KR100512064B1 - contactless type communication tag and portable tag reader for verifying a genuine article - Google Patents

Abstract

The present invention relates to a contactless communication tag and a portable tag reader therefor, which is attached to various branded goods to enable the determination of the authenticity of the product.

The tag reader according to the present invention specifies an encryption key corresponding to the encryption key stored in the tag among the plurality of encryption keys held based on the signal received from the tag. The tag reader receives the encrypted product information from the tag, decrypts it with this encryption key and expresses the result in plain text on the display.

In addition, the non-contact communication tag according to the present invention stores the number of times the product information is read by the reader in the nonvolatile memory, and if the number of readings when the read request is more than a predetermined reference value to block further reading of the product information. This prevents legitimate tags from being illegally reused after product use.

Furthermore, random messages are generated and included for each message exchanged to prevent retransmission attacks on the tag-reading communication process. In addition, the durable material is characterized in that the data is refreshed at every reading in order to prevent the data recorded in the nonvolatile memory from being lost in the long-term storage process.

Description

Contactless type communication tag and portable tag reader for verifying a genuine article}

BACKGROUND OF THE INVENTION 1. Field of the Invention [0001] The present invention relates to wireless communication devices, and more particularly, to a tag reader attached to various branded products to provide information of a corresponding product, and a tag reader for determining authenticity by reading and displaying information of the tag.

As disclosed in Japanese Patent Application Laid-Open No. 14-215749 or 14-209692, a tag (hereinafter referred to as a "tag") in which product information is recorded electronically and communicates in a non-contact manner, and a portable type for reading this information Techniques are known for using tag readers to verify product information and assist in purchasing or managing goods. However, this technology does not have the purpose of verifying the authenticity of the product, so the process of recording or reading the information is very weak, so that the information can be forged or manipulated.

In another prior art, Korean Patent Laid-Open Publication No. 2002-0085144, Japanese Patent Laid-Open Publication No. Hei 13-354310, Japanese Patent Laid-Open Publication No. Hei 13-341810 and the like read product information recorded electronically in a contactless communication tag, and the Internet. Disclosed is a "network type" authenticity verification system for inquiring the authenticity of the product by querying the product management database through a communication network such as.

However, in order to use such a networked system, in the case of a wired line, a reader has to be manufactured in the form of a desktop, and therefore, it is inconvenient to visit a specific place for authenticity verification. In addition, even in the case of wireless, as the size increases, it is difficult to carry and expensive, and there is an additional problem that a wireless communication network fee is required to be used. In addition, if the desktop form can be viewed only in a specific place, there is a problem that is difficult to check in advance before purchasing the goods.

In another prior art, Japanese Patent Laid-Open Publication No. Hei 12-348148 and Japanese Patent Laid-Open Publication No. Hei 12-148950 disclose that a tag reader reads product information electronically recorded on a contactless communication tag, and reads the readout information in advance. A technique for determining the authenticity of a product is disclosed by comparing the stored reference data (product number, manufacturing date, product production brand name, management history information, product description, etc.).

However, this off-line authentication device solves the problems of the network type system described above, but since the product information for each product must be stored in the tag reader in advance, the memory capacity increases and the reader determines whether the reader is genuine or not. Since the results are presented only, the user cannot confirm the information of the authentication process directly and thus there is a problem that the reliability is not sure. That is, the device considers only the position of the product seller and does not sufficiently satisfy the demand of the product buyer. Furthermore, the device suffers from a fatal problem that it is not possible to verify the authenticity of the new product or additionally subscribed products that are released after the reader is purchased or to update the product information for all the readers shipped. .

These prior arts also have no countermeasures when the tag itself is removed from the product and attached to the counterfeit.

Other prior arts that solve the problem of reuse of such tags include Korean Laid-Open Patent Publication No. 2001-0089216, Korean Registered Utility Model Publication No. 252202, and Japanese Laid-Open Patent Publication No. 12-251164. This technology is a genuine device that contains product information and includes a contactless communication tag and a tag reader attached to the product. When the tag is removed from the product, it removes parts such as antennas and prevents the tag itself from being recycled. That's the way. However, such a technique has a problem that the application target is limited to a special product such as a bottled product, and precautions may be possible to prevent physical destruction of the tag. In addition, since the tag itself is destroyed, even the manufacturer still has a problem that it is impossible to read the tag reading history information and use it for customer-oriented marketing.

The present invention aims to solve such a problem, and an object of the present invention is to provide a genuine verification device capable of maximizing the confidence of purchasing genuine products from a buyer's point of view.

 Furthermore, another object of the present invention is to provide an authenticity checking device capable of verifying authenticity of new products added after purchase of a reader without requiring connection to a network or upgrading a reader.

In addition, the present invention is a tag reader with a constant and long-term authenticity, such as precious metals, art, as well as products that require authenticity at the time of purchase, such as clothing, footwear, leather products, liquor, agricultural and livestock products, pharmaceuticals, electronics, machinery products, etc. Another object is to provide a genuine identification device that is generally applicable to a wide range of goods, including appraisal certificates, admission tickets, various certificates and facility use rights, gold rights, securities, and important documents. .

In addition, another object of the present invention is to provide an authenticity identification device capable of preventing reuse or theft of a genuine tag on a counterfeit without physically destroying the tag.

Furthermore, the present invention provides a tag reader that can be conveniently carried by anyone with a size of a credit card, so that it is difficult for a seller to present a counterfeit because any buyer may have a reader and when and where from a buyer's point of view. Another object is to make it easy to check whether or not genuine.

An authenticity checking device according to an aspect of the present invention for achieving the above object is composed of a contactless communication tag attached to a product, and a tag reader for reading product information electronically recorded on the tag.

According to a characteristic aspect of the invention, the tag electronically stores product information in digital form. The product information here may be stored in plain text, such as a text file, or may be encoded and stored in one or more codes that can later be interpreted from a table stored in the reader. The tag extracts the stored product information according to the request from the tag reader, encrypts it, and outputs it as a wireless signal.

The tag reader includes an encryption key for decrypting the encrypted product information output by the tag, and a display unit for displaying the read product information as visible information. In the case of legitimately tagged products, the appropriate product information is displayed, but in the case of non-ready products, unreadable information or a counterfeit warning message is displayed.

That is, the authenticity authentication device according to the present invention does not query the separate authentication information to the server or use a complicated authentication code, but instead reads the product information stored in the tag and displays it on the display unit in a form that can be understood by the general public. Restrict the use of counterfeit tags using restricted cryptographic keys. In other words, while the conventional authenticity checking devices use verification such as a special authentication code, the present invention adopts encryption / decryption itself as authenticity verification technology.

Accordingly, the authenticity authentication technology according to the present invention can maximize the trust because the buyer can directly check the product information on the screen of the portable terminal while blocking the fake tag by the encryption technology.

Furthermore, since the authenticity authentication device according to the present invention can identify products by product information expressed in sentences on the display unit, it is possible to use the same encryption key for different products, and thus regardless of the number of encryption keys stored in the reader. It has the advantage of being applicable to many products. Furthermore, it has a dramatically beneficial effect of authenticating authenticity by applying the same encryption key to products added after the reader is sold. Therefore, even in a state where a limited number of encryption keys are stored in the reader, it is possible to add a new product to the activation target and read the product information of the product.

Although it is possible to apply a single encryption key to all products, in this case, the problem is that the damage is increased when the key is leaked. According to another aspect of the present invention, the tag stores a single encryption key determined according to the criteria of industry, manufacturer, brand, product name, etc., but the tag reader has a plurality of encryption keys to read all kinds of tags. The keys are stored. As a result, even if the encryption key of some industries, manufacturers, brands or products is leaked, the rest can be secured. Furthermore, if an extra encryption key is obtained and stored in a tag reader in advance, even if some encryption keys are leaked, a new encryption key can be allocated and the reader can be upgraded to prevent the use of a fake tag for additional products.

According to another aspect of the present invention, a tag stores at least two encryption keys which are allocated according to at least two criteria of an industry, a manufacturer, a brand, and a product name, and product information is sequentially used by the plurality of encryption keys. And encrypted. Accordingly, even if some of the encryption keys are leaked, there is an advantage that the risk is limited to the corresponding sector, the manufacturer, the brand, or the product range.

According to another aspect of the invention, the reader incorporates an algorithm that can generate numerous cryptographic keys using one or more seed values stored therein, and the tag has one cryptographic key required for it. And cryptographic key generation information needed to create it.

Accordingly, the tag reader according to the present invention can secure a large number of encryption keys even with a limited memory, and even after acquiring the reader, it is possible to assign new encryption keys to a number of companies, brands, or products and add them to genuine certification targets. Do.

 Furthermore, even if the encryption key of some companies, brands, or products is leaked, the encryption key may be different for other companies, brands, or products, and if the encryption key is leaked, a new encryption key is assigned and the reader is upgraded. By doing so, it is possible to secure more room to prevent the use of counterfeit readers and tags for additional products.

According to another aspect of the present invention, the genuine authentication device according to the present invention is devised to minimize the damage when the encryption key is leaked. When one or more encryption keys stored in a tag attached to a specific article are leaked, the manufacturer assigns and stores a different encryption key to a newly manufactured tag. This cryptographic key is one of a number of cryptographic keys already stored in a previously distributed reader. According to a characteristic aspect of the present invention, the tag is added with a control logic that causes the reader to discard the previously assigned encryption key and replace it with the newly assigned encryption key for the leaked encryption key. After the encryption key is leaked, the tag reader's encryption key assignment information is automatically upgraded when the tag reader reads the product information for the newly produced tagged product. After that, the upgraded reader can determine that the counterfeit tag is a counterfeit that operates on the existing encryption key.

 According to another aspect of the present invention, a tag stores a number of times read by a reader, and blocks reading after a predetermined number of times. According to this aspect of the invention it is possible to prevent the genuine tag is attached to the counterfeit and reused without physically destroying the tag. According to the auxiliary aspect, even if the reading is more than the designated number of readable times, the reader having the factory-specific encryption key can read the product information as well as the stored history information at every reading.

According to another aspect of the present invention, a tag-reader communication is applied with a random number based retransmission attack blocking algorithm in addition to encryption. The retransmission attack blocking algorithm is a technique for preventing the necessary authentication processing such as login, etc., by hacking and retransmitting the encrypted sentence itself in the communication process. According to this, a random number is generated in every information exchange session, encrypted with plain text, sent, and random number is extracted from the information received in response to check for identity to prevent illegal retransmission attacks. Since the present invention adopts such a technology, attempts to store a signal pattern by intercepting a communication process, and then attempt to retransmit an attack or duplicate an illegal tag are blocked, thereby further increasing the authenticity of authenticity.

According to a further aspect of the present invention, the tag reader is designed to be as thin as a thin battery in a credit card size. Accordingly, it is possible for a buyer to carry the reader and check the authenticity of various kinds of products at any time and any place, so that the seller is blocked from the temptation to sell counterfeit goods without knowing which buyer is authentic. However, the present invention is not limited thereto, and the present invention can be implemented by adding some hardware and software to various portable devices such as a PDA, a calculator, a multi-function clock, a mobile phone, an MP3, and an electronic notebook.

According to another aspect of the present invention, the tag according to the present invention uses a nonvolatile memory as a storage device and refreshes the memory every read operation, thereby extending the information storage period, which is difficult to exceed ten years, for example. It can be applied to durable goods such as antiques, works of art, appraisals, and fine clothing.

In addition, the tag according to the characteristic aspect of the present invention is controlled by dedicated hardware designed with digital logic, rather than a microprocessor controlled by a program stored in the memory. Accordingly, it is possible to solve the problem that the program is lost and cannot be operated in 10 years since it is normally stored, so that the controller can be operated permanently.

According to a further aspect of the present invention, mutual authentication is also performed during the tag reading period so that the mutual reliability of the tag readers can be confirmed. Accordingly, it is also possible to prevent the use of a dummy portable reader that operates on the dummy contactless communication tag.

This, a further additional aspect of the present invention will become more apparent through the preferred embodiments described below with reference to the accompanying drawings. Hereinafter, the present invention will be described in detail to enable those skilled in the art to easily understand and reproduce the present invention.

1 is a view for schematically explaining the operation of the present invention. As shown, the present invention is a variety of clothing, footwear, leather products, alcoholic beverages, agricultural and livestock products, pharmaceuticals, electronic products, machinery products, precious metals, art, appraisal, admission tickets, various certificates and facility use rights, gold rights, securities, important documents, etc. Contactless communication tags 10-1, 10-2, and 10-3 attached to the product and tag readers 20-1, 20-2, and 20-3 for reading and displaying information of the tag.

In a preferred embodiment, the contactless communication tag is a rectangular and thin passive tag each having a width and length of about 10-18 mm. The tag reader 20-1, which is illustrated as an example, has a thickness of about two to three credit cards combined with an area of about a credit card according to a characteristic aspect of the present invention, so that an individual can carry it in a wallet, It is driven by and has a display on the front. The tag reader 20-2 presented as a representative embodiment is implemented in the form of a calculator, and adds a simple calculator function to the tag reader 20-1. Exemplary tag reader 20-3 is a tag reader implemented in a mobile phone. However, the tag reader according to the present invention is not limited to this type, and may be implemented by adding hardware and software to various portable devices such as a PDA, a multi-function clock, and an MP3 player.

Individuals with readers can check product information on the display by bringing their readers closer to the product for any kind of product with the above-mentioned contactless communication tag, and at the same time determine the authenticity of the brand or distinguish counterfeit products. You can do it.

2 illustrates a configuration of a contactless communication tag according to an exemplary embodiment of the present invention.

As shown, the contactless communication tag 10 according to an exemplary embodiment of the present invention exchanges data wirelessly with a portable tag reader, and extracts a power component from a signal wirelessly received from the portable tag reader to power the entire system. The contactless communication means 100 for supplying, the storage unit 300 storing product information and encryption key information, and the product information stored in the storage unit 300 are encrypted with an encryption key to the outside through the contactless communication means 100. It includes a control unit 200 for outputting.

In a preferred embodiment, the contactless communication means 100 is an antenna 110, a power supply unit 131 for supplying power by processing a power radio signal of the signals received through the antenna 110, and the received signal A demodulator 133 for demodulating a signal and a modulator 135 for modulating a signal to be transmitted. The antenna 110 is formed along the outer circumference of the tag in a printed pattern or coil, and the configuration of the modulator 135 and the demodulator 133 is well known in the art, and thus a detailed description thereof will be omitted. The tag 10 according to the present invention should be manufactured in a passive type because it should be made compact and thin, and thus the power supply unit 131 extracts a power component from a received wireless signal and supplies it to the power of the entire system. do. Operation and configuration of the power supply unit 131 is well known, so detailed description thereof will be omitted.

The storage unit 300 is configured of, for example, a nonvolatile semiconductor memory such as an EEPROM or a flash ROM, so that data is preserved even when power is lost. The storage unit 300 may be configured as two memories, physically read only and write / read, but in a preferred embodiment, the storage unit 300 is composed of a single nonvolatile memory capable of writing / reading.

In a preferred embodiment, the data stored in the storage unit 300 is tagged with the product information 370, for example, the type of business, manufacturer, brand, product name, grade, model name, production location, manufacturing date, shipping date, serial number, etc. The same information is stored. In addition, the storage unit 300 stores an encryption key 330 necessary for encrypting the communication between the tag 10 and the reader 20. In addition, the storage unit 300 may store the encryption key specifying information 310 required to specify the encryption key in the tag reader side. According to one aspect of the present invention, the storage unit 300 has a counter area for storing the number of times the product information of the tag is read by the reader, and stores read history information such as a read reader or a read date and time.

In a preferred embodiment of the communication tag according to the present invention, the control unit 200 for controlling the entire system is an ASIC circuit designed exclusively for digital logic designed as a state machine, for example, flip-flop and gate. Is implemented. Since such a circuit can be easily implemented by those skilled in the art supported by various commercially available CAD tools, a detailed description thereof will be omitted. Accordingly, the present invention does not use a separate stored main program, thereby avoiding a problem due to the storage age on the nonvolatile memory. However, even in this case, product information or encryption key related information, which may vary from tag to tag, is stored as data in nonvolatile memory. In this regard, a separate countermeasure described below is provided according to a characteristic aspect of the present invention.

However, the present invention is not limited thereto, and in another embodiment, the control unit 200 may be implemented as a microprocessor, and the characteristic functions of the present invention may be achieved by software control. In this case, the main program may be additionally stored in the storage 300. In another embodiment, the storage unit 300 may be physically configured with two memories, and a part including the main program may be stored in a separate memory.

According to a characteristic aspect of the present invention, the control unit 200 decrypts a signal received through the contactless communication means, encrypts and outputs a signal to be transmitted to the contactless communication means 210 and the storage unit It includes an information providing unit 250 for reading the product information stored in the supply and supply it to the encryption / decryption unit, and may further include a retransmission attack blocking unit 230, post-management processing unit 270.

The information providing unit 250 reads the product information stored in the storage unit 300 according to a command from the reader 20 and outputs it through the contactless communication means 100. According to one of the characteristic aspects of the present invention, the information provider 250 increases the counter value of the storage unit 300 at every reading, and checks the stored counter value before reading the product information so that the counter value is equal to or greater than a predetermined value. In this case, it outputs a message indicating that the tag does not respond to the read command of the reader 20 or that it is an inappropriate tag whose reading count is exceeded instead of the product information. In this case, however, internally, the counter value is continuously increased and recorded. This data can then be verified with a specific terminal of the marketing team.

This treatment effectively removes the same tag from the original and attaches it to the counterfeit or separates the waste tag from the consumed genuine and attaches it to the counterfeit and reuses it effectively. In the prior art, a physical blocking method such as a pattern printed antenna is destroyed when a tag is attached to a product with a strong adhesive or the like is detached, but this makes access to the tag information aftercare or use impossible. . In addition, this prior art can be a rather unfavorable response to attempts to carefully detach the tag, and also has difficulty in its implementation in actual production processes. According to the present invention, by storing a counter value in an externally inaccessible area and checking it, reuse can be effectively prevented without adding any cost compared to physical measures.

On the other hand, for example, as the product is read several times by the tag reader in the state displayed on the display stand, it may be impossible to read when the authenticity is necessary later. In order to solve such a problem, it is desirable to have a shielding film on the tag exposed surface at the time of shipment. The shielding film may be in the form of blocking the wireless communication by wrapping the outer surface of the tag with, for example, aluminum foil. This shield is separated from the tag when authenticity is needed.

The read limit reference value of the counter can be adjusted from product to product. For example, in the case of foods such as liquor and agricultural and livestock products, it is recommended to limit the counter reference value to 3 to 5 times by using about 1 to 4 times at the time of shipment and 2 to 4 times when using. In the case of clothing, there may be several authentic certifications at the time of sale and after purchase, so it is better to do it several dozen times. Such values may be appropriately determined depending on the nature of the product or the number of steps in the distribution channel.

However, the present invention is not limited to the embodiment that checks the counter to limit the reading, and includes many other aspects that may be applied even when there is no limit on the number of readings, such as masterpieces, antiques, and document types. In this case, the information providing unit 250 reads the product information stored in the storage unit 300 according to a command from the reader 20 and outputs it through the contactless communication means 100. The counter value of the storage unit 300 is increased every read, but the information is not limited according to the counter value.

The encryption / decryption unit 210 encrypts the information transmitted through the contactless communication means 100 and decrypts the information received therefrom. In one preferred embodiment, the encryption algorithm uses, but is not limited to, 3-DES. The 3-DES algorithm is a triple application of the DES scheme. There are various forms, and in the present embodiment, a 3-DES cascaded scheme using three keys sequentially is applied. Since these methods are all symmetric key methods, the same encryption key is used for encryption and decryption.

In the known art, authenticity authentication determines whether the code corresponds to the authenticity by storing the authentication code unique to the tag and reading the value in the reader. On the other hand, the present invention relies on the judgment of the person confirming the information displayed on the display unit for authenticity and the encryption / decryption process that must be passed in order for the product information to be displayed correctly.

In the simplest possible embodiment of the encryption / decryption unit 210 according to the present invention, the storage unit 300 of the tag stores only the master key 330 as only one encryption key, and this master key is any kind. It's the only key that's common to all our products. For the sake of understanding, the tag reader corresponding to this embodiment holds only this one key, but product information can be read for all kinds of products. The encryption / decryption unit 210 encrypts the information transmitted by the information provider 250 to the outside using this encryption key, and decrypts the encrypted message received from the outside and provides the information to the information provider 250.

Since the products can be identified by the displayed product information even in the simplest embodiment of the present invention, it is possible to provide an authenticity judgment for a large number of products. Furthermore, if a new tag is available that can be applied to a new product, it is possible to read the information of the tag without upgrading the existing reader.

In the second embodiment of the encryption / decryption unit 210 according to the present invention, the storage unit 300 of the tag includes only the master key 330 as one encryption key and the encryption key specific information for the master key ( 310 is stored. Companies using tags prepare a plurality of encryption keys and assign different encryption keys, for example, by industry and / or manufacturer and / or by brand and / or product. For example, a major brand may decide to use a different encryption key for each kind of product that uses the same brand. For companies producing only a small quantity, only one cryptographic key can be specified for that manufacturer.

The reader 20 is provided with all the encryption keys necessary to read the tag of the target product. When the encryption / decryption unit 210 receives the product information from the reader, the encryption / decryption unit 210 transmits the encryption key specifying information 310 to the reader so that the reader selects the same encryption key as the encryption key 330 stored therein. The encryption key specific information 310 may be, for example, an index given to a plurality of encryption keys. Afterwards, the encryption / decryption unit 210 encrypts the information transmitted by the information provider 250 to the outside using this encryption key, and decrypts the encrypted message received from the outside and provides the information to the information provider 250. .

In the second embodiment, even if some cryptographic keys are leaked, the damage range is limited to the industry or the manufacturer or the brand or the product. In addition, as in the first embodiment, it is possible to additionally incorporate many new tags having the same encryption key but storing new product information without upgrading the existing distributed reader. Further, in the second embodiment, if a sufficient number of encryption keys are secured to the tag reader, it is possible to incorporate a new product in a higher security state by allocating an additional encryption key. That is, when the new tag 10 is manufactured, by storing one of the encryption keys reserved for the spare and the corresponding index, the reader receives the index and converts one of the encryption keys secured for the tag into the encryption key for the tag. It is possible to specify.

In a third embodiment of the encryption / decryption unit 210 according to the present invention, the storage unit 300 of the tag includes at least two encryption keys which are separately allocated according to at least two criteria of an industry type, a manufacturer, a brand, and a product name. 330 and encryption key specific information 310 corresponding to each of them are stored.

6A illustrates an example of an encryption key 410 and encryption key specific information 420 according to this embodiment. Here, the encryption key 410 stored in the tag is composed of three encryption keys (411, 413, 415), each encryption key is determined by industry, manufacturer, brand. The encryption key specific information 420 is index values corresponding to encryption keys, respectively. The reader 20 stores all encryption keys 433, 453, and 473 and indexes 431, 451, and 471 as encryption key specific information corresponding to each of them. The cipher keys of the reader are divided into three groups, and each group is an encryption key assignment table for each industry, manufacturer, and brand. For example, the plurality of encryption keys 411, 413, and 415 may be three encryption keys used for each step in the 3-DES algorithm.

When the encryption / decryption unit 210 of the tag 10 receives a request for product information from the reader 20, the encryption / decryption unit 210 transmits an index as the encryption key specifying information 310, that is, the values of 02, 01, and 04 to the reader. The reader looks up the corresponding encryption key tables from these index values and selects the same encryption key set as the encryption key 410 stored by the tag, here 1324, abcd, 2345 as encryption keys for reading the current tag. Subsequently, the encryption / decryption unit 210 of the tag 10 encrypts and decrypts information transmitted and received with the reader 20 using the plurality of encryption keys sequentially.

If an encryption key is specified in accordance with an advantageous aspect of the present invention, the reader may know which particular industry, manufacturer, brand, or product name the encryption key belongs to. That is, in FIG. 6A, the reader knows that the currently tagged product belongs to the 'accessories' industry from the received encryption key indexes 421, 423, and 425, and that the manufacturer is 'Sana Industrial Co.' and the brand name is 'Gapachi'. Can be. Therefore, in the modified embodiment of the third embodiment, the product information 370 and the encryption key specific information 310 information of the storage unit 300 may actually overlap in part. That is, the indexes 421, 423, 425 itself may be part of the product information.

The third embodiment has all the advantages of the first and second embodiments, and further, by using a plurality of encryption keys sequentially, it is possible to further increase the security level and to secure a sufficient margin of incorporation of new products.

In a fourth embodiment of the encryption / decryption unit 210 according to the present invention, a plurality of encryption keys 330 and encryption key specific information 310 are stored in a tag, and the reader 20 stores all target products. The necessary encryption keys are provided to read the product information. In this embodiment, when the tag receives a read request from the tag reader, the tag selects one of a plurality of encryption keys and transmits encryption key specific information corresponding to the selected encryption key to the tag reader to match the encryption keys with each other. The encryption key selection of the tag is performed by, for example, a rotary method or a random number method. The tag then encrypts / decrypts information exchanged with the tag reader by the selected encryption key.

The fourth embodiment has all the advantages of the first and second embodiments, and furthermore, since the tag itself responds by changing the encryption key every time it is read, it is possible to further increase the countermeasure against the dummy reader.

In the fifth embodiment of the encryption / decryption unit 210 according to the present invention, a plurality of encryption key sets 330 and encryption key specific information sets 310 are stored in a tag, and the reader 20 stores all of them. Encryption keys necessary for reading product information of the target product are provided. Each of the encryption key sets on the tag side includes at least two encryption keys allocated according to at least two criteria of an industry, a manufacturer, a brand, and a product name. For example, these plurality of encryption keys may be three encryption keys used for each step in the 3-DES algorithm. That is, in the fifth embodiment, a plurality of sets of encryption keys 411, 413, and 415 illustrated in FIG. 6A are stored in the tag, and a plurality of sets of encryption key specific information 421, 423, and 425 are also stored in the tag.

The encryption / decryption unit 210 communicates with the reader to specify each encryption key held by the reader, and then sequentially encrypts and decrypts the plurality of encryption keys. The encryption key selection of the tag is performed by, for example, a rotary method or a random number method. The tag then sequentially encrypts / decrypts the information exchanged with the tag reader by the selected cryptographic key set.

Similarly to the third embodiment, in the fifth embodiment, if the encryption key is specified, the reader can know which specific industry, manufacturer, brand, or product name the encryption key belongs to. Therefore, in the modified embodiment of the fifth embodiment, the product information 370 and the encryption key specific information 310 of the storage unit 300 may actually be overlapped in part.

The fifth embodiment has all the advantages of the first to fourth embodiments.

In the sixth embodiment of the encryption / decryption unit 210 according to the present invention, the tag 10 stores one encryption key and encryption key generation information necessary for generating at the reader side the same encryption key that the tag has. do.

Companies using tags prepare a plurality of encryption keys and assign different encryption keys, for example, by industry and / or manufacturer and / or by brand and / or product. The reader 20 is provided with an encryption key generation module capable of generating all encryption keys required to read a tag of the target product. The encryption key generation module generates an encryption key from one or more seed values and encryption key generation information received from the tag.

The number of cryptographic keys that can be generated from a single seed in the reader can be numerous, depending on the parameter values of the function. Even with a limited number of seed values stored in the reader, you can specify different encryption keys for a myriad of brands without upgrading the reader. Therefore, the genuine device according to the present invention can incorporate a number of new industries, manufacturers, brands or products into the product to be certified without upgrading the reader even after the reader is distributed. This is made possible by assigning a new encryption key to the product and attaching a tag to the product that stores the generated information for generating this encryption key. Furthermore, in the genuine product certification apparatus according to the present invention, since the product information is expressed in sentences on the display unit, it is possible to activate the product for a plurality of types even with the same encryption key.

 The encryption key generation module may generate, for example, a value obtained by multiplying a seed value by an integer value as the received encryption key generation information as the encryption key. However, the present invention is not limited thereto, and the encryption key generation information should be interpreted to encompass information that can be generated by specifying the encryption key in the reader. For example, the encryption key generation information may be a series of code strings consisting of a manufacturer code, a brand code, and a product code, or text information including a manufacturer name, a brand name, a product name, and the like. The cryptographic key generation algorithm also encompasses a number of functions and operations that can generate cryptographic keys from seed values and one or more parameters. Therefore, by properly selecting the generation algorithm of the encryption key generation module, it is possible to secure a large number of encryption keys even if only one seed value is stored in the reader.

In the sixth embodiment, when the encryption / decryption unit 210 of the tag 10 receives the product information from the reader 20, the encryption / decryption unit 210 transmits the encryption key generation information as the encryption key specifying information 310 to the reader. To generate the same encryption key as the encryption key 330 is stored. Afterwards, the encryption / decryption unit 210 encrypts the information transmitted by the information provider 250 to the outside using this encryption key, and decrypts the encrypted message received from the outside and provides the information to the information provider 250. .

In this embodiment, it is possible to minimize the damage range even if some encryption keys are leaked by allocating enough encryption keys for each industry type, manufacturer, brand or product by securing more sufficient encryption keys. In addition, as in the first embodiment, it is possible to additionally incorporate many new tags having the same encryption key but storing new product information without upgrading the existing distributed reader. Furthermore, in this embodiment, if a new encryption key and encryption key generation information for generating the encryption key are stored in the tag when a new product is to be incorporated, the reader stores the stored seed value and encryption key specific information received from the tag. Can generate the same encryption key that the tag has. As a result, it is possible to incorporate more new products into genuine certification while maintaining a higher level of security.

In the seventh embodiment of the encryption / decryption unit 210 according to the present invention, the storage unit 300 of the tag includes at least two encryption keys which are separately allocated according to at least two criteria of a business type, a manufacturer, a brand, and a product name. The encryption key generation information is stored as 330 and the encryption key specific information 310 corresponding to each of them. In the present embodiment, the encryption / decryption unit 210 encrypts the message by using the stored encryption keys sequentially. The reader receives the cryptographic key generation information from the tag and generates the same set of cryptographic keys stored by the tag through a particular function or operation based on this value and the internal seed value.

The seventh embodiment has an advantage that the degree of security can be further increased by multiple encryption using a plurality of encryption keys, compared to the sixth embodiment.

In an eighth embodiment of the encryption / decryption unit 210 according to the present invention, the storage unit 300 of the tag includes at least two encryption keys which are separately allocated according to at least two criteria of a business type, a manufacturer, a brand, and a product name. 330, encryption key generation information corresponding to each of them, and indexes are stored as identification information for specifying the encryption key generation information. In the present embodiment, the encryption / decryption unit 210 encrypts the message by using the stored encryption keys sequentially. The reader receives the index of the encryption key generation information from the tag and generates the same set of encryption keys stored by the tag through a specific function or operation based on this value and the internal seed value.

6B illustrates an example of an encryption key 410, encryption key generation information 420, and an index thereof according to this embodiment. Components corresponding to or identical to those in FIG. 6A are denoted by the same reference numerals. Here, the encryption key 410 stored in the tag is composed of three encryption keys 411, 413, 415, each encryption key is determined by industry, manufacturer, brand. For example, the plurality of encryption keys 411, 413, and 415 may be three encryption keys used for each step in the 3-DES algorithm. The parameter values 491, 493, and 495 may be stored in the storage unit 300 as encryption key generation information 490 capable of generating these encryption keys 411, 413, and 415, but are not required. The index values 420 for specifying the encryption key generation information 490 are stored in the storage unit 300 of the tag 10 and transmitted to the reader 20 when the reader 20 requests the encryption key specification. .

In FIG. 6B, the encryption key generation information for generating the encryption key '1324' 411 is '133' 491, and the index for identifying the encryption key generation information is '02' 421. Similarly, the encryption key 'abcd' (413), the encryption key generation information '256' (493), and the index '01' (423) correspond to each other, and the encryption key '2345' (415) and the encryption key generation information '267' ( 495), and the index '04' 425 corresponds. The cipher keys of the reader are divided into three groups, and each group is an encryption key assignment table for each industry, manufacturer, and brand.

When the encryption / decryption unit 210 of the tag 10 receives the product information from the reader 20, the encryption / decryption unit 210 receives the index information as the encryption key specific information 310, that is, the values of '02', '01', and '04'. Send to the reader. The reader looks up the corresponding encryption key tables from these index values and generates an encryption key set identical to the encryption key 410 stored in the tag, that is, an encryption key capable of generating '1324', 'abcd' and '2345'. The generated information, that is, '133', '256', and '267' is extracted from the encryption key generation information fields 433, 453, and 473 of each table. The reader executes a predetermined encryption key generation algorithm based on the encryption key generation information and the seed value to generate corresponding encryption keys to select as encryption keys for reading the current tag. Subsequently, the encryption / decryption unit 210 of the tag 10 encrypts and decrypts information transmitted and received with the reader 20 using the plurality of encryption keys sequentially.

If an encryption key is specified in accordance with an advantageous aspect of the present invention, the reader may know which particular industry, manufacturer, brand, or product name the encryption key belongs to. That is, in FIG. 6B, the reader knows that the currently tagged product belongs to the 'accessories' sector from the received encryption key indexes 421, 423, and 425, and that the manufacturer is 'Sana Industrial Co.' and the brand name is 'Gapachi'. Can be. Therefore, in the modified embodiment of the eighth embodiment, the product information 370 and the encryption key specific information 310 of the storage unit 300 may actually be overlapped in part. That is, the indexes 421, 423, 425 itself may be part of the product information.

The eighth embodiment has all the advantages of the sixth and seventh embodiments, and furthermore, since the index is transmitted, the security is higher, and the reader can be easily updated as described below.

Through this process, the reader 20 requests the product information stored in the tag 10 by specifying the corresponding encryption key, receives the response, and displays the response on the display unit. If the product is tagged with a legitimate tag, the encryption / decryption process between the reader and the tag will be successful, and the product information is properly displayed on the display unit. If it is a counterfeit or a tamper, the encryption / decryption process will fail and the display will display a meaningless information or counterfeit warning that cannot be read. This allows the customer to check whether the product is genuine.

According to a further advantageous aspect of the present invention, the control unit 200 of the tag 10 may include a leak encryption key updating unit 220. The leak encryption key updating unit 220 is a module mounted on the tag 10 side to neutralize the dummy tag when one or more of the contracted encryption keys are leaked. This module is mounted on newly produced tags after the encryption key is leaked. The leaked encryption key updating unit 220 instructs readers attempting to read the mounted tag to discard the corresponding encryption key and use the new encryption key specified by the reader.

In the embodiment of the leaked encryption key update unit 220 corresponding to the first embodiment of the encryption / decryption unit 210, the only master key itself that should be newly used is delivered to the tag reader. The reader deletes the stored master key and records the received master key as a new encryption key. By properly defining the key upgrade protocol between the tag and the reader, the risk of hacking the master key can be reduced.

In the embodiment of the leak encryption key update unit 220 corresponding to the second embodiment of the encryption / decryption unit 210, it is to be mounted on a tag of the same industry, manufacturer, brand or product as the leaked encryption key and newly used. The encryption key to be sent is passed to the tag reader. The reader discards the previously assigned encryption key in the index corresponding to the tag and stores the newly received encryption key as the encryption key of the industry, manufacturer, brand, or product.

In the embodiment of the leaked encryption key updater 220 corresponding to the third embodiment of the encryption / decryption unit 210, the leaked encryption key is mounted on a tag belonging to the same category of industry, manufacturer, brand, product, and the like as the leaked encryption key. The new cryptographic keys, which must be accepted, are sent to the tag reader. The reader updates the encryption key corresponding to the index assigned to the tag in each category table with the newly received encryption key. For example, in the tag illustrated in FIG. 6A, '04' is designated as a brand index. Currently, '2345' is assigned as a corresponding encryption key. However, the leaked encryption key updating unit 220 may use the tag as an example. It can be instructed to update to '5678'. This may be done by sending an encryption key directly. However, if a sufficient number of unallocated spare encryption keys are secured, it may be possible to indicate one of the indexes of the spare encryption keys. For example, if the existing index corresponding to '5678' is '15', the leak encryption key updating unit 220 of the tag transmits a value of '15' instead of transmitting a new encryption key '5678', and the reader The encryption key '5678' corresponding to '15' is extracted from the table and assigned as the encryption key corresponding to the index '04'. As a result, the same encryption key corresponds to the index '04' and '15' in the reader.

In the embodiment of the leak encryption key updater 220 corresponding to the fourth embodiment of the encryption / decryption unit 210, the leaked encryption keys among the plurality of encryption keys stored in the leaked tag should be updated. The reader updates the encryption key stored in the index corresponding to the encryption key leaked from the encryption key table with the new encryption key received.

In the embodiment of the leak encryption key updating unit 220 corresponding to the fifth embodiment of the encryption / decryption unit 210, all of the plurality of encryption key sets stored in the leaked tag must be updated. Accordingly, the leaked encryption key updating unit 220 of the tag transmits all the necessary new plurality of encryption key sets to the reader and requests to update the encryption key sets corresponding to the tag. The reader first specifies the cipher key sets assigned to the tag in the stored cipher key table, and then updates the cipher key set as a whole with the cipher keys received.

In the embodiment of the leak encryption key update unit 220 corresponding to the sixth embodiment of the encryption / decryption unit 210, the encryption key generation information itself to be newly used is transmitted to the tag reader. At this time, the tag stores the encryption key corresponding to the new encryption key generation information. The reader may register, for example, the encryption key generation information that has been commonly used as a bad tag on the black list. In this case, when a reader asks for authenticity authentication, the reader can more accurately determine whether the tag is a fake tag by referring to the blacklist and date of manufacture. Therefore, a tag manufactured before a specific manufacturing date is determined to be genuine even if the same encryption key generation information is used, and a tag manufactured after that can be determined as a counterfeit.

In the embodiment of the leak encryption key updating unit 220 corresponding to the seventh embodiment of the encryption / decryption unit 210, some or all of the encryption keys belonging to the encryption key set to be newly used may be leaked. The leaked encryption key updating unit 220 delivers encryption key generation information to be newly used for the leaked encryption keys to the tag reader. In this case, encryption keys corresponding to new encryption key generation information are stored in the tag. The reader may register, for example, the encryption key generation information that has been commonly used in the black list as a bad tag.

In the embodiment of the leak encryption key update unit 220 corresponding to the eighth embodiment of the encryption / decryption unit 210, encryption key generation information to be newly used is transmitted to the tag reader. For example, suppose that the encryption key '1324' 411 of the encryption key is leaked in FIG. 6B. In this case, it is assumed that the newly released tag stores, for example, '1567' as the new encryption key instead of the encryption key '1324' and '138' corresponds to the corresponding encryption key generation information. The leaked encryption key updating unit 220 deletes the encryption key generation information '133' corresponding to the index '02' originally assigned to the corresponding tag from the encryption key table 430 of the tag, and generates new encryption key generation information ' Ask to record 138 '. Accordingly, the tag reader will extract '138' as the encryption key generation information for the index '02' from the encryption key table 430 and thereby generate the encryption key '1567'. Therefore, it is impossible to read the product information for the counterfeit key that still has '1324' as the encryption key or the previously sold tag, and the counterfeit judgment is made.

According to a further advantageous aspect of the present invention, the control unit 200 of the tag 10 may include a retransmission attack blocking unit 230. In an encryption technique, a retransmission attack refers to an attack that attempts to connect to a server by hacking a login message itself transmitted by a user in an encrypted authentication procedure such as login and retransmitting it to a server. As a countermeasure, the server includes a random number in a message requesting a login, encrypts the message, and sends the encrypted message to the client, and the client includes the same random number in the response message. When the server authenticates the received login message, the server checks the random number and allows login only if the random number is sent by the server. Since the random numbers change randomly each time, this retransmission blocking technique prevents the possibility of using the same login message repeatedly.

The present invention introduces such retransmission attack blocking techniques into authentic authentication. This effectively prevents the reader from hacking into the message that requires reading or the message itself to which the tag responds. Accordingly, it is impossible to carry out a retransmission attack against the system of the present invention, and thus authenticity authentication can be made more reliable.

According to another aspect of the present invention, the control unit 200 of the tag 10 may include a post-management processing unit 270. The read portion information of the tag is stored in the storage of the tag 10. The information provider 250 stores read history information such as, for example, a reader serial number and a read date and time in each allocated area of the storage unit 300 at every reading. The information providing unit 250 does not provide product information when the stored value of the counter area managing the number of readings is greater than or equal to a predetermined value, but the after-care processing unit 270 logs in with a specific encryption key regardless of the number of readings. The terminal, i.e. the management reader, is designed to provide not only product information but also reading details. Certain readers consist of hardware similar to conventional readers, which read information about tags that are discarded at the retailer or tags attached to returned items, such as the date of sale of the product, the authentic user, and the date of authenticity. It can be useful as a post-customer management information of customer-oriented marketing.

According to another advantageous aspect of the present invention, the control unit 200 of the tag 10 may further include a refresh processing unit 290. In general, nonvolatile memory is known to have a limited number of times or period of reading after writing, and data is only retained for about 10 years. However, this may be too short, for example, for long-term items such as appraisals, antiques, paintings, and sculptures. The present invention further includes a refresh processing unit 290 in the tag corresponding to the application field, and rewrites and refreshes data each time it is read. Refreshing data should be performed on the entire data stored in memory, including encryption keys, product information and counter values. In this case, the refresh buffer can be read and written repeatedly for each block of a certain size. In the case of such a refreshed product, it is desirable to make the number of reads very large or not limit them at all.

Hereinafter, the configuration of the tag reader 20 according to an exemplary embodiment of the present invention will be described. 3 is a block diagram schematically showing the overall configuration of a tag reader 20 according to a preferred embodiment of the present invention. The portable tag reader 20 according to an exemplary embodiment of the present invention exchanges data wirelessly with an operation unit 930, a display unit 950, a battery (not shown), a tag, and a tag, and wirelessly transmits necessary power. A wireless communication unit 500, a storage unit 910 for storing information of encryption / decryption keys,

In response to an instruction from the operation unit 930, an information reading unit 750 for requesting product information to the tag side and displaying the product information received therefrom on the display unit, and encrypting / decrypting information transmitted / received with the wireless communication unit 500. It characterized in that it comprises a control unit 700 including an encryption / decryption unit 710.

In one preferred embodiment, the operation unit 930 includes one or two simple buttons, such as a read start button. The display unit 950 is composed of a thin LCD, but is not limited thereto. In another embodiment, the control unit 700 is equipped with software for implementing a calculator function and the operation unit 930 includes numeric keys and operator keys. The battery uses a primary battery such as an alkaline alkaline battery, or a thin battery such as a lithium-polymer secondary battery. Among commercially available batteries, products with a thickness of about 2 to 3 mm are available. The thickness of the battery determines the thickness of the entire reader. In a preferred embodiment the reader is made in the form of a card, it is made in a form that can be easily carried in the wallet. To this end, the region in which the battery is inserted in the reader in the form of a card may be formed to protrude in a plane on one edge of the rectangular corner. As a result, the portion except the battery area becomes thin and can be sufficiently inserted into the credit card pocket of the wallet.

The wireless communication unit 500 includes an antenna 510, a power transmitter 531 for wirelessly transmitting power required by a tag through the antenna 510, a demodulator 533 for demodulating a received signal, and a transmitter. And a modulator 535 for modulating the signal. Since these configurations correspond to the antenna 110, the power supply unit 131, the modulator 135, and the demodulator 133 included in the contactless communication means 100 of the tag, detailed descriptions thereof will be omitted. The antenna 510 may be formed in a printed pattern along the outer circumference of the card.

The storage unit 910 stores seed value (s) for generating an encryption key for exchanging information with the main program controlling the entire system. In another embodiment, the storage unit 910 stores a plurality of encryption keys for exchanging information with the main program. The storage unit 910 may be configured to include a nonvolatile memory, for example, a ROM and a RAM as a temporary memory, or may be configured as a single flash memory. The storage unit 910 also stores read history information, which is information about tags read by the reader 20. This information can be gathered from a reader connected to the marketer's computer and used to analyze customer disposition.

The control unit 700 may be implemented by a conventional microprocessor. According to a characteristic aspect of the present invention, the control unit 700 of the tag reader 20 according to an aspect of the present invention requests product information to the tag side in response to an instruction from the operation unit 930 and displays the product information received therefrom. An information reading unit 750 displayed on the display unit, and an encryption / decryption unit 710 for encrypting / decrypting information transmitted / received with the wireless communication unit 500 are implemented by software.

The information reading unit 750 interacts with the information providing unit 250 of the tag, and the encryption / decryption unit 710 is corresponding components that interact with the encryption / decryption unit 210 on the tag side. The information reader 750 displays the product information received from the tag on the display unit 950 in a text or graphic form. The information reading unit 750 may also include a real time clock circuit to calculate the current time. The information reading unit 750 transmits the reading time, the serial number of the reader, and the like to the tag every read so that the information reading unit 750 is stored as part of the reading history information.

In an embodiment according to a characteristic aspect of the present invention, the encryption / decryption unit 710 receives the generation information of the encryption key from the tag via the wireless communication unit 500 and the seed stored in the storage unit 910 Generates an encryption key from the value and handles encryption and / or decryption by this encryption key.

In another preferred embodiment, the encryption / decryption unit 710 communicates with the encryption / decryption unit 210 on the tag side to receive encryption key specific information and stores a plurality of companies and / or brands in the storage unit 910. It selects the keys related to the tag being read among the star and / or product specific encryption keys and uses them to process the communication between the two devices. This communication process will be described in more detail later.

The encryption / decryption unit 710 of the reader corresponds to the encryption / decryption unit 210 of the tag, and may be configured to correspond to the embodiments of the above-described tag.

The simplest first embodiment of the reader's encryption / decryption unit 710 corresponds to the first embodiment of the tag's encryption / decryption unit 210. In this embodiment, the storage unit 910 stores only the master key as one encryption key. The encryption / decryption unit 710 encrypts / decrypts information transmitted and received with the tag thereby. The effect thereof has already been described in the first embodiment of the tag.

The second embodiment of the encryption / decryption unit 710 of the reader corresponds to the second embodiment of the encryption / decryption unit 210 of the tag. In this embodiment, the storage unit 910 stores a plurality of encryption keys corresponding to the indexes. The encryption / decryption unit 710 receives encryption key specific information from a tag, for example, an index, specifies an encryption key, and thereby encrypts / decrypts information transmitted and received with the tag. Its effect has already been described in the second embodiment of the tag.

The third embodiment of the encryption / decryption unit 710 of the reader corresponds to the third embodiment of the encryption / decryption unit 210 of the tag. In this embodiment, as shown conceptually at the bottom of FIG. 6A, an encryption key table is stored in the storage unit 910 for each classification, that is, a criterion such as an industry type, a manufacturer, a brand, and a product name. The encryption / decryption unit 710 receives indexes as a plurality of encryption key specifying information from the tag, and specifies an encryption key set for the current tag in the corresponding table. Thereafter, the information transmitted and received with the tag is sequentially encrypted / decrypted by these encryption keys. The effect thereof has already been described in the third embodiment of the tag.

The fourth embodiment of the encryption / decryption unit 710 of the reader corresponds to the fourth embodiment of the encryption / decryption unit 210 of the tag. In this embodiment, a plurality of encryption keys are stored in the storage unit 910 as a table. The encryption / decryption unit 710 receives an index as encryption key specific information from the tag, looks up the encryption key table, and specifies an encryption key for the current tag. Thereafter, the information transmitted and received with the tag is encrypted / decrypted by these encryption keys. The effect thereof has already been described in the fourth embodiment of the tag.

The fifth embodiment of the encryption / decryption unit 710 of the reader corresponds to the fifth embodiment of the encryption / decryption unit 210 of the tag. In this embodiment, similar to the third embodiment, a plurality of encryption key tables are stored in the storage unit 910. The encryption / decryption unit 710 receives an index as encryption key specific information from the tag, looks up the encryption key tables, and specifies an encryption key set for the current tag. Thereafter, the information transmitted and received with the tag is sequentially encrypted / decrypted by these encryption keys. The effect thereof has already been described in the fifth embodiment of the tag.

The sixth embodiment of the encryption / decryption unit 710 of the reader corresponds to the sixth embodiment of the encryption / decryption unit 210 of the tag. In this embodiment, the encryption / decryption unit 710 includes an encryption key generation module. The seed value required for the encryption key generation module may be stored in the data area of the storage unit 910, or may be incorporated into and stored as part of the program code of the module. The encryption / decryption unit 710 generates an encryption key by executing the encryption key generation module with the encryption key generation information value received from the tag, and subsequently encrypts / decrypts the information transmitted and received with the tag by the encryption key. The effect thereof has already been described in the sixth embodiment of the tag.

The seventh embodiment of the encryption / decryption unit 710 of the reader corresponds to the seventh embodiment of the encryption / decryption unit 210 of the tag. In this embodiment, the encryption / decryption unit 710 includes an encryption key generation module. The seed value required for the encryption key generation module may be stored in the data area of the storage unit 910, or may be incorporated into and stored as part of the program code of the module. The encryption / decryption unit 710 sequentially executes the encryption key generation module based on the encryption key generation information values received from the tag to generate a series of encryption keys, and subsequently transmits and receives information to and from the tag using the encryption keys. Multiple encryption / decryption. The effect thereof has already been described in the seventh embodiment of the tag.

The seventh embodiment of the encryption / decryption unit 710 of the reader corresponds to the seventh embodiment of the encryption / decryption unit 210 of the tag. In this embodiment, the encryption / decryption unit 710 includes an encryption key generation module. The seed value required for the encryption key generation module may be stored in the data area of the storage unit 910, or may be incorporated into and stored as part of the program code of the module. The encryption / decryption unit 710 sequentially executes the encryption key generation module based on the encryption key generation information values received from the tag to generate a series of encryption keys, and subsequently transmits and receives information to and from the tag using the encryption keys. Multiple encryption / decryption. The effect thereof has already been described in the seventh embodiment of the tag.

The eighth embodiment of the encryption / decryption unit 710 of the reader corresponds to the eighth embodiment of the encryption / decryption unit 210 of the tag. The storage unit 910 stores tables as conceptually illustrated at the bottom of FIG. 6B. The encryption / decryption unit 710 extracts encryption key generation information values from the indexes received from the tag by referring to the encryption key table. Thereafter, the encryption key generation module is sequentially executed by them to generate a series of encryption keys, and then the information transmitted and received with the tag is sequentially encrypted and decrypted by these encryption keys. The effect thereof has already been described in the eighth embodiment of the tag.

As described above, in accordance with an advantageous aspect of the present invention, the tag reader may include at least two pieces of product information of an industry, a manufacturer, a brand, and a product name of the corresponding product from the received encryption key specific information or the index for the encryption key generation information or encryption key generation information. Can be specified and displayed on the display unit. This is possible in at least the third, fifth, seventh and eighth embodiments of the above embodiments. As illustrated in FIGS. 6A and 6B, the storage unit 910 of the tag reader stores product information corresponding to an index for each category to which a corresponding encryption key belongs. Therefore, it is possible to specify at least part of the product information from the received index.

According to another aspect of the present invention, the control unit 700 of the tag reader 20 according to an embodiment of the present invention receives the encryption key update request information for the encryption key leaked from the tag from the storage unit And a leaked encryption key updater 790 which discards the corresponding encryption key previously stored and updates the newly assigned encryption key. Specific embodiments and operations of the leak encryption key updater 790 have been described in the leak encryption key updater 220 of the tag, and thus will be omitted.

According to another characteristic aspect of the present invention, the control unit 700 of the tag reader 20 according to an embodiment of the present invention generates a one-time random number and adds it to the information to be transmitted and supplies it to the encryption / decryption unit, The apparatus further includes a retransmission attack blocker 730 that blocks the retransmission attack by extracting a random number from the information received in response and checking the identity. Since the retransmission attack blocking unit 730 has the same function as the configuration corresponding to the retransmission attack blocking unit 230 of the tag 10, a detailed description thereof will be omitted.

According to another aspect of the present invention, the control unit 700 of the tag reader 20 according to an embodiment of the present invention communicates with another external portable tag reader to authenticate each other, and the authentication result information is displayed on the display unit. The apparatus may further include a reader authenticator 770 displayed at 950. This is a feature that allows you to cross check the reliability of the reader itself. Authentication of the reading period is also made through the wireless communication unit 500, for which a specific encryption key is predetermined. The encryption / decryption unit 710 performs the same operation even in authenticating the reading period. The retransmission attack blocking unit 730 preferably intervenes in this process in order to block hacking using communication during the readout period. Its operation will be described later in more detail.

According to another aspect of the present invention, the control unit 700 of the tag reader 20 according to an embodiment of the present invention is a refresh (rewrite) the read information after reading the encryption key related information of the storage unit of the non-volatile memory ( Refresh) processing unit further.

In one preferred embodiment, the main program controlling the control unit 700 of the reader 20 uses a memory device that is stored permanently, such as a ROM. Information such as encryption keys are stored in flash memory for security purposes because there is a risk of being duplicated if stored in ROM. In the case of flash memory, the age that can be read after writing is limited to about 10 years, so that the encryption key may be lost when used for a long time. The tag reader 20 according to an embodiment of the present invention solves this problem by rewriting the read data again at the same address every time the information stored in the flash memory such as encryption key information is read.

In the tag reader 20 according to an embodiment of the present invention, a microprocessor constituting the control unit 700, a flash memory constituting the storage unit 910, a driving circuit for driving the display unit 950, The key scan logic for the key scan of the operation unit 930, and further, the demodulator 533, the modulator 535, and the power transmitter 531 of the wireless communication unit 500 excludes individual elements such as several inductors. Is designed as a single ASIC. This embodiment, which takes the form of a card as a whole, will include an ASIC, only a few individual elements, a battery, and an LCD and keypad directly connected to the printed circuit boards on which they are mounted.

Accordingly, by selecting the battery thin and integrating the included analog and digital circuits into a single ASIC, it is possible to make the reader small and thin. It is also possible to reduce the cost and spread the reader in large quantities at low cost.

Tag reader 20 according to another embodiment of the present invention is implemented on a mobile phone. At this time, the operation unit 930 is one or several keys of the keypad of the mobile phone, the display unit 950 is a liquid crystal screen of the mobile phone, the storage unit 910 is a nonvolatile memory of the mobile phone itself, the control unit 700 of the mobile phone itself Microprocessors can be used. In this case, therefore, only the configuration of the wireless communication unit 500 is added to a known mobile phone, so that the hardware of the tag reader according to the present invention can be completed. In this case, a software module for implementing the functions of the controller 700 should be additionally installed.

Hereinafter, a communication process between a tag reader and a tag according to the present invention will be described.

Tag reader according to a preferred embodiment of the present invention:

An encryption key information storage step of specifying an encryption key based on one or more criteria of an industry, a manufacturer, a brand, and a product name, and storing the encryption key related information in a semiconductor memory; a tag detection step of detecting the presence of a contactless tag; An encryption key specifying step of receiving information for specifying an encryption key from the tag, specifying an encryption key from encryption key related information stored in the semiconductor memory therefrom, and selecting the encryption key as an encryption key for current communication; A product information request step of encrypting and transmitting an information request message requesting a request; decrypting a product information message including a received brand name, a product name, a grade, and the like; and displaying the product information as visible information. Characterized in that it comprises a.

According to a further aspect of the present invention, in a preferred embodiment, the step of specifying an encryption key is characterized by: specifying an encryption key by generating an encryption key using encryption key lifetime information received from a tag and stored encryption key seed information. Specifies the key.

According to a further aspect of the present invention, in the preferred embodiment, the decrypting of the product information message includes receiving a random number generated randomly before the step of encrypting the information request message by the information providing method, and receiving the message. The method may further include verifying the identity of the random number after decrypting the product information message and executing a corresponding process for the retransmission attack.

According to a further aspect of the present invention, the information providing method receives the encryption key update request information requesting the discarding of the leaked encryption key and updating to a new encryption key; Replacing with an encryption key, and selecting the new encryption key as an encryption key for the current communication.

4 is a diagram illustrating a communication process between the tag 10 and the tag reader 20 according to an embodiment of the present invention. Hereinafter, this communication process will be described in more detail with reference to FIG. 4.

First, in the tag reader, the user presses a specific button to request confirmation of product information (step S210). Accordingly, the tag reader searches for the presence of the tag (step S110). Such a search process may adopt, for example, what is specified in the ISO14443 standard, but the present invention is not limited thereto.

Thereafter, the reader selectively executes a protocol for specifying an encryption key (steps S132 and S134). Only one encryption key may be stored in the tag to be used for communication with the reader, or a plurality of encryption keys may be stored, one of which is specified and used by a protocol described later.

First, the tag reader requests specification of an encryption key from the tag side (step S132). The message requesting the specification of the encryption key is generated by adding a random number generated at the reader side to the request message. In response, the tag transmits encryption key specifying information necessary for specifying the encryption key, for example, an index (step S134). This specific information message is generated by adding the random number transmitted from the reader side to the specific information and additionally adding a random number newly generated on the tag side. This is to protect not only the outgoing message but also the incoming message from replay attacks. In a preferred embodiment, the encryption scheme is a 3-DES scheme, and since the scheme is a symmetric key scheme, the encryption key and the decryption key are the same.

In another embodiment, the encryption key specific information is encryption key generation information used when generating the encryption key. The encryption key generation information is a parameter value used in the encryption key generation function in one embodiment. In the reader according to this embodiment, a cryptographic key generation function is implemented as a program. The encryption key generation function generates an encryption key from the seed value stored in the storage unit 910 of the reader and the encryption key generation information received from the tag (step S230). For example, in a simple embodiment, when the seed value is 123456, the parameter may be an index specifying one of several encryption keys generated from their permutation combination. In another embodiment, the parameter may be an index that designates one of a number of encryption keys that can be derived by scrambling a data word representing a seed value in blocks. In another embodiment, the parameter may be a parameter related to partitioning of a block in an algorithm for scrambling a data word representing a seed value in units of blocks. Since various methods are known for generating such an encryption key, a detailed description thereof will be omitted.

When a plurality of seed values are stored in the reader, the encryption key generation information stored in the tag includes an index for specifying the seed, and the rest of the encryption key generation information is similar to the embodiment having a single seed.

By utilizing such a cryptographic key generation function, the present invention can add at least as many as the number of cryptographic keys that can be generated for activation products having different encryption keys for each product without upgrading the reader after purchase of the reader.

In another embodiment, the encryption key specifying information is an index specifying one of a plurality of encryption keys. The reader stores a plurality of encryption keys, for example several hundred encryption keys, corresponding to the encryption keys of all tags. The tag stores an index that specifies its own encryption key and one of a plurality of encryption keys. The tag reader can receive this index to specify one cryptographic key that can be used for the current tag among a plurality of cryptographic keys.

By utilizing a plurality of encryption keys as described above, the present invention can add at least the number of encryption keys to a product to be activated without having to upgrade the reader after purchase of the reader.

In an embodiment in which a plurality of encryption keys are stored in a tag, the encryption key specifying information is a plurality of indexes for specifying a plurality of encryption keys stored in the tag. The tag reader randomly selects one of the plurality of indices received and responds. Accordingly, the encryption key is also specified on the tag side. In this case, the reader specifies a cryptographic key corresponding to one index arbitrarily selected among a plurality of indices received from the tag among numerous stored cryptographic keys as a master key with the current tag. Thereby, the genuine product authentication system according to the present invention can be provided with an enhanced security level.

In the above three embodiments, the designation of the encryption key may be performed by industry and / or manufacturer and / or brand and / or product, for example. Accordingly, the same encryption key may be used for products manufactured by the same manufacturer of the same industry or the same industry. Accordingly, when the same manufacturer or the same manufacturer of the same industry produces a new product and is read by the reader according to the present invention, the product information can be read without updating the encryption key information of the reader. Furthermore, if cryptographic keys are shared for the same kind of product, more and more new products can be added after the reader is released.

Thereafter, the reader 20 transmits a message requesting product information to the tag 10 (step S152). As described above, part of the product information may be secured in advance from the encryption key index or the encryption key generation information index. This message is a message generated by adding a random number received from a tag to a request message, adding a randomly generated random number at the reader side, and encrypting it with a specified master encryption key. The tag receiving the message is included in the received product information request message, and it is possible to check whether the received signal is a retransmission attack by extracting a random number previously sent by the user and confirming the identity with the original random number. . In this case, the tag may additionally perform a process of authenticating the reader. Authentication of the reader can be achieved, for example, by receiving a response message for a particular code message sent to the reader and checking the hashed value.

Thereafter, the tag extracts and checks a counter value of the storage unit 300 (step S330). If the tag has already been read more than the allowable number, further reading is blocked, otherwise proceed to the next step.

Thereafter, the tag extracts product information from the storage 300 to generate a response message (step S350). This message is encrypted with the master key after adding the random number received from the reader to the product information. The generated product information message is sent to the tag reader (step S154). The tag then increments the counter value of the storage section (step S370), and stores reading history information including the reader serial number which requested the reading at the time of reading, in the storage section (step S390). The tag reader receives and decrypts this message, checks whether the random number included in the decrypted message is the same as the random number originally transmitted, and checks whether the received signal is a retransmission attack (step S250). If it is determined that the response is not an illegal response due to the retransmission attack, the product information is displayed (step S270).

The following describes the update processing procedure for the leak encryption key of the tag and the reading period. In FIG. 4, when the tag reader transmits the encryption key specifying request message to the tag (step S132), the tag transmits the encryption key update request message instead of transmitting the encryption key specifying message (step S134). The tag reader receives this message and discards the existing encryption key specified for that tag internally and replaces it with a new encryption key. In addition, the tag reader specifies the updated new encryption key as an encryption key for communication with the current tag. The subsequent process is the same.

5 is a view illustrating an authentication process of a reading period according to an exemplary embodiment of the present invention. As shown, first one of the two readers must be designated as the master in the authentication process. Such designation may also cause the reader to first operate the button that requires the user to authenticate (step S510). The master reader searches for the presence of surrounding slave readers (step S412).

After the master and the slave are determined as described above, a procedure for initiating a communication session between the two terminals proceeds (step S414). The communication session of the reading period is maintained by the master generating the session identifier and transmitting it to the slave, and the communication of the two reading periods includes the same session identifier. As a result, a specific connection state can be maintained or managed even in an environment in which the same radio frequency is shared.

Subsequently, a process of assigning an encryption key necessary for communication in the reading period is executed (steps S432 and S434). This process is similar to the master key specification process of tag and reading period.

In one preferred embodiment, the authentication procedure for the readout period is entirely dependent on encryption. In other words, it is assumed that a valid reader holds a valid encryption key. In the present embodiment, when the master reader encrypts a specific message with its own encryption key and transmits it to the slave reader (step S452), the slave reader receives it, decrypts it, and then encrypts and sends it again (step S453). In this case, the slave reader may indicate that the check message has been received (step S630).

After that, the master reader decrypts the received message and checks the random number first to see if it is a retransmission attack. Thereafter, if the extracted message is the same as that of the original transmission message, if it is the same, the slave reader is determined to be a reader having a valid encryption key, and if not, an illegal reader is displayed (step S550). However, the present invention is not limited thereto, and for example, the slave reader may decode the received message and then respond by mapping the message in bytes or words according to a predetermined message processing, for example, a predetermined rule in the received message. It may be.

As described in detail above, the authenticity authentication device according to the present invention provides a small and thin tag to purchase clothes, footwear, leather goods, liquor, agricultural and livestock products, medicines, electronic products, machinery products, etc. with a single tag reader. In addition to products that require authenticity check, not only products that require continuous and long-term authenticity such as precious metals and artworks, but also a wide range of items such as appraisal, admission ticket, various certificates and facility use rights, gold rights, securities, and important documents. Genuine certification can be applied for

In addition, the authenticity check device according to the present invention anyone can carry a reader in a pocket or purse by providing a portable reader in the form of a mobile phone or credit card. Accordingly, buyers can easily and easily check the authenticity anytime, anywhere, and the seller cannot know when and when a consumer will be authenticated by authenticity, so he will not be able to try to cheat the counterfeit goods. Furthermore, if such portable terminals are distributed to consumers in large quantities, the tendency of selling and buying fake products, whether sellers or consumers, will be greatly reduced.

In addition, since the authenticity authentication device according to the present invention, the product information is displayed in plain text on the display of the reader, the buyer can easily check the result directly and have a deep trust.

In addition, since the authenticity authentication device according to the present invention depends on the validity of the encryption key and the content displayed on the portable terminal by the human eye, it is necessary to estimate and store a separate network connection or a large amount of data in advance. There is no hassle. Furthermore, even if the encryption keys are the same, the products are distinguished by the display contents. Therefore, if the same encryption key is applied to a new product or a different product that is newly released after the reader is distributed, the authenticity can be confirmed without upgrading the reader.

In addition, since the authenticity authentication device according to the present invention has a built-in encryption key generation module capable of generating a large number of encryption keys in the reader or stores a plurality of encryption keys, it is possible to secure a large number of encryption keys even with a limited memory. Even after acquisition, it is possible to add new cryptographic keys to more and more companies, brands or products and add them to the authenticity certification.

Furthermore, even if the encryption key of some companies, brands or products is leaked, the encryption key is different for the remaining companies, brands or products, and if the encryption key is leaked, additional security is issued by assigning a new encryption key. For a given product, there is more room to prevent the use of a counterfeit reader.

Accordingly, the present invention has a far superior advantage over the prior art, in which a number of readers that have already been distributed must be upgraded and applied to new products.

In addition, the authenticity authentication device according to the present invention not only prevents the reuse of the tag without damaging the tag by limiting the number of readings, but also reuses the tag in the counterfeit goods, which should not be reused much more reliably than the physical method. You can block it.

In addition, the authenticity authentication device according to the present invention overcomes the limitation of the retention period by executing the memory refresh process for every reading for the products having a long collection period, such as antiques or artworks, for each reading. The scope of the object can be further extended.

In addition, the authenticity authentication device according to the present invention can block attempts to copy the authenticating system itself by hacking the authenticity authentication message by responding to a retransmission attack, and further increase the authenticity of authenticity authentication.

In addition, since the authenticity authentication device according to the present invention upgrades the tag reader offline through a newly issued tag when some cryptographic keys are leaked, the reader has the advantage that the reader is upgraded without any manipulation as well as the appearance of counterfeit goods. There is an advantage to minimize the damage.

In addition, since the authenticity authentication device according to the present invention can mutually authenticate during the portable tag reading period, it is also possible to prevent the use of a dummy portable reader that operates on the dummy contactless communication tag.

Thus far, the present invention has been described with reference to preferred embodiments, but is not limited thereto. Accordingly, the invention should be construed by the appended claims, which are intended to cover many variations that will be apparent to those skilled in the art without departing from the scope of the invention.

1 is a view for schematically explaining the authenticity authentication system according to the present invention.

2 illustrates a configuration of a contactless communication tag according to the present invention.

3 is a block diagram schematically showing the overall configuration of a tag reader according to the present invention.

4 is a diagram illustrating a communication process between a tag and a tag reading period according to an embodiment of the present invention.

5 is a view illustrating an authentication process of a reading period according to an exemplary embodiment of the present invention.

6A illustrates an example of encryption keys according to a third embodiment of the encryption / decryption unit 210 according to the present invention.

6B illustrates an example of encryption keys according to an eighth embodiment of the encryption / decryption unit 210 according to the present invention.

<Description of the symbols for the main parts of the drawings>

10 contactless communication tag 20 tag reader

100 contactless communication means 110 antenna

131: power supply unit 133: demodulation unit

135: modulation unit 200: control unit

210: encryption / decryption unit 220: leaked encryption key update unit

230: retransmission attack blocker 250: information provider

270: post-management processing unit 290: refresh

300: storage unit 500: wireless communication unit

510: antenna 531: power transmitter

533: demodulator 535: modulator

700 control unit 710 encryption / decryption unit

720: refresh processing unit 730: retransmission attack blocking unit

750: information reading unit 770: reader authentication unit

790: leak encryption key update unit 910: storage unit

930: operation unit 950: display unit

Claims (60)

A portable tag reader for reading a contactless communication tag installed in a product and providing information of the product, An operation unit; A display unit; A battery unit; A wireless communication unit for exchanging data wirelessly with a tag and wirelessly transmitting necessary power; A storage unit storing encryption key related information; An information reading unit for requesting product information from the tag side in response to an instruction from the operation unit and displaying the product information received therefrom on the display unit, and an encryption / decryption unit for encrypting / decrypting information transmitted / received through the wireless communication unit. Handheld tag reader comprising a control unit. The method of claim 1, wherein the wireless communication unit: And an antenna, a power transmitter for wirelessly transmitting the power required by the tag through the antenna, a demodulator for demodulating the received signal, and a modulator for modulating the transmitted signal. The method of claim 2, The storage unit stores a plurality of encryption keys, And the encryption / decryption unit receives encryption key specifying information from a tag through the wireless communication unit and processes encryption / decryption by the encryption key specified therefrom. The method of claim 3, wherein The storage unit stores a plurality of encryption keys for each of at least two criteria of the industry, manufacturer, brand, product name, And the encryption / decryption unit receives encryption key specific information for each criterion from the tag through the wireless communication unit and processes encryption / decryption by the encryption keys specified therefrom. The method of claim 4, wherein And the information reading unit specifies at least two pieces of product information of an industry, a manufacturer, a brand, and a product name of the corresponding product from the received encryption key specifying information and displays the information on the display unit. The method of claim 2, The storage unit stores at least one seed value for generating a plurality of encryption keys, Characterized in that the encryption / decryption unit receives the generation information of the encryption key from the tag through the wireless communication unit, generates an encryption key from the information and the seed value, and processes encryption and / or decryption by the encryption key. Tag reader. The method of claim 6, The storage unit stores one or more seed values for generating a plurality of encryption keys for each of at least two criteria of an industry, a manufacturer, a brand, and a product name, And the encryption / decryption unit receives encryption key generation information for each tag and each criterion through the wireless communication unit, and processes encryption / decryption by encryption keys generated therefrom. The method of claim 7, wherein And the information reading unit specifies at least two pieces of product information among an industry type, a manufacturer, a brand, and a product name of the corresponding product from the received encryption key generation information and displays the information on the display unit. The method of claim 1, wherein the control unit comprises: Receiving the encryption key update request information for the leaked encryption key sent by the tag, and accordingly discards the encryption key previously stored in the storage unit, and further comprises a leak encryption key updating unit for updating processing with a newly assigned encryption key. Characterized by a portable tag reader. The method of claim 1, wherein the control unit comprises: A retransmission attack blocker which generates a one-time random number and supplies it to the encryption / decryption unit in addition to the information to be transmitted, and extracts a random number from the information received in response and checks the identity to block the retransmission attack; Portable tag reader, characterized in that. The method of claim 1, wherein the control unit comprises: And a reader authenticator configured to communicate with another external portable tag reader to authenticate each other and to display the authentication result information on the display unit. The method according to any one of claims 1 to 8, The storage unit is composed of a nonvolatile memory, And a refresh processing unit for rewriting the read information after the control unit reads the information in the storage unit. 7. The portable tag reader according to any one of claims 3 to 6, wherein the portable tag reader has a thickness corresponding to a thin battery having an area of a credit card size. The portable tag reader according to any one of claims 3 to 6, wherein the RF circuit of the control unit, the storage unit, and the wireless communication unit is implemented as one ASIC. The portable tag reader according to claim 3 or 6, wherein the portable tag reader is manufactured in one of a portable calculator, a personal digital assistant (PDA), and a mobile phone. In a method of providing information executable in a tag reader in communication with a plurality of contactless tags, the method comprises: An encryption key information storage step of specifying an encryption key based on one or more criteria of an industry, a manufacturer, a brand, and a product name, and storing the encryption key related information in the semiconductor memory; A tag detection step of detecting the presence of the contactless tag; An encryption key specifying step of receiving information for specifying an encryption key from the tag, specifying an encryption key from encryption key related information stored in the semiconductor memory therefrom, and selecting the encryption key as an encryption key for current communication; A product information request step of encrypting and transmitting an information request message requesting product information with the tag; Decrypting the received product information message; Displaying the product information as visible information; The authenticity information providing method of the brand product, characterized in that it comprises a. 17. The method of claim 16, wherein specifying the cryptographic key is A method of providing authenticity information of a branded product, characterized by specifying an encryption key by generating an encryption key using the encryption key life information received from the tag and the stored encryption key seed information. 18. The method of any of claims 16 and 17, wherein the decrypting the product information message comprises: And extracting one or more product information of a business type, manufacturer, brand, and product name from the received encryption key specific information. 18. The method of any one of claims 16 and 17, wherein the method of providing information prior to encrypting an information request message: Before the encrypting the information request message, including the randomly generated random number in the message; And decrypting the received product information message and confirming the identity of the random number to execute a corresponding process for the retransmission attack. 18. The method of any of claims 16 and 17, wherein the cryptographic key specifying step is: Receiving encryption key update request information requesting discarding the leaked encryption key and updating to a new encryption key; Replacing a predetermined encryption key with a new encryption key for the product; Selecting the new encryption key as the encryption key for the current communication; providing authenticity information of the brand product comprising a. A contactless communication tag installed in a product and providing information of the product, Contactless communication means for exchanging data wirelessly with the portable tag reader and for supplying power to the system from a power signal wirelessly received therefrom; A storage unit for storing product information, encryption key related information, and information on the number of times product information has been read by a portable tag reader; While decrypting the signal received through the contactless communication means and encrypts the signal to be transmitted and outputs to the contactless communication means, and read the product information stored in the storage unit and supplies it to the encryption / decryption unit, A control unit including an information providing unit to block additional reading of product information when the number of readings stored in the storage unit is equal to or greater than a predetermined reference value; Contactless communication tag comprising a. The method of claim 21, wherein the contactless communication means comprises: A non-contact, characterized in that it comprises an antenna, a power supply for processing power radio signals among the signals received through the antenna and supplying power, a demodulator for demodulating the received signal and a modulator for modulating the transmitted signal Communication tag. The method of claim 22, The storage unit stores at least two cryptographic keys which are allocated according to at least two criteria of an industry, a manufacturer, a brand, and a product name. And the encryption / decryption unit processes encryption and decryption by using the plurality of encryption keys sequentially. The method of claim 23, wherein The storage unit further stores at least two cryptographic key generation information allocated separately according to the criteria of industry, manufacturer, brand, and product name. And the encryption / decryption unit transmits the encryption key generation information to the portable tag reader through the contactless communication means, and sequentially processes the encryption and decryption using the stored corresponding encryption keys. 25. The method of any of claims 23 to 24, wherein the control comprises: And a leak encryption key updating unit for requesting discard of the tag leaked to the tag reader and transmitting update request information to the newly assigned encryption key. 25. A contactless communication tag as claimed in any one of claims 23 to 24, wherein said control portion does not comprise a stored program, but is implemented in dedicated hardware based on a state machine design. 25. The method of any of claims 23 to 24, wherein the control comprises: And a post-processing processing unit for providing product information and reading history information for the read request of the management reader even when the number of reads stored in the storage unit is equal to or greater than the reference value. The method of claim 23, wherein the contactless communication tag is: A non-contact communication tag further comprising a shielding film that blocks the reading on the tag exposure surface. A contactless communication tag installed in a product and providing information of the product, Contactless communication means for exchanging data wirelessly with the portable tag reader and for supplying power to the system from a power signal wirelessly received therefrom; A storage unit for storing product information, encryption key related information, and reading history information, and including a nonvolatile memory; An encryption / decryption unit for decrypting a signal received through the contactless communication means and encrypting a signal to be transmitted and outputting the signal to the contactless communication means, and reading the product information stored in the storage unit and supplying it to the encryption / decryption unit. An information providing unit for storing reading history information including read date and time, reader unique number, etc. in each storage unit for every reading, and a refresh processing unit for rewriting the read information after reading the product information of the nonvolatile memory. A control unit; Contactless communication tag comprising a. 30. The method of claim 29, wherein said contactless communication means is: A non-contact, characterized in that it comprises an antenna, a power supply for processing power radio signals among the signals received through the antenna and supplying power, a demodulator for demodulating the received signal and a modulator for modulating the transmitted signal Communication tag. The method of claim 30, The storage unit stores at least two cryptographic keys which are allocated according to at least two criteria of an industry, a manufacturer, a brand, and a product name. And the encryption / decryption unit processes encryption and decryption by using the plurality of encryption keys sequentially. The method of claim 31, wherein The storage unit further stores at least two cryptographic key generation information allocated separately according to the criteria of industry, manufacturer, brand, and product name. And the encryption / decryption unit transmits the encryption key generation information to the portable tag reader through the contactless communication means, and sequentially processes the encryption and decryption using the stored corresponding encryption keys. 33. The apparatus of any of claims 30 to 32, wherein the control unit: And a leaking encryption key updating unit for requesting the tag reader to discard the leaked encryption key and transmitting update request information to the newly assigned encryption key. 33. A contactless communication tag as claimed in any of claims 30 to 32, wherein said control portion does not comprise a stored program, but is implemented in dedicated hardware based on a state machine design. A contactless communication tag installed in a product and providing information of the product, Contactless communication means for exchanging data wirelessly with the portable tag reader and for supplying power to the system from a power signal wirelessly received therefrom; A storage unit for storing product information and encryption key related information; An encryption / decryption unit for decrypting a signal received through the contactless communication means and encrypting a signal to be transmitted and outputting the signal to the contactless communication means, and reading product information stored in the storage unit and supplying it to the encryption / decryption unit. An information providing unit and a retransmission attack blocker for generating a single-use random number and supplying it to the information to be transmitted to the encryption / decryption unit, and extracting a random number from the information received in response and checking the identity to block retransmission attacks. A control unit including; Contactless communication tag comprising a. 36. The method of claim 35, wherein the contactless communication means is: A non-contact, characterized in that it comprises an antenna, a power supply for processing power radio signals among the signals received through the antenna and supplying power, a demodulator for demodulating the received signal and a modulator for modulating the transmitted signal Communication tag. The method of claim 36, The storage unit stores at least two cryptographic keys which are allocated according to at least two criteria of an industry, a manufacturer, a brand, and a product name. And the encryption / decryption unit processes encryption and decryption by using the plurality of encryption keys sequentially. The method of claim 37, The storage unit further stores at least two cryptographic key generation information allocated separately according to the criteria of industry, manufacturer, brand, and product name. And the encryption / decryption unit transmits the encryption key generation information to the portable tag reader through the contactless communication means, and sequentially processes the encryption and decryption using the stored corresponding encryption keys. 39. The method of any of claims 36 to 38, wherein the control unit: And a leak encryption key updating unit for requesting discard of the tag leaked to the tag reader and transmitting update request information to the newly assigned encryption key. 39. A contactless communication tag as claimed in any of claims 36 to 38, wherein said control portion does not comprise a stored program, but is implemented in dedicated hardware based on a state machine design. A portable tag reader for reading a contactless communication tag installed in a product and providing information of the product, A wireless communication unit for exchanging data wirelessly with a tag; A storage unit storing encryption key related information; And a control unit including an information reading unit for requesting product information from the tag side in response to an instruction from the operation unit and receiving product information therefrom, and an encryption / decryption unit for encrypting / decrypting information transmitted and received through the wireless communication unit. Handheld tag reader, characterized in that. The method of claim 41, wherein The storage unit stores a plurality of encryption keys, And the encryption / decryption unit receives encryption key specifying information from a tag through the wireless communication unit and processes encryption / decryption by the encryption key specified therefrom. The method of claim 42, The storage unit stores a plurality of encryption keys for each of at least two criteria of the industry, manufacturer, brand, product name, And the encryption / decryption unit receives encryption key specific information for each criterion from the tag through the wireless communication unit and processes encryption / decryption by the encryption keys specified therefrom. The method of claim 43, And the information reader specifies at least two pieces of product information of an industry, a manufacturer, a brand, and a product name of the corresponding product from the received encryption key specifying information. The method of claim 41, wherein The storage unit stores at least one seed value for generating a plurality of encryption keys, Characterized in that the encryption / decryption unit receives the generation information of the encryption key from the tag through the wireless communication unit, generates an encryption key from the information and the seed value, and processes encryption and / or decryption by the encryption key. Tag reader. The method of claim 45, The storage unit stores one or more seed values for generating a plurality of encryption keys for each of at least two criteria of an industry, a manufacturer, a brand, and a product name, And the encryption / decryption unit receives encryption key generation information for each tag and each criterion through the wireless communication unit, and processes encryption / decryption by encryption keys generated therefrom. The method of claim 46, And the information reader specifies at least two pieces of product information of a business type, a manufacturer, a brand, and a product name of the corresponding product from the received encryption key generation information. 48. The apparatus of any of claims 41 to 47 wherein the controller comprises: Receiving the encryption key update request information for the leaked encryption key sent by the tag, and accordingly discards the encryption key previously stored in the storage unit, and further comprises a leak encryption key updating unit for updating processing with a newly assigned encryption key. Characterized by a portable tag reader. 48. The apparatus of any of claims 41 to 47 wherein the controller comprises: A retransmission attack blocker which generates a one-time random number and supplies it to the encryption / decryption unit in addition to the information to be transmitted, and extracts a random number from the information received in response and checks the identity to block the retransmission attack; Portable tag reader, characterized in that. 48. The apparatus of any of claims 41 to 47 wherein the controller comprises: And a reader authenticator configured to communicate with other external portable tag readers to authenticate each other. The method according to any one of claims 41 to 47, The storage unit is composed of a nonvolatile memory, And a refresh processing unit for rewriting the read information after the control unit reads the information in the storage unit. 46. A handheld tag reader as claimed in claim 42 or 45, wherein the handheld tag reader has a thickness equivalent to a thin battery having an area of credit card size. 46. The portable tag reader according to any one of claims 42 and 45, wherein the RF circuit of the control unit, the storage unit, and the wireless communication unit is implemented as one ASIC. 46. A handheld tag reader as claimed in any one of claims 42 to 45, wherein said handheld tag reader is constructed in the form of a portable calculator, a personal digital assistant (PDA) or a mobile phone. A method of providing product information in communication with a plurality of contactless tags, the method comprising: A tag detection step of detecting the presence of the contactless tag; A product information providing step of decrypting the encrypted product information message received from the tag and providing the authenticity information; The authenticity information providing method of the brand product, characterized in that it comprises a. 56. The method of claim 55, wherein the method is between the tag detection step and the product information providing step: Receiving information for specifying the encryption key from the tag from the encryption key specification step of specifying the encryption key from the encryption key related information stored in the semiconductor memory therefrom; further comprising a key for encryption; How to provide authenticity information of branded products. 59. The method of claim 56, wherein the cryptographic key specifying step is: A method of providing authenticity information of a branded product, characterized by specifying an encryption key by generating an encryption key using encryption key generation information received from a tag and stored encryption key seed information. 58. The method of any one of claims 56 and 57, wherein the step of providing product information is: A product information request step of encrypting and transmitting an information request message requesting product information with the tag; A message decrypting step of decrypting the received product information message, and extracting one or more product information among an industry type, a manufacturer, a brand, and a product name from the received encryption key specific information; Providing the product information; The authenticity information providing method of the brand product, characterized in that it comprises a. 59. The method of claim 58, wherein before the information providing method encrypts an information request message: Before the encrypting the information request message, including the randomly generated random number in the message; And decrypting the received product information message and confirming the identity of the random number to execute a corresponding process for the retransmission attack. 59. The method of claim 58, wherein the cryptographic key specifying step is: Receiving encryption key update request information requesting discarding the leaked encryption key and updating to a new encryption key; Replacing a predetermined encryption key with a new encryption key for the product; Selecting the new encryption key as the encryption key for the current communication; providing authenticity information of the brand product comprising a.