when random digit and Server Transport digital identical and allows to login.Because each random digit changes, and prevents that by this playback the help of technology from can prevent the possibility of the log-on message that repeated using is identical.
The present invention has introduced this playback and has prevented technology in true the evaluation.This introduction can prevent effectively that the read request information of label reader 20 or the response message of contactless type communication label 10 from being attacked, copying and using.Like this, Replay Attack system of the present invention is impossible, thereby authenticity identification can have higher reliability.
According to the present invention, the control module 200 of contactless type communication label 10 or contactless type communication label 10 can comprise final-period management processing unit (post management processing unit) 270.To read in the storage unit 300 that details are stored in the contactless type communication label.When reading, information provides reading the date of details such as for example sequence number that storage is read in the appointed area of unit 250 storage unit 300 and label reader 20 at every turn.When being stored in the value of counting region that management reads numeral greater than predetermined value, information provides unit 250 that product information is not provided.Yet design final-period management control module 270 is to read details for product information not only being provided and providing for the reader that the particular terminal with the certain encryption keys login promptly is used to manage, and does not consider reading times.By reading in the label of abandoning in the divider or returning the information of the label that product pastes, reader can be discerned sales date, the subscriber who carries out authenticity identification and authenticity identification date.Therefore, reader can effectively adopt the later stage Customer management information (post customer management information) of this information as customer-oriented market.
Simultaneously, the control module 200 of contactless type communication label 10 or contactless type communication label 10 can comprise refresh process unit 290.In general, in nonvolatile memory, it is limited can be used for number of times that reads or the time that can be used for reading behind record.Yet 10 years too short for the product that for example survey report, antique, calligraphy and painting and sculpture etc. have for a long time.If contactless type communication label 10 comprises refresh process unit 290 at application, when reading at every turn in storage unit 300 record data and refresh process data again.All data that comprise encryption key, product information and count value that are stored in the storage unit 300 are carried out refresh process.In this case, comprise that in contactless type communication label 10 refresh buffer and refresh process unit 290 are by repeating to read with write operation and carry out refresh process having modular unit with the corresponding size of capacity of refresh buffer.Under the situation of refresh process product, preferably available reading times is set to maximum and does not limit available reading times.
Below, will the preferred embodiment of label reader 20 be described.
Fig. 3 is the block scheme of the configuration of label reader 20 of the present invention.
With reference to figure 3, label reader 20 according to the present invention comprises operating unit 930, display unit 950, voice output unit 960, battery (not shown), wireless communication unit 500, storage unit 910, information reading unit 750 and control module 700.
Operating unit 930 comprises simple one or two buttons such as reading start button.Display unit 950 includes, but are not limited to, and comprises the simple low price display device or the small LCD of 7 sections or a plurality of color LCDs.Configuration realizes the software of computing function and comprise numerical key and operating key in operating unit 930 in control module 700.Can by simple transistor voice output unit 970 is connected with microprocessor and as output beep sound microphone realize.On the other hand, voice output unit 970 can be the sound mix chip that will be stored in the acoustic information mixing in the storer.Battery can be a thin battery such as disposable battery such as button type alkaline battery or lithium integrated type secondary cell.In the normal battery that uses, the thick product of 2-3mm is arranged.The thickness of battery is influential to the thickness of label.Preferred tag reader 20 is to make with card form with in the mode of carrying in wallet easily.Therefore, the cell area of the card type label reader 20 of battery insertion is outstanding from one side of a foursquare side.Like this, be not other zone of cell area be thin type and can insert in the pouch of wallet.
The power of wireless communication unit 500 and contactless type communication label 10 switched wireless data and wireless transmission necessity.Wireless communication unit 500 comprises antenna 510, power transmitting element 531, demodulating unit 533 and modulating unit 535.Antenna 510 is with contactless type communication label 10 wireless transmission and receive data.Antenna 510 can form with printed patterns around the label reader 20 with tag reading function.Power transmitting element 531 is wirelessly transmitted to contactless type communication label 10 by antenna 510 with the power of necessity.The signal demodulation that demodulating unit 533 will receive from contactless type communication tags 10 by antenna 510.Modulating unit 535 will be transferred to the signal modulation of contactless type communication label 10.Each parts that constitutes wireless communication unit 500 are corresponding with antenna 110, power supply unit 131, modulating unit 135 and demodulating unit 133 in the contactless type communication device 100 that is included in contactless type communication label 10, and are not described in detail.
The seed that will be used for controlling the master routine of total system and be used to create for the necessary encryption key of message exchange is stored in storage unit 910.On the other hand, also master routine and the necessary a plurality of encryption keys of message exchange can be stored in the storage unit 910.Storage unit 910 can comprise nonvolatile memory, that is, and and ROM and interim storage space RAM or single flash memory.Simultaneously, will be stored in the storage unit 910 by the details that read that label reader 20 is read about label.The marketeer is by reading the tendency that details can be discerned client that reads from the label reader 20 that is connected with their computing machine.
Control module 700 can be used as commercial microprocessor and realizes.Information reading unit 750 and encryption/decryption element 710 can be used as that software in the control module 700 is realized or as making with the parts that control module 700 is separated.750 responses of information reading unit are from the order of operating unit 930, and request shows the product information that receives from contactless type communication tags 10 from the product information of contactless type communication label 10 and on display unit 950.The information that encryption/decryption element 710 encryption and decryption are transferred to contactless type communication label 10 or receive from contactless type communication tags 10 by wireless communication unit 500.
Information reading unit 750 provides unit 250 to interact with the information of contactless type communication label 10, and the encryption/decryption element 210 of encryption/decryption element 710 and contactless type communication label 10 interacts.Information reading unit 750 shows the product information that receives from the contactless type communication tags with the form of text or chart on display unit 950.When display unit 950 comprised 7 sections or color LED, information provided unit 950 to show that on display unit 950 product code is as the product information that receives from contactless type communication tags 10.In this case, information provides unit 750 the unit 250 a plurality of product codes of reception to be provided and to export the product code that is received in order on display unit 950 from the information of contactless type communication tags 10.The request of the information reading unit 750 of responsive tags reader 20, the information of a plurality of product codes being formed information and being transferred to contactless type communication label 10 provides unit 250, perhaps provides unit 250 to be transferred to label reader 20 from information in order a plurality of product codes.Information reading unit 750 extracts a plurality of product codes and show the product code that extracts at interval in order with preset time on display unit 950 from the information that is received.Information reading unit 750 is exported the product code that is received in order on display unit.According to the result that the information reading unit is read, beep sound can be exported in voice output unit 970.Information reading unit 750 comprises that also real time clock circuit calculates the current time.When reading at every turn, information reading unit 750 sequence number of time of reading and reader is transferred to reader in case storage time and sequence number as a part that reads details.
The encryption key creation function that encryption/decryption element 710 receives from contactless type communication label 10 by wireless communication unit 500, foundation also adopts the encryption key processing of creating to encrypt and/or decipher from the encryption key of the encryption key creation function that is received and the seed that is stored in the storage unit 910.Simultaneously, encryption/decryption element 710 receives the encryption key appointed information by communicating by letter with the encryption/decryption element 210 of contactless type communication label 10, in the encryption key of a plurality of product types that are used for being stored in storage unit 910 and/or trade mark and/or product, select to read the relevant key of label with current, and adopt selected then key handling contactless type communication label 10 and the communication between the label reader 20.This communication steps will be described in detail later.The encryption/decryption element 710 of label reader 20 is corresponding with the encryption/decryption element 210 of contactless type communication label 10, and can be configured to corresponding with the foregoing description of contactless type communication label 10.Because the encryption/decryption procedures that the encryption/decryption element 710 of the embodiment by label reader 20 the is carried out step with encryption/decryption element 210 execution of embodiment by contactless type communication label 10 certainly is identical, so here no longer to its detailed description.
According to the present invention, have first embodiment of the label reader 20 of tag reading function, encryption/decryption element 710 is corresponding with the encryption/decryption element 210 of first embodiment of contactless type communication label 10.In this embodiment, storage unit 910 is only stored master key as unique-encryption key.Encryption/decryption element 710 adopts master key to information that is transferred to contactless type communication label 10 or the information encryption/deciphering that receives from contactless type communication tags 10.
According to the present invention, in second embodiment of the label reader 20 with tag reading function, encryption/decryption element 710 is corresponding with the encryption/decryption element 210 of second embodiment of contactless type communication label 10.In this embodiment, a plurality of and corresponding encryption key of index of storage unit 910 storages.It is that the encryption key of index, specify encryption keys and employing appointment is to information that is transferred to label 10 or information encryption and the deciphering that receives from label that encryption/decryption element 710 receives encryption key appointed information from label.
According to the present invention, in the 3rd embodiment of the label reader 20 with tag reading function, encryption/decryption element 710 is corresponding with the encryption/decryption element 210 of the 3rd embodiment of contactless type communication label 10.In this embodiment, shown in the summary of Fig. 4 A bottom, be that the type of business, manufacturer, trade mark and name of product are stored in encryption key table in the storage unit 910 according to each kind.The index that encryption/decryption element 710 receives from contactless type communication label 10 is contactless type communication label 10 specify encryption keys groups as a plurality of encryption key appointed information and from each corresponding table.Adopt encryption key, 710 pairs of encryption/decryption element are transferred to the information of contactless type communication label 10 or carry out a plurality of encrypt/decrypts in order from the information that contactless type communication tags 10 receives.
According to the present invention, in the 4th embodiment of the label reader 20 with tag reading function, encryption/decryption element 710 is corresponding with the encryption/decryption element 210 of the 4th embodiment of contactless type communication label 10.In this embodiment, a plurality of encryption keys are stored in the storage unit 910 with the form of table.Encryption/decryption element 710 reception hints are as the encryption key appointed information and search encryption key table and come to be contactless type communication label 10 specify encryption keys.Encryption/decryption element 710 adopts the encryption key of appointment to information that is transferred to contactless type communication label 10 or the information encryption/deciphering that receives from contactless type communication tags 10.
According to the present invention, in the 5th embodiment of label reader 20, encryption/decryption element 710 is corresponding with the encryption/decryption element 210 of the 5th embodiment of contactless type communication label 10.In this embodiment, identical with the 3rd embodiment, a plurality of black lists are stored in the storage unit 910.Encryption/decryption element 710 from contactless type communication tags 10 reception hints as the encryption key appointed information and search encryption key table and come to be contactless type communication label 10 specify encryption keys groups.Encryption/decryption element 710 adopts encryption keys to carry out a plurality of encrypt/decrypts in order to the information that is transferred to contactless type communication label 10 or from the information that contactless type communication tags 10 receives.
According to the present invention, in the 6th embodiment of label reader 20, encryption/decryption element 710 is corresponding with the encryption/decryption element 210 of the 6th embodiment of contactless type communication label 10.In this embodiment, encryption/decryption element 710 comprises encryption key creation module.With encryption key creation module must seed be stored in the data field of storage unit 910 or generation and storage program code as encryption key creation module.Encryption/decryption element 710 is created encryption key by adopting from the encryption key creation function of contactless type communication tags 10 receptions by carrying out encryption key creation module, and adopts encryption key to information that is transferred to contactless type communication label 10 or information encryption and the deciphering that receives from contactless type communication tags 10.
According to the present invention, in the 7th embodiment of label reader 20, encryption/decryption element 710 is corresponding with the encryption/decryption element 210 of the 7th embodiment of contactless type communication label 10.In this embodiment, encryption/decryption element 710 comprises encryption key creation module.With encryption key creation module must seed be stored in the data field of storage unit 910 or generation and storage program code as encryption key creation module.Encryption/decryption element 710 is created encryption key sequence by adopting the encryption key creation function that is received by carrying out encryption key creation module in order, and adopts encryption key to information that is transferred to contactless type communication label 10 or the information encryption/deciphering that receives from contactless type communication tags 10 in order.
According to the present invention, in the 8th embodiment of label reader 20, encryption/decryption element 710 is corresponding with the encryption/decryption element 210 of the 8th embodiment of contactless type communication label 10.Table shown in the lower part summary of Fig. 4 B is stored in the storage unit 910.Encryption/decryption element 710 is with reference to encryption key table, and the index that receives from contactless type communication tags 10 extracts encryption key creation function.Encryption/decryption element 710 adopts the encryption key creation function that extracts to encrypt creation module and create encryption key sequence by carrying out in order, and adopts encryption key to carry out a plurality of encrypt/decrypts in order to the information that is transferred to contactless type communication label 10 or from the information that contactless type communication tags 10 receives.
As mentioned above, according to the present invention, label reader 20 can be specified at least two product informations in the type of business, manufacturer, trade mark and the name of product and show the product information of appointment on display unit 950 according to the encryption key appointed information that is received, encryption key creation function or about the index of encryption key creation function.Can be with this appointment and display application to the three embodiment, the 5th embodiment, the 7th embodiment and the 8th embodiment.Shown in Fig. 4 A and 4B, will be stored in the storage unit 910 of label reader 20 with comprising the corresponding product information of the index that is used for each kind of corresponding encryption key.Like this, can be assigned to the small part product information according to the index that receives from contactless type communication tags 10.
According to the present invention, label reader 20 comprises that optionally information provides at least one in unit 760, leaked encryption key updating block 790, Replay Attack anti-stop element 730, reader authentication unit 770 and the refresh process unit 720.These parts can be integrated with in the control module 700.
One receives the encryption key update request information from the encryption key of the relevant leakage of contactless type communication label 10, and encryption key updating block 790 deletions of leakage are stored in the corresponding encryption key of storage unit 910 and upgrade encryption key by newly assigned encryption key is stored in the storage unit 910.Its detailed embodiment and operating in the encryption key updating block 220 about the leakage of contactless type communication label 10 describes, and no longer describes here.
The anti-stop element 730 of Replay Attack produces disposable use random digit, this random digit added to want information transmitted, and this information offered encryption/decryption element 710, from the information that is received, extract random digit as response to this information, with the random digit that checks this extraction whether with to add the initial random digit of wanting in the information transmitted to identical, thereby prevent Replay Attack.The anti-stop element 230 of Replay Attack of the anti-stop element 730 response contactless type communication labels 10 of Replay Attack is not described in detail here.
Reader authentication unit 770 is communicated by letter with external portable tag reader so that identify each other and demonstration qualification result information on display unit 950.This evaluation function can make label reader 20 and external portable tag reader check their reliability mutually.Also between wireless communication unit 500, carry out in the evaluation between two label readers.For evaluation, specify specific encryption key in advance.Adopt in a like fashion, encryption/decryption element 710 is identified operation between label reader.Preferred playback is attacked anti-stop element 730 and is got involved the hacker who prevents to adopt communication between the label reader and carry out in authentication.This operation of the anti-stop element 730 of Replay Attack will be described afterwards.
Refresh process unit 720 reads encryption key related information in the storage unit 910 that the is stored in nonvolatile memory information that new record read of laying equal stress on.The master routine of control module 700 that control has a label reader 20 of tag reading function is that for example data temporarily are stored in wherein electricallyerasable ROM (EEROM) memory devices such as (EEPROM).Simultaneously, identical for information about with encryption key, will should be stored in the flash memory by different canned datas according to label reader 20.Under the situation of flash memory, the time limit that recorded data is stored is restricted to 10 years.Therefore, when long-term employing flash memory, may lose encryption key.Therefore, as long as the reading encrypted cipher key related information comprises that the label reader 20 of refresh process unit 720 writes down the data that read again in identical address, thereby addresses this is that.
According to the present invention, in each parts of label reader 20, the modulating unit 533 of the microprocessor of control module 700, the flash memory of storage unit 910, the driving circuit that is used to drive display unit 950, the key scanning logical circuit that is used for the operating unit 930 of key scanning, wireless communication unit 500 and demodulating unit 535 and power transmitting element 531 are designed to independent ASIC.Simultaneously, the separate parts such as inductor of preferred power transmitting element 531 are got rid of outside the realization of ASIC, and above-mentioned part parts can be got rid of outside the realization of ASIC.The label reader 20 of whole card taking shape comprise an ASIC, several independent parts, battery, display unit, directly link to each other with ASIC, separate part, battery and keyboard permutation printed circuit board (PCB) thereon comprise 7 sections LED or LCD.Like this, by select compact battery and with an analog and digital circuit that ASIC is integrated, label reader can be undersized and small-sized.Simultaneously, by reducing cost, label reader can be with the low price mass selling.
In the present invention, label reader 20 is realized in cell phone.Simultaneously, one or several key of cellular keyboard is as operating unit 930, and cellular LCD is as display unit 950.Simultaneously, cellular nonvolatile memory is as storage unit 910, and cellular microprocessor is as control module 700.Like this, in this case, only, just can finish according to label reader 20 of the present invention by known cell phone being added the configuration of wireless communication unit 500.At this moment, need to install in addition the software module of the function that is used to realize control module 700.
Fig. 5 is the process flow diagram of describing according to the product information read-out procedure in the label reader 20 of the present invention.
With reference to figure 5, at first step S500, will be stored in the storage unit 910 of label reader 20 with the corresponding encryption key related information of encryption key according at least one the parameter setting in the type of business, manufacturer, trade mark and the name of product with tag reading function.In step S510, label reader 20 is according to specify encryption keys in the next encryption key related information during being stored in storage unit 910 of encryption key appointed information that receives from the contactless type communication label 10 that detects, and the encryption key of selection appointment is as the encryption key that is used for current communication.Simultaneously, label reader 20 comes specify encryption keys by adopting the encryption key of creating from the encryption key creation function of label 10.At step S520, label reader 20 will ask the information request message of product information to encrypt and be transferred to label 10.At step S530,20 pairs of product information message deciphering that comprise brand name, name of product and grade that receive from label of label reader, and as visual information demonstration product information message.Label reader 20 comes information request message is encrypted, the product information message that receives from contactless type communication tags 10 is deciphered by random digit being added to information request message, whether identical with the random digit of the product information message of checking deciphering with the original random number word that adds information request message to, thus Replay Attack handled.Simultaneously, in case label reader 20 receives encryption key that requires the deletion leakage and the encryption key update request information of upgrading with new encryption key at step S540, label reader 20 replaces distributing to the encryption key of corresponding product and selects new encryption key as the encryption key that is used for current communication at step S550 with new encryption key.
Fig. 6 is a process flow diagram of describing the communication steps between label 10 and the label reader 20.
With reference to figure 6, at step S600, the subscriber asks to check product information by the specific button of pressing label reader 20.Like this, at step S605, the existence of label reader 20-tags detected 10.This detection can be, but is not limited to, and abides by the detection method of IS014443.Label reader 20 is carried out the optionally agreement of specify encryption keys.Encryption key that will be used for communicating by letter with label reader 20 and adopt or a plurality of encryption keys that adopt specifying the back by corresponding protocol are stored in label 10.In order to specify an encryption key, at step S610, label reader 20 will ask the encryption key specified request transmission of messages of specify encryption keys to label 10.Simultaneously, label reader 20 adds random digit to encryption key specified request message and traffic encryption key specified request message.At step S615, as being the response of the index of encryption key to encryption key specified request message, label 10 transmission are to the encryption key appointed information of specify encryption keys necessity.Simultaneously, label 10 adds the random digit that receives from label reader 20 and the random digit that produces to encryption key specify message and traffic encryption key specify message then label 10.Like this, not only can protect the message of transmission but also can protect the message that is received from Replay Attack.Wherein the encryption method that is adopted be the 3-DES method and since this method be symmetric key method, encryption key is identical with decruption key.
Label 10 can be used for creating encryption key creation function that encryption key adopts as the encryption key appointed information for label reader 20 provides.Encryption key creation function is a parameter that is used in the encryption key creation function.In this case, encryption key creation function realizes as a program in the label reader 20.At step S620, label reader 20 adopts encryption key creation function to create encryption key according to being stored in the seed of creating in the storage unit 910.For example, when seed was 123456, parameter can be used for the ﹠amp according to seed; Several encryption keys that combination is created and select the index of one.On the other hand, parameter can be the index that is used for selecting an encryption key of a plurality of encryption keys, it can be derived by the data word of the seed in the designation data module unit is carried out scrambling. in addition, this parameter can be to carry out parameter relevant with the division of data block in the algorithm of scrambling in the data word that is used for the seed of designation data module unit. about the establishment of encryption key, the whole bag of tricks all is known, and the descriptions thereof are omitted at this.If a plurality of seeds are stored in the label reader 20, the encryption key creation function that is stored in the label 10 comprises the index that is used to specify seed.In this case, other parts are identical with the embodiment with single seed, and the descriptions thereof are omitted at this.By adopting above-mentioned encryption key creation function, can have the identical authenticity identification target product of the encryption key quantity with creating of different encryption keys, and after the subscriber buys label reader 20, not need to upgrade label reader 20.
The encryption key appointed information can be the index that is used to specify one of a plurality of encryption keys.In this case, will be stored in the label reader 20 with the corresponding a plurality of encryption keys of the encryption key of all labels (for example, a hundreds of encryption key).To be used to specify the index stores of one of the encryption key of label 10 and a plurality of encryption keys in label 10.Label reader 20 receives these index and can specify an encryption key that is used for current label in a plurality of encryption key.Adopt this mode, by adopting a plurality of encryption keys, can add with the authenticity identification target product of encryption key as much quantity does not need the subscriber buying label reader 20 back renewal label readers 20.
Simultaneously, if a plurality of encryption keys are stored in the label 10, the encryption key appointed information can be a plurality of index that are stored in a plurality of encryption keys of appointment in the label 10.Label reader 20 responds by selecting one at random from a plurality of index that label 10 receives.Like this, in label 10, specify encryption keys.In this case, label reader 20 for label 10 specify as master key, in a plurality of encryption keys of being stored, select with the corresponding encryption key of one of a plurality of index that receive from label 10.Like this, according to the present invention, comprise that label 10 and label reader 20 can provide higher security.
In above-mentioned three embodiment, the selection of encryption key can be used for the type of business and manufacturer and/or trade mark and/or product and carry out.Like this, identical encryption key can be used for the product of same enterprise type or the product of the same enterprise type enterprise that made by same manufacturer.Like this, if the same manufacturer of the manufacturer of similar enterprise or similar enterprise is produced new product and this new product reads by label reader 20 according to the present invention, can read product information and do not need to upgrade label reader 20.Simultaneously, when encryption key is generally used for like product, after the release of new products, more new product can be joined label reader 20.
Next, at step S625, label reader 20 will ask the product information request transmission of messages of product information to label 10.Simultaneously, label reader 20 adds the random digit and the label reader 20 new random digits that produce that receive from label 10 to product information request message, and the master encryption keys that adopts appointment then is to the product information request decrypt messages.Reception is extracted the random digit that is included in the product information request message that is received and is transmitted in advance by label 10 and checks whether the random digit that is extracted is identical with the random digit of transmitting in advance from the label 10 of the product information request message of label reader 20, thereby whether the signal that inspection is received is Replay Attack.Simultaneously, label 10 is also carried out the step of selectivity appraisement label reader 20.Adopt the evaluation of the label reader 20 of label 10 to carry out the response message of the specific code message that is transferred to label reader 20 by receiving.As mentioned above, the product information part can obtain from encryption key indices or encryption key creation function index in advance.
At step S635, label 10 extracts the Counter Value of storage unit 300 and checks the value that is extracted.Surpassed the number of times that allows if determine the read operation of carrying out, label 10 prevents from further to read.On the other hand, at step S640, if the Counter Value that is extracted less than the number of times that allows, label 10 extracts product informations and creates the product information message of response message from storage unit 300.Simultaneously, after adding the random digit that is received from label reader 20 to product information, label 10 adopts master key that product information is encrypted, thereby creates product information message.At step S645, label 10 is transferred to label reader 20 with the product information message of creating.After transmission product message, at step S650, label 10 improves the Counter Value of storage unit 300 and comprises the sequence number of the label reader 20 that reads historical information and ask to read that reads date and time in step S655 storage.At step S660, label reader 20 receives product information message from label 10, to the deciphering of the product information message that received, whether identically with the heavy random digit of the message that is included in deciphering by inspection check whether the signal that is received is Replay Attack with the random digit of original transmitted.If determining the signal that is received is not the unfaithful response by Replay Attack, label reader 20 shows product information at step S665.
Upgrading treatment step can carry out according to the encryption key of the leakage between label 10 and the label reader 20.In this case, as shown in Figure 4, if label reader 20 with encryption key specified request transmission of messages to label 10, label 1 is transferred to label reader 20 with the encryption key update request, and traffic encryption key specify message not.In case label reader 20 receives the encryption key update inquiry information, just abandon to the encryption key of respective labels existing internal distribution and by new encryption key replacement.Simultaneously, label reader 20 specifies the encryption key of new renewal as the encryption key that is used for communicating by letter with label 10.By these processes, in case new encryption key is specified as the encryption key that is used to communicate by letter, label 10 and label reader 20 are carried out S620 to S665.
According to one embodiment of present invention, Fig. 7 is a process flow diagram of describing the authentication step between label reader #1 and the label reader #2.
With reference to figure 7, with the main reader of one of two label readers appointment as authentication step.At step S700, the label reader that this appointment allows the subscriber will at first press evaluation request button is operated as master tag reader.At step S705, the adjacent existence of master tag reader investigation from label reader.In definite master tag reader with after label reader, be used between two terminals, opening the step of communication session at step S710.Master tag reader is created session identifier, the session identifier is transferred to from label reader, and the session between two label readers comprises identical session identifier, thereby keeps two communication sessions between the label reader.Like this, even under the environment of sharing the same wireless frequency, also can keep or manage specific connection status.Therefore, by at step S715 to S730 in the encryption key specified request message between the label reader with encrypt the step that the encryption key that distribution need communicate by letter is carried out in exchange between the specify message.This step be with label and label reader between the step of appointment master key identical, be not described in detail at this.
Authentication step between label reader depends on key fully.In other words, under the situation of suitable label reader, the label reader that can think fit has suitable encryption key.Like this, at step S735, in case master tag reader adopt its main encryption encryption key to the message encryption of checking and the inspection transmission of messages that will encrypt to label reader, so at step S745 from label reader to the inspection decrypt messages that received, to the inspection message encryption of deciphering and the inspection message of transmission encryption then.At this moment, can show the inspection message that receives at display unit at step S740 from label reader.After this, master tag reader checks to the decrypt messages that received and by the random number of checking the message that is received whether the message that is received is Replay Attack.If the message that is extracted is identical in the initial message of transmitting, master tag reader determines to have correct encryption key from label reader.On the other hand, if the message that extracts is different with the message of original transmission, it is false label reader that master tag reader is determined from label reader.Show about definite result in step S750 master tag reader from label reader.Yet the present invention is not limited to these embodiment, can respond by information processing from label reader, and for example, after to the decrypts information that is received, be that unit is transformed to the information that is received with byte or word according to the rule of agreement in advance.
The present invention can realize as computer-readable code on computer readable recording medium storing program for performing.Computer readable recording medium storing program for performing comprises the various pen recorders of number, and the data storage of getting by computer system-readable thereon.This computer readable recording medium storing program for performing is ROM, RAM, CD-ROM, tape, floppy disk and light data storage and carrier wave (for example, passing through Internet transmission).Computer readable recording medium storing program for performing can be distributed in the computer system that is connected to network, and stores and operation with the formation of computer-readable code.
The present invention has carried out concrete signal and description with reference to specific embodiment, is appreciated that the various forms that those skilled in the art are done on this basis and the variation of details do not depart from the defined the spirit and scope of the present invention of following claim.