KR101077864B1 - RFID tag - Google Patents

Abstract

The present invention relates to an RFID tag, and the RFID tag according to the present invention includes a storage unit for storing ID information, a memory unit for storing at least one encryption key in association with a key index, and a predetermined RFID. A receiving unit for receiving a predetermined random number R and a predetermined key index from a terminal, and searching for a key index matching the received key index among at least one or more key indexes stored in the memory unit, and searching for the key index. A data generator for generating a predetermined authentication value M0 corresponding to the received random number R, a transmitter for transmitting the authentication value M0 to the RFID terminal, and the authentication value M0 at the RFID terminal. Verifies the validity of the security key corresponding to the key index, and transmits the encrypted ID information and the authentication value M1 according to the authentication result. When receiving this from the, decrypt the received encrypted ID information, generates a predetermined authentication value (M1) corresponding to the ID information, the received authentication value (M1) and the generated authentication value (M1) And an authentication unit for authenticating the validity of the ID information, and a recording unit for recording the decrypted ID information in the ID information storage area of the memory unit when the validity of the authentication result is authenticated.

Description

RFID Tag {RFID Tag}

The present invention has a storage area for storing ID information, includes a memory unit for storing at least one encryption key and a key index in association with each other, a predetermined random number R and a predetermined key index from a predetermined RFID terminal. Search for a key index that matches the received key index from among a receiving unit and at least one or more key indexes stored in the memory unit, and when the key index is found, a predetermined authentication value corresponding to the received random number R ( Validity of the data generation unit for generating M0), the transmission unit for transmitting the authentication value M0 to the RFID terminal, and the security key corresponding to the key index by verifying the authentication value M0 at the RFID terminal. Authenticate and transmit the predetermined encrypted ID information and the authentication value (M1) according to the authentication result, and when the receiving unit receives the encrypted ID information, decrypts the received encrypted ID information. An authentication unit generating a predetermined authentication value M1 corresponding to the ID information, and comparing the received authentication value M1 with the generated authentication value M1 to authenticate validity of the ID information; And an ID tag including a recording unit for recording the decrypted ID information in the ID information storage area of the memory unit when the validity of the authentication result is authenticated.

In general, RFID (Radio Frequency Identification) is composed of a radio chip capable of wireless transmission and reception and an antenna for radio frequency transmission and reception, RFID tag corresponding to a transponder (Transponder) for storing the ID information fixed to the radio chip as RFID tag information And an RFID reader having a power supply to the RFID tag through a predetermined radio frequency and receiving a predetermined signal transmitted from the RFID tag and a predetermined signal receiving module and / or RFID received from the RFID tag. At least one server (for example, an object name server (ONS)) including an RFID terminal for reading tag information and providing an information processing function corresponding to the RFID tag information in association with the RFID terminal through a predetermined network. / OIS (Object Information Server).

However, in the case of a conventional RFID tag that stores fixed ID information as RFID tag information, at least one or more unspecified multiple RFID terminals sharing a predetermined air interface with the RFID tag may be used for tracking the location of the RFID tag. Problems such as compromised security and / or invasion of personal privacy, such as to identify movement paths, are included.

When the RFID tag is produced (or attaches an RFID tag to a predetermined product), the RFID tag is given a unique ID as RFID tag information and used for its lifetime, and / or write once read many RFID tag having a memory of type) and at least one writeable memory (WROM and / or Write Many (WM) type of memory), which records predetermined ID information as RFID tag information and reuses the RFID tag. It is made to include.

However, in a conventional RFID tag having a WORM / WM memory, all kinds of RFID terminals capable of transmitting and receiving radio frequency with the RFID tag can record predetermined tag information in the memory, thereby unspecified multiple RFIDs. The terminal includes a serious security problem of deleting / damaging / modifying ID information recorded on the RFID tag.

SUMMARY OF THE INVENTION An object of the present invention includes a memory unit having a storage area for storing ID information and storing at least one encryption key and a key index in association with a predetermined random number R and a predetermined key index from a predetermined RFID terminal. Search for a key index that matches the received key index among at least one or more key indexes stored in the memory unit, and if the key index is found, a predetermined authentication corresponding to the received random number R; A data generator for generating a value (M0), a transmitter for transmitting the authentication value (M0) to the RFID terminal, and verifying the authentication value (M0) at the RFID terminal to a security key corresponding to the key index. Verify the validity, and transmit the predetermined encrypted ID information and the authentication value M1 according to the authentication result, and when the receiving unit receives the encrypted ID information, the received encrypted ID information is restored. Authentication to generate a predetermined authentication value M1 corresponding to the ID information, and compare the received authentication value M1 with the generated authentication value M1 to authenticate validity of the ID information. And an ID tag including a recording unit for recording the decrypted ID information in the ID information storage area of the memory unit when the validity of the authentication result is authenticated.

The RFID tag according to the present invention has a storage area for storing ID information, includes a memory unit for storing at least one encryption key and a key index in association with a predetermined random number R and a predetermined random number R from a predetermined RFID terminal. A search unit for receiving a key index and a key index matching the received key index among at least one or more key indexes stored in the memory unit, and when the key index is found, a predetermined value corresponding to the received random number R. A data generator for generating an authentication value (M0) of the data, a transmitter for transmitting the authentication value (M0) to the RFID terminal, and a security corresponding to the key index by verifying the authentication value (M0) at the RFID terminal. Validating the validity of the key, and transmits the predetermined encrypted ID information and the authentication value (M1) according to the authentication result, and when the receiving unit receives it, the received encrypted ID information Decrypting the beam, generating a predetermined authentication value M1 corresponding to the ID information, and comparing the received authentication value M1 with the generated authentication value M1 to authenticate the validity of the ID information. And an authentication unit and a recording unit for recording the decrypted ID information in the ID information storage area of the memory unit when the validity of the authentication result is authenticated.

According to the present invention, in an RFID tag having at least one write once read many (WORM) and / or write many (WM) memory, at least one encryption key and a key index are stored in the memory in association with each other. By providing an encryption protocol, the RFID tag and the RFID terminal can be mutually linked (or authenticated) through a predetermined encryption protocol using the encryption key and the key index, thereby securely giving and recording ID information to the RFID tag. There is this.

According to the present invention, a system in which the ID information securely recorded in the memory through the mutual authentication procedure between the RFID tag and the RFID terminal based on the encryption key and the key index and / or encryption protocol is assigned the dynamic tag information (or Since only the RFID terminal knows the ID information, there is an advantage in that the unspecified RFID terminal tracks the location of the RFID tag or grasps the movement path.

1 is a diagram illustrating a preferred functional configuration of an RFID tag for dynamic ID information allocation according to an embodiment of the present invention.
2 is a diagram illustrating a preferred memory structure of an RFID tag for dynamic ID information allocation according to an embodiment of the present invention.
3 is a diagram illustrating an RFID terminal structure for allocating dynamic ID information to an RFID tag according to an exemplary embodiment of the present invention.
4 illustrates a preferred embodiment of a storage medium 1 according to an embodiment of the present invention.
5 shows a preferred embodiment of a storage medium 2 according to one embodiment of the invention.
6 shows a preferred embodiment of a storage medium 3 according to an embodiment of the invention.
FIG. 7 is a diagram illustrating a process of delivering a predetermined random number R and a key index to an RFID tag in an RFID terminal for delivering a security key according to an embodiment of the present invention.
FIG. 8 is a diagram illustrating a process of generating an authentication value M0 for a random number R from an RFID tag and transmitting the generated authentication value M0 to an RFID terminal according to an embodiment of the present invention.
9 is a diagram illustrating a process of confirming the transfer of a security key through an authentication value (M0) in an RFID terminal according to one embodiment of the present invention.
10A and 10B illustrate a process of encrypting dynamic ID information through a predetermined security key and transmitting the same to an RFID tag in an RFID terminal according to an exemplary embodiment of the present invention.
11A and 11B illustrate a process of recording dynamic ID information received from an RFID terminal in a memory in a RFID tag according to an embodiment of the present invention.
12 is a diagram illustrating a process of storing and managing dynamic ID information stored in an RFID tag according to an embodiment of the present invention.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear. In addition, terms to be described below are terms defined in consideration of functions in the present invention, which may vary according to a user's or operator's intention or custom. Therefore, the definition should be based on the contents throughout the present title.

It is to be understood that both the foregoing general description and the following detailed description of the present invention are exemplary and explanatory and are intended to provide further explanation of the invention as claimed. The configuration is omitted as much as possible, and a functional configuration that should be additionally provided for the present invention is mainly described. Those skilled in the art will readily understand the functions of components that have been used in the prior art among the functional configurations that are not shown in the following description, The relationship between the elements and the components added for the present invention will also be clearly understood.

In addition, the preferred embodiment of the present invention carried out below to the RFID (1) and / or storage medium (2) and / or storage medium (3) to effectively describe the technical components constituting the present invention the RFID Although described as being provided in the terminal, those skilled in the art to which the present invention pertains, the functional configuration and / or storage medium (1) and / or storage medium (2) and / / provided in the RFID terminal Alternatively, it will be apparent that the storage medium 3 may be separately provided in at least two or more devices (or servers) interworking through a predetermined network and / or communication means according to the intention of the person skilled in the art to carry out the present invention. .

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a view showing a preferred functional configuration of the RFID tag 100 for dynamic ID information allocation according to an embodiment of the present invention.

In general, the RFID tag 100 includes an MCU (MicroController Unit) block including a predetermined logic element (and / or arithmetic element) and a memory element, and an AFE (Analog Front End) block having a predetermined RF function. An IC chip including an RF chip-based RFID tag 100 and an IC chip and an antenna circuit in the form of a large scale integrated circuit (LSI) and / or a medium scale integrated circuit (MSI) and / or a small scale integrated circuit (SSI). A RFID tag 100 including the base RFID tag 100 and the like, and the functional configuration of the RFID tag 100 shown in FIG. 1 illustrates a preferred RFID structure including the RFID tag 100, and assigns the present dynamic ID information. It will be appreciated that the functional configuration of the tag 100 is not limited to the case of FIG.

Referring to FIG. 1 according to a preferred embodiment of the present invention, the RFID tag 100 which allocates dynamic ID information transmits and receives (or an energy source (power source)) a radio frequency signal of a predetermined frequency band with the RFID reader 400. The antenna unit 130 serving to receive the signal, a receiver 115 converting the radio frequency signal received from the antenna unit 130 into a digital signal, and providing the converted signal to the controller 105; and the controller 105 And a transmitter 120 for converting a digital signal provided from the receiver into a predetermined radio frequency signal, and controlling the overall function of the RFID tag 100, and reading and corresponding digital signals received through the receiver 115. The control unit 105 controls a unique function of the RFID tag 100 by generating a signal or extracting predetermined information from the memory unit 110, and includes a predetermined tag structure including a predefined memory structure. And a memory unit 110 having a storage area for storing the tag and / or the tag area transmitted / received from the RFID reader 400, and the passive RFID tag 100. The power supply unit 125 generates a predetermined power having a predetermined voltage value from the radio frequency signal received through the antenna unit 130, or, in the case of the active RFID tag 100, includes a power supply unit 125 that charges and stores the predetermined power.

The antenna unit 130 when the RFID tag 100 enters (or close to the radio frequency field) the radio frequency field of the predetermined RFID reader 400 provided in the RFID terminal 300. Receiving a signal including a predetermined activation signal and / or information (or data) through a radio frequency signal transmitted from the RFID reader 400 and providing (or applying) the signal to the receiver 115, or the wireless Characterized in that it transmits a signal containing a predetermined response signal and / or information (or data) to the RFID reader 400 via a frequency signal.

According to the exemplary embodiment of the present invention, when the RFID reader 400 is a passive type, the antenna unit 130 may include energy (eg, analog of radio frequency) included in a radio frequency signal transmitted from the RFID reader 400. Signal) to the power supply unit 125 to supply a predetermined energy source (or power source) required for the RFID tag 100 to operate.

In the case of the passive RFID tag 100, the power supply unit 125 corresponds to an energy field around the RFID reader 400 using an analog signal of a radio frequency provided (or applied) through the antenna unit 130. It generates a predetermined power to supply to the receiving unit 115, the transmitting unit 120 and the control unit 105 provided in the RFID tag 100, the power source 125 generates the power Magnetic coupling and magnetic coupling of the alternating current flowing through the coil of the RFID reader 400 and / or electrostatic coupling using electrostatic energy and / or inductive coupling using inductive energy. Generate power energy in at least one way.

The receiver 115 is a demodulator for converting a radio frequency signal provided (or applied) through the antenna unit 130 into a predetermined digital signal, and provided (or applied) through the antenna unit 130. Demodulating the radio frequency signal to generate a digital signal corresponding to the information or data transmitted from the RFID reader 400 to the RFID tag 100 to provide to the control unit 105.

According to an exemplary embodiment of the present invention, when a checksum is included in the information or data received from the RFID reader 400, the receiver 115 is configured to receive the received information or data through the checksum. It is possible to further comprise checking the data reception validity.

According to the present invention, the receiving unit 115 receives a predetermined random number R and a predetermined key index from a predetermined RFID terminal 300 for allocating dynamic ID information, and / or encrypts dynamic ID information and authentication. It is preferable to receive the value M1 '.

The transmitter 120 may generate a response signal of a digital signal received through the receiver 115 and / or a digital signal generated or extracted (eg, extracted from the memory unit 110) in the RFID tag 100. Modulator for converting into a predetermined radio frequency signal for transmission to the RFID reader 400 through the antenna unit 130, when a predetermined digital signal is received through the receiver 115 Generates a response signal to generate a radio frequency signal for transmitting to the RFID reader 400 through the antenna unit 130, or generated by the controller 105, or predetermined from the memory unit 110 It generates a radio frequency signal for transmitting the information or data of the RFID reader 400 through the antenna unit 130, the generated radio frequency signal is The antenna unit 130 is provided to the RFID reader 400.

According to the exemplary embodiment of the present invention, in order to secure the validity of the transmitted information or data, it is possible to add a predetermined checksum to the information or data transmitted to the RFID reader 400 and transmit it.

According to the present invention, the transmitter 120 transmits a predetermined authentication value M0 corresponding to the random number R received from the RFID terminal 300 to the RFID terminal 300, and / or the memory. It is preferable to transmit a predetermined authentication value M2 corresponding to the dynamic ID information recorded in the unit 110 to the RFID terminal 300.

The memory unit 110 may read the RFID reader 400 in response to information or data for reading a predetermined digital signal received from the RFID reader 400 through the receiver 115, and / or the received digital signal. Predetermined information or data to be provided), and / or predetermined information or data required to define the function and role of the RFID tag 100, and / or information or data stored in the memory unit 110 And a memory structure for storing at least one predetermined information or data for determining validity, wherein the predetermined dynamic ID information storage area 200 and the dynamic ID information are stored. And at least one security key set 205 (at least one security key and a key index) required in the ID information allocation process. And a gong.

According to the exemplary embodiment of the present invention, the memory unit 110 may further include predetermined security protocol information 220 corresponding to the security key set 205.

According to the exemplary embodiment of the present invention, the predetermined dynamic ID information storage area 200 in which the dynamic ID information is stored in the memory unit 110 may provide a nonvolatile memory characteristic that provides a read / write function. The remaining stored information may be stored in a read-only memory, and a preferred embodiment of the structure of the memory unit 110 will be described with reference to FIG. 2.

The control unit 105 includes a predetermined physical (hardware) and / or logical (software) control logic (Control Logic), based on the control logic, the receiving unit 115, the transmitting unit In conjunction with (or control) the 120 and the memory unit 110 to control the overall function (e.g., transponder function) of the RFID tag 100, and / or to realize the dynamic ID information allocation function according to the present invention It is characterized by controlling. For example, when the RFID tag 100 is an RF chip-based RFID tag 100 including a predetermined MCU block, the control unit 105 physically realizes a function to be performed in the RFID tag 100. And control logic including at least one logic element (and / or arithmetic element) for the purpose, and / or the IC chip based on which the RFID tag 100 includes a predetermined LSI / MSI / SSI. In the case of the RFID tag 100, the control unit 105 includes control logic including a processor that logically executes a program to be executed in the RFID tag 100 and a processor including an execution memory. Preferably, it is possible to physically configure the control logic in the IC chip-based RFID tag 100 according to the intention of those skilled in the art.

According to an embodiment of the present invention, the control unit 105 for dynamic ID information allocation may include at least one logic element (and / or arithmetic element) according to the intention of a person skilled in the art and / or technical characteristics of the RFID tag 100. It can be both physically made and / or logically made by a predetermined program that is driven in the RFID tag 100, it is easily described to those skilled in the art to which the present invention belongs. For convenience, in FIG. 1, a functional configuration for dynamic ID information allocation is shown in the controller 105 for convenience. However, the functional configuration of the RFID tag 100 is not limited to the case of FIG.

According to an exemplary embodiment of the present invention, the control unit 105 basically reads a digital signal received in response to a request of the RFID reader 400 through the receiving unit 115 to realize a transponder function. Perform a control function corresponding to a digital signal, and / or read a predetermined response signal corresponding to the received digital signal, or predetermined information or data corresponding to the received digital signal from the memory unit 110 Extract and control the generation of a predetermined digital signal to be transmitted to the RFID reader 400 through the transmitter 120.

Referring to FIG. 1, when the RFID tag 100 receives a predetermined random number R and a predetermined key index from a predetermined RFID terminal 300 for dynamic ID information allocation, the RFID tag 100 is stored in the memory unit 110. A data generation unit 135 for retrieving a key index that matches the received key index among one or more key indices, and generating a predetermined authentication value M0 corresponding to the received random number R when the key index is found. ) And verifying the authentication value (M0) in the RFID terminal to authenticate validity of the security key corresponding to the key index, and transmit predetermined encrypted ID information and authentication value (M1 ') according to the authentication result. When the reception unit 115 receives this, the received encrypted ID information is decrypted, a predetermined authentication value M1 corresponding to the ID information is generated, and the received authentication value M1 ′ is generated. Compare the generated authentication value (M1) An authentication unit 140 for authenticating the validity of the ID information, and a recording unit 145 for recording the decrypted ID information in the ID information storage area of the memory unit 110 when the validity of the authentication result is authenticated. Characterized in that made.

When the data generator 135 receives a predetermined random number R and a predetermined key index from the RFID terminal 300 through the receiver 115, the data generating unit 135 communicates with the RFID tag 100 through the random number R. Search for a key index that matches the received key index among at least one or more key indexes stored in the memory unit 110 for key distribution and / or key exchange and / or key transfer between the RFID terminals 300, and When a key index is found, a predetermined authentication value M0 corresponding to the received random number R is generated. The generated authentication value M0 is generated through the transmitter 120 through the RFID terminal. 300).

According to a preferred embodiment of the present invention, the random number (R) is preferably received in the unencrypted state in the RFID terminal 300, or according to another embodiment of the received in the RFID terminal 300 It may be received encrypted with a predetermined security key corresponding to the key index.

When the random number R is received in the unencrypted state in the RFID terminal 300 according to the preferred embodiment, the data generator 135 of the RFID tag 100 does not encrypt the random number R. It is preferable to generate a predetermined authentication value M0 in a non-existent state, or after encrypting the random number R with a predetermined security key corresponding to the received key index, a predetermined value from the encrypted random number ER is obtained. It is possible to generate the authentication value M0.

According to another exemplary embodiment, when the random number R is encrypted and received by the RFID terminal 300, the data generator 135 of the RFID tag 100 does not decrypt the encrypted random number ER. It is possible to generate a predetermined authentication value (M0) in the state, or it is possible to generate an authentication value (M0) from the decrypted random number (R) after decrypting the encrypted random number (ER).

However, when the data generation unit 135 of the RFID tag 100 generates a predetermined authentication value M0 without encrypting the random number R, the RFID terminal 300 also generates the random number R. ) Generates a predetermined authentication value (M0) without encryption, and when the data generation unit 135 generates the predetermined authentication value (M0) with the random number (R) encrypted, the RFID The terminal 300 also generates a predetermined authentication value M0 in a state in which the random number R is encrypted.

According to an embodiment of the present invention, the authentication value (M0) is a data block generated by reading the upper N (1 <N <ID information length) bytes of the unencrypted random number R, or the unencrypted random number A data block generated by reading the lower N (1 <N <ID information length) bytes of (R), or N (1 after an offset of the M (1 <M <ID information length) bytes of the unencrypted random number R. A data block generated by reading <N <(ID information length-M) bytes, or a data block generated by applying a predetermined one-way hash function to the unencrypted random number R, or the encrypted random number R A data block generated by reading the upper N (1 <N <ID information length) bytes of the block), or a data block generated by reading the lower N (1 <N <ID information length) bytes of the encrypted random number R Or N (1 <N <(ID definition) after M (1 <M <ID information length) byte offset of the encrypted random number R To length comprising -M)) of data blocks generated by the read byte, or at least one data block that is generated by applying a predetermined one-way hash function to the encrypted random number (R) are preferred.

In addition, when the ID information is normally recorded in the dynamic ID information storage area 200, the data generator 135 indicates to the RFID terminal 300 that the ID information has been normally assigned to the RFID tag 100. In order to announce, it is characterized in that for generating a predetermined authentication value (M2) from the ID information recorded in the dynamic ID information storage area 200.

According to a preferred embodiment of the present invention, the data generation unit 135 preferably generates a predetermined authentication value M2 from the ID information stored in the dynamic ID information storage area 200. In addition, the predetermined authentication value M2 may be generated from the encrypted ID information EID (or the authentication value M1 'received from the RFID terminal 300 may be replaced with the authentication value M2).

According to the exemplary embodiment of the present invention, the authentication value M2 is a data block generated by reading the upper N (1 <N <dynamic tag information length) bytes of the ID information recorded in the RFID tag 100, or the RFID. Data block generated by reading the lower N (1 <N <dynamic tag information length) bytes of the ID information recorded in the tag 100, or M (1 <M <) of the ID information recorded in the RFID tag 100. Dynamic tag information length) A one-way hash function in a data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes after byte offset, or ID information recorded in the RFID tag 100. A data block generated by applying a data block, or a data block generated by reading an upper N (1 <N <dynamic tag information length) byte of the encrypted ID information, or a lower N (1 <N <<) of the encrypted ID information. Dynamic tag information length) data block generated by reading a byte, or the encryption A data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes after M (1 <M <dynamic tag information length) byte offset of ID information, or predetermined to the encrypted ID information. It is preferable to include at least one data block generated by applying the one-way hash function.

The transmitter 120 transmits the authentication value M2 generated by the data generator 135 to the RFID terminal 300 through an air interface between the RFID tag 100 and the RFID reader 400. The RFID terminal 300 authenticates the validity of the allocation of the dynamic ID information by generating and comparing a predetermined authentication value M2 'corresponding to the authentication value M2 with the authentication value M2. The dynamic ID information allocated to the RFID tag 100 is stored in a predetermined storage medium and managed.

After authenticating the validity of the authentication value (M0) in the RFID terminal 300, and encrypted dynamic ID information (EID) for storing in the dynamic ID information storage area 200 through the receiving unit 115 and When a predetermined authentication value M1 ′ corresponding to the dynamic ID information is received, the authentication unit 140 decrypts the encrypted and received ID information EID, and the predetermined authentication is performed from the decrypted ID information. After generating the value (M1), by comparing the generated authentication value (M1) and the received authentication value (M1 '), it characterized in that to validate the validity of the received ID information.

In addition, when the received authentication value M1 ′ is generated from the ID information encrypted by the RFID terminal 300, the authentication unit 140 generates a predetermined authentication value from the encrypted and received ID information EID. After generating (M1), by comparing the generated authentication value (M1) and the received authentication value (M1 '), it characterized in that to validate the validity of the received ID information.

According to an embodiment of the present invention, the authentication value M1 'and / or authentication value M1 is a data block generated by reading the upper N (1 <N <dynamic tag information length) bytes of the encrypted ID information. , or

A data block generated by reading the lower N (1 <N <dynamic tag information length) bytes of the encrypted ID information, or N after the M (1 <M <dynamic tag information length) byte offset of the encrypted ID information. A data block generated by reading 1 <N <(dynamic tag information length-M) bytes, or a data block generated by applying a predetermined one-way hash function to the encrypted ID information, or a higher level of the decrypted ID information A data block generated by reading N (1 <N <dynamic tag information length) bytes, or a data block generated by reading a lower N (1 <N <dynamic tag information length) bytes of the decoded ID information, or A data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes after M (1 <M <dynamic tag information length) byte offset of the decoded ID information, or on the decoded ID information. Created by applying a predetermined one-way hash function It comprises a data block for at least one are preferred.

The recording unit 145 records the ID information validated by the authentication unit 140 in the dynamic ID information storage area 200 on the memory unit 110, wherein the encrypted ID information ( When the EID is decrypted, it is preferable to record the ID information as it is in the dynamic ID information storage area 200 on the memory unit 110, or when the ID information is not decrypted, the encrypted ID information (EID). It is preferable to decode and record the information in the dynamic ID information storage area 200 on the memory unit 110.

2 illustrates a preferred memory structure of the RFID tag 100 for dynamic ID information allocation according to an embodiment of the present invention.

In more detail, FIG. 2 illustrates a security key set 205 for storing a predetermined fixed ID information storage area 210, a dynamic ID information storage area 200, at least one security key and a key index in association with each other, and the RFID terminal. A memory structure having key set identification information 215 and predetermined security protocol information 220 for identifying the security key set 205 at 300, which is commonly known in the art. Those skilled in the art will clearly understand that the memory structure shown in FIG. 2 may consist of one memory capable of reading / writing, or both including a read-only memory and one or more read / write memories.

The fixed ID information storage area 210 is unique ID information allocated to the RFID tag 100 in the process of manufacturing the RFID tag 100 or attaching the RFID tag 100 to a predetermined product. Or at least one ID information standard (e.g., the UPC (Electronic Product Code) standard of the U.S. EPC Global, the UID (ubiquitous ID) standard of the Ubiquitous ID Center of Japan, or a predetermined ID information standard designed by a person skilled in the art (e.g., , Structure and length of ID information), and the fixed ID information storage area 210 may be provided in a read-only memory or may be omitted according to the intention of a person skilled in the art.

According to the exemplary embodiment of the present invention, when the fixed ID information storage area 210 is provided in the RFID tag 100, those skilled in the art use the fixed ID information using the RFID terminal 300 corresponding to the fixed ID information. Provide a dual ID information service which simultaneously provides a service and a dynamic ID information service using the RFID terminal 300 corresponding to the dynamic ID information, and / or predetermined dynamic ID information in the dynamic ID information storage area 200. Is assigned to deactivate the fixed ID information, and if the predetermined dynamic ID information is not allocated or deleted in the dynamic ID information storage area 200, the selective ID information service for activating the fixed ID information is provided. It is possible.

The dynamic ID information storage area 200 is a storage area for storing ID information dynamically allocated by a predetermined RFID terminal 300 after the RFID tag 100 is manufactured and / or attached to a predetermined product. At least one ID information standard (e.g., the structure and length of the ID information), such as a predetermined ID information standard designed by a person skilled in the art, ISO / IEC 15963 standard, US EPC Global EPC standard, or Japanese Ubiquitous ID Center uID standard. ), And is provided in a memory which can be written at least once.

The security key set 205 stores at least one security key and a key index in a one-to-one manner, and when a predetermined security key is selected from the RFID tag 100, the security key set 205 corresponds to the security key. Preferably, a predetermined key index is also automatically selected, and / or when a predetermined key index is selected in the RFID tag 100, it is preferable that a predetermined security key corresponding to the key index is also automatically selected.

According to the embodiment of the present invention, the security key set 205 provided in the RFID tag 100 is matched one-to-one with the security key set 205 provided in the RFID terminal 300 or at least the RFID. It is preferable to correspond to a subset of the security key set 205 provided on the terminal 300 side.

According to the exemplary embodiment of the present invention, when the security key set 205 included in the RFID tag 100 is a subset of the security key set 205 provided on the RFID terminal 300 side, the RFID terminal Before transmitting the predetermined key index to the RFID tag 100, the 300 must know what kind of security key set 205 is provided in the RFID tag 100. ), The predetermined key set identification information 215 is preferably provided.

The key set identification information 215 is the RFID terminal when the security key set 205 provided on the RFID tag 100 is a subset of the security key set 205 provided on the RFID terminal 300 side. Before the 300 performs a predetermined key distribution and / or key exchange and / or key transfer process with the RFID tag 100, it is provided to the RFID terminal 300, and the RFID terminal 300 ) Is to determine what kind of security key set 205 is provided in the RFID tag 100 based on the key set identification information 215, which is provided in the RFID tag 100 The security key set 205 may be omitted when one-to-one matching with the security key set 205 provided on the RFID terminal 300 side.

According to another exemplary embodiment of the present invention, the fixed ID information may perform the function of the key set identification information 215. For example, the fixed ID information is GID-96 (General Identifier-96) of the EPC code, and a predetermined security key set 205 is applied to the RFID tag 100 corresponding to the company code and / or product code of the GID-96. ), The RFID terminal 300 receives the GID-96-based fixed ID information from the RFID tag 100 and checks the 28-bit company code and / or 24-bit product code in the ID information. Through this, it can be checked what kind of security key set 205 is provided in the RFID tag 100.

The security protocol information 220 includes predetermined encryption logic and parameters for encrypting the random number R generated by the RFID tag 100 through a predetermined security key included in the security key set 205, and And / or predetermined decryption logic and parameters for decrypting the encrypted ID information (EID) encrypted by the RFID terminal 300 and received by the RFID tag 100. As such, when the authentication unit 140 includes the encryption logic and parameters, the authentication unit 140 may not be stored in the memory unit 110.

3 is a diagram illustrating a structure of an RFID terminal 300 for allocating dynamic ID information to an RFID tag 100 according to an exemplary embodiment of the present invention.

In more detail, FIG. 3 illustrates a preferred structure for an RFID terminal 300 that forms an air interface with the RFID tag 100 through a predetermined RFID reader 400. The present invention is generally known in the art. If a person has a computer, a wired terminal (eg, a desktop computer, a laptop, etc.) and / or a wireless terminal (eg, a personal communication system (PCS) and / or a global system for GSM) will be described with reference to FIG. 3. Mobile communications) terminals and / or Personal Digital Cellular (PDC) and / or Personal Handyphone System (PHS) terminals and / or Personal Digital Assistants (PDAs) and / or smart phones And / or the RFID terminal 300 having a predetermined RFID reader 400 in telematics and / or a portable internet terminal) can be easily inferred. A.

Referring to FIG. 3, the RFID terminal 300 basically includes a control unit 305, a screen output unit 310, a key input unit 315, a communication unit 320, a memory unit 325, and the RFID tag 100. It comprises an RFID reader 400 for connecting a predetermined air interface, and may further comprise at least one or more functional components according to the type and / or technical characteristics of the RFID terminal 300, this figure 3 In the following description, since it may obscure the gist of the present invention, it is omitted for convenience.

The control unit 305 includes a processor and an execution memory that includes a CPU / MPU in hardware, and predetermined program routines and / or programs for providing functions specific to the RFID terminal 300 from the predetermined memory. And a predetermined electronic circuit (or integrated circuit) for inputting and outputting data, and are loaded into the execution memory from a predetermined memory device and / or chipset by software. A general term of program routines and / or program data that are arithmetic through the processor to perform a function of the program data (hence, in the present invention, a predetermined program routine that is recorded on a recording medium of the RFID terminal 300 for dynamic ID information allocation) For the sake of convenience, the control unit 305 is illustrated and illustrated as being provided in the control unit 305. As a result, various functions to be implemented in the RFID terminal 300 are realized, and in order to realize the above functions, the overall operation of the RFID terminal 300 is controlled and managed.

The screen output unit 310 is a liquid crystal display (LCD) driver for screen output, and is a key input unit 315 by the control unit 305 (for example, a program routine for outputting predetermined information or data to the LCD). Key data generated through the &lt; RTI ID = 0.0 &gt;), various information, signals, and / or content (e. G., Text content, image content, and / or &lt; / RTI &gt; Or outputting a multimedia content) to a predetermined screen output device (eg, an LCD panel).

The key input unit 315 may be provided with at least one key button including a predetermined number key and / or a character key and / or a function key. Detects information (or signals) input from a keypad or a keyboard and is provided on the keypad in a specific input mode and / or operation mode of the RFID terminal 300 controlled by the controller 305. When predetermined information (or signal) is inputted from the predetermined predetermined key button, a key event corresponding to the input information (or signal) is generated, and the generated key event is provided to the controller 305. The controller 305 reads predetermined key data corresponding to the key event in the current input mode and / or operation mode of the RFID terminal 300 (for example, each of the RFID terminal 300 input modes and And / or actions Reading key data from the key table from a key table that stores (manages) at least one key data corresponding to a specific key event in a mode), and / or executes a predetermined function defined in accordance with the key event. It is characterized by reading the.

The communication unit 320 may be a wired network including a transmission control protocol (TCP) / IP (Internet Protocol) based network and / or a wired communication network based on No. 7, and / or a mobile communication network based on a CDMA stack and / or A predetermined communication channel for RFID-based information processing is connected to the RFID terminal 300 and a server (or device) on the network through a predetermined wireless network including a portable Internet network.

According to an exemplary embodiment of the present invention, the communication unit 320 may be configured with an object name server (ONS) (not shown) and / or an object information server (OIS) (not shown) and / or PML on the network with the RFID terminal 300. (Physical Markup Language) It is preferable to connect a communication channel between a server (not shown) and / or a predetermined server (not shown) providing a dynamic ID information service in conjunction with the RFID terminal (300).

The memory unit 325 is used when an operation by a predetermined program routine (or code) and / or program data (eg, a program routine (or code)) for controlling the overall operation of the RFID terminal 300 is performed. 메모리 A generic term for memory devices that store information and / or data, including read only memory (ROM), read / write flash memory (FM), and electrically erasable and programmable read (EPPROM). Only Memory), Hard Disk, and the like. In general, the ROM stores system information that should not be deleted, and the flash memory includes an operating system routine, a call processing program routine, and / or an application program routine provided through the RFID terminal 300 and information or data therefor. The EEPROM and / or the hard disk store at least one information and / or data, etc., which are extracted and / or generated during the execution of the terminal registration related parameter or the application provided in the RFID terminal 300.

According to an exemplary embodiment of the present invention, the memory unit 325 may dynamically store at least one storage medium (1) 325a in association with at least one security key and a key index, and / or the RFID tag 100. A storage medium (2) 325b for storing at least one dynamic ID information to be allocated, and / or a storage medium (3) 325c for storing at least one dynamic ID information dynamically assigned to the RFID tag 100. It is preferred that the storage medium (1) (325a) and / or storage medium (2) (325b) and / or storage medium in accordance with the intention of those skilled in the art and / or storage capacity of the memory unit 325 (3) 325c may be provided in a server (for example, an ONS / OIS / PML server, a dynamic ID information management server (not shown) implemented by those skilled in the art) and / or a DBMS (Database Management System) on the network.

The RFID reader 400 emits and / or accepts radio waves of a specific frequency to the RFID tag 100 in association with the electronic circuit and an electronic circuit that emits or receives a predetermined radio wave toward the RFID tag 100. In general, the antenna and a microcontroller 410 for extracting and checking a predetermined data by reading the signal (Signal) received from the RFID tag 100, the RFID tag 100 A functional configuration for storing the data according to a functional configuration and / or an application field of an RFID system (eg, logistics / distribution field, manufacturing industry, medical / animal management field, etc.), or a predetermined information processing terminal. (Or a server) may be made to include a functional configuration for transmitting further.

Referring to FIG. 3, the RFID reader 400 includes an oscillator 405 and an antenna for radio frequency signals to be emitted (transmitted) through the antenna unit 440 (shown as an external type for convenience in FIG. 3). A microcontroller 410 for controlling the radio frequency signal transmission through the unit 440, a power amplification unit 430 for amplifying power to emit (transmit) the radio frequency signal through the antenna unit 440; And a peak detector 435 that detects a peak from a radio frequency signal received from the RFID tag 100 through the antenna unit 440, and also shaping the detected peak. And a shaping section 425 and / or an amplifying section 420 for amplifying the peaks and / or a filter section 415 for filtering the peaks. In particular, the microcontroller 410 preferably further includes a function of reading and reading (decoding) predetermined data from the peak (for example, a stylized and / or amplified and / or filtered peak). Is stored in the RFID reader 400 or provided to a predetermined information processing terminal (or server) that performs information processing on the data.

According to a preferred embodiment of the present invention, the radio frequency signal transmission and reception between the RFID reader 400 and the RFID tag 100 is performed by amplitude shift keying (ASK), frequency shift keying (FSK), and phase modulation (FSK). Preferably, the present invention is implemented through at least one modulation scheme including Phase Shift Keying (PSK), and the technical spirit of the present invention is not limited by the radio frequency signal transmission / reception scheme between the RFID reader 400 and the RFID tag 100. .

Referring to FIG. 3, the RFID terminal 300 selects a random key generation unit 330 for generating a predetermined random number R, a predetermined key index from the storage medium, and associates with the random number R. When the transmission unit 345 for transmitting to the RFID tag 100 and the authentication value M0 corresponding to the random number R are generated and transmitted by the RFID tag 100 using a predetermined security key corresponding to the key index. And, the receiving unit 335 for receiving it, and generates an authentication value (M0) corresponding to the random number (R) and compare with the received authentication value (M0) to authenticate the validity of the security key corresponding to the key index When the authentication unit 350 and the validity of the security key corresponding to the key index are authenticated, the extraction unit extracts (or generates) predetermined ID information to be assigned to the RFID tag 100 from a predetermined storage medium. The generation unit 360 generates a predetermined authentication value M1 ′ corresponding to the ID information. And an encryption unit 340 for encrypting the ID information, wherein the transmitter 120 transmits the encrypted ID information and the authentication value M1 'to the RFID tag 100. Characterized in that, preferably further comprises a storage unit 355 for storing the dynamic ID information provided to the RFID tag 100 in a predetermined storage medium (3) (325c).

The random number generator 330 is assigned a predetermined slot in a predetermined RFID tag 100 that receives a predetermined broadcast signal transmitted from the RFID terminal 300, and then receives an active signal corresponding thereto. And / or predetermined key set identification 215 (or fixed ID information corresponding to key set identification 215) is received from the RFID tag 100 to which the slot is assigned, and / or the RFID tag 100 After the operation mode is changed to the dynamic ID information allocation mode, a predetermined random number R for key exchange and / or key transfer and / or key distribution between the RFID terminal 300 and the RFID tag 100 is generated. Characterized in that, the random number (R) preferably comprises a predefined fixed length. Those skilled in the art to which the present invention pertains will clearly understand the random number generation algorithm, so a detailed description thereof will be omitted.

When a predetermined random number R is generated by the random number generator 330, the transmitter 345 exchanges a key and / or transfers a key between the RFID terminal 300 and the RFID tag 100 from the storage medium. And / or selects a predetermined key index corresponding to a security key for key distribution, and transmits the key index to the RFID tag 100 in association with the key index.

According to another exemplary embodiment of the present invention, when the transmitting unit 345 transmits the random number R and the key index to the RFID tag 100, the encryption unit 340 transmits the random number R to the RFID tag 100. The method may further include encrypting with a predetermined security key corresponding to a key index, and when the random number R is encrypted with the security key, the RFID tag 100 performs a predetermined authentication from the encrypted random number ER. It is possible to generate a value M0 or to generate a predetermined authentication value M0 after decrypting the encrypted random number ER.

According to the method of the present invention, the transmitter 345 adds a predetermined checksum to the information or data transmitted to the RFID tag 100 to secure validity of the random number R and the key index to be transmitted. It is possible to transmit.

The receiving unit 335 receives a predetermined authentication value M0 generated corresponding to a predetermined random number R from the RFID tag 100 through the RFID reader 400. When the authentication value M0 received from the 100 includes a predetermined checksum, the receiver 335 further confirms validity of data reception for the received authentication value M0 through the checksum. It is preferable to comprise.

In addition, after the predetermined ID information is recorded in the dynamic ID information storage area 200 of the memory unit 110 included in the RFID tag 100, the receiving unit 335 receives a predetermined ID from the RFID tag 100. Characterized in that it receives the authentication value (M2), and if the received authentication value (M2) includes a predetermined checksum, to check the validity of data reception for the received authentication value (M2) through the checksum It is preferable that it further comprises.

The authentication unit 350 receives a predetermined value from the random number R generated by the random number generation unit 330 when the authentication value M0 is received from the RFID tag 100 through the reception unit 335. By generating an authentication value (M0), and comparing the authentication value (M0) and the authentication value (M0), it is characterized in that the validity of the security key corresponding to the key index is authenticated.

According to an exemplary embodiment of the present invention, when the authentication value M0 is generated from the encrypted random number ER, the encryption unit 340 encrypts the random number R (or the encrypted random number ER). The authentication unit 350 generates a predetermined authentication value M0 from the encrypted random number ER and compares the authentication value M0 with the authentication value M0. Preferably, the validity of the security key corresponding to the key index is authenticated.

When the validity of the security key corresponding to the key index is authenticated by the authentication unit 350, the extractor 360 generates the RFID tag 100 from a predetermined storage medium (2) 325b. Extracting predetermined dynamic ID information to be assigned to the C) and / or generating predetermined dynamic ID information.

According to a preferred embodiment of the present invention, the dynamic ID information is preferably allocated so as not to overlap each RFID tag 100. For this purpose, the extraction (generation) unit 360 stores the dynamic ID information. When extracting from the medium (2) 325b, the ID information for dynamic allocation stored in the storage medium (2) 325b is extracted (created) by the ID information previously assigned to a predetermined RFID tag 100. It is preferable to manage so as not to be duplicated by the part 360. In addition, when the extraction (generation) unit 360 generates the dynamic ID information, the extraction (generation) unit 360 has a predetermined unique code (for example, a serial number of the RFID terminal 300) that is not duplicated. It is preferable that the ID information is generated based on the time information generated to generate the dynamic ID information conforming to a predetermined ID information standard so as not to be duplicated. Of course, the dynamic ID information may be duplicated according to the intention and / or implementation method of those skilled in the art.

The encryption unit 340 encrypts the dynamic ID information extracted and / or generated by the extraction (generation) unit 360, and generates a predetermined authentication value M1 'corresponding to the ID information. It is done.

According to an embodiment of the present invention, the encryption unit 340 encrypts the extracted and / or generated dynamic ID information through a predetermined security key corresponding to the key index received from the RFID tag 100. Preferably, the RFID tag 100 decrypts the ID information (EID) received as encrypted in the RFID terminal 300 through a security key corresponding to the key index.

According to another exemplary embodiment of the present invention, the encryption unit 340 encrypts the extracted and / or generated dynamic ID information through a predetermined secret key (not shown) promised with the RFID tag 100. The RFID tag 100 decrypts ID information (EID) received as encrypted in the RFID terminal 300 through a predetermined secret key (not shown) promised with the RFID terminal 300. It is possible to.

According to another exemplary embodiment of the present invention, the encryption unit 340 may store the extracted and / or generated dynamic ID information in addition to the security key corresponding to the key index, and predetermined security promised with the RFID tag 100. It is possible to encrypt through a key, the RFID tag 100 is encrypted as described above in the RFID terminal 300 by using the ID information (EID) received with the RFID terminal 300 the security key previously promised It is possible to decrypt through. For example, the key index received from the RFID tag 100 is a key index 3, and the dynamic ID information is a key index before or after the key index (e.g., key index 2 or key index 4). If the encryption unit 340 is promised to encrypt the data, the encryption unit 340 may use a key index (eg, a key index 2 or a key index 4) other than the key index received from the RFID tag 100 based on the appointment. Encrypt with a security key corresponding to.

According to an exemplary embodiment of the present invention, the encryption unit 340 generates a predetermined authentication value M1 'from the dynamic ID information extracted and / or generated by the extraction (generation) unit 360, or It is preferable to generate a predetermined authentication value M1 ′ from the dynamic ID information EID encrypted by the encryption unit 340. However, when a predetermined authentication value M1 ′ is generated from the dynamic ID information in the encryption unit 340, the RFID tag 100 is encrypted by the RFID terminal 300 and received dynamic ID information (EID). ) And generates an authentication value (M1) for comparison with the authentication value (M1 '), and a predetermined authentication value (M1) is obtained from the encrypted dynamic ID information (EID) by the encryption unit (340). When generated, the RFID tag 100 generates an authentication value M1 for comparing with the authentication value M1 'from the dynamic ID information EID encrypted and received by the RFID terminal 300.

The transmitter 345 transmits the encrypted ID information EID and the authentication value M1 ′ to the RFID tag 100 through the RFID reader 400. 100 receives the encrypted ID information EID and the authentication value M1 ', checks the validity of the encrypted ID information EID through the authentication value M1', and confirms the validity. The stored dynamic ID information in the dynamic ID information storage area 200 of the memory unit 110.

According to an exemplary embodiment of the present invention, the transmitter 345 may transmit information or data transmitted to the RFID tag 100 to secure validity of the transmitted encrypted ID information EID and the authentication value M1 ′. It is possible to transmit by adding a predetermined checksum.

After the dynamic ID information is stored in the dynamic ID information storage area 200 of the memory unit 110 as described above, the RFID tag 100 performs predetermined authentication corresponding to the dynamic ID information stored in the memory unit 110. A value M2 is generated and transmitted. When the received authentication value M2 is generated and received from ID information stored in the dynamic ID information storage area 200, the authentication unit 350 extracts (creates) the M2 value. By generating a predetermined authentication value (M2 ') from the ID information extracted and / or generated by the unit 360, and comparing the received authentication value (M2) and the generated authentication value (M2'), Preferably, the validity of the dynamic ID information allocated to the RFID tag 100 is authenticated, or the received authentication value M2 is encrypted (or not decrypted) ID information (or not decrypted) in the RFID tag 100. When generated and received from the EID, the authentication unit 350 is encrypted by the encryption unit 340 Dynamic ID information assigned to the RFID tag 100 by generating a predetermined authentication value M2 'from the received ID information and comparing the received authentication value M2 with the generated authentication value M2'. It is desirable to authenticate the validity of the.

When the validity of the authentication value M2 received from the RFID tag 100 is authenticated through the authentication unit 350, the storage unit 355 stores the dynamic ID information provided to the RFID tag 100. It is characterized in that the storage in the predetermined storage medium (3) (325c).

According to one embodiment of the invention, when the allocation and operation of the dynamic ID information is made only in a fixed area (or space), the storage medium (3) (325c) is the memory unit 110 in the RFID terminal 300 ) And / or a predetermined PML server and / or a local management server (not shown). When the allocation and operation of the dynamic ID information is performed while moving an area (or space), The storage medium (3) 325c is preferably provided in an ONS / OIS / PML server on the network and / or a predetermined dynamic ID information management server (not shown) that cooperates with the RFID terminal 300.

4 shows a preferred embodiment of a storage medium (1) 325a according to one embodiment of the invention.

4 illustrates a plurality of key indexes and security keys corresponding to an encrypted set of the memory unit 110 included in the RFID tag 100 according to a predetermined key transfer procedure and / or key distribution procedure and / or key exchange procedure. And a security key set 205 stored in the storage medium (1) 325a matches one-to-one with the security key set 205 provided in the RFID tag 100. And / or a collection of security key sets 205 provided in the RFID tag 100, whereby a predetermined key index is received from the RFID tag 100. The terminal 300 may extract a predetermined security key matching the received key index from the storage medium (1) 325a. For example, when two different RFID tags 100 are provided with different security key sets 205, the storage medium (1) 325a is a security key set 205 provided on the RFID tag 100. It is made including all.

Figure 5 illustrates a preferred embodiment of a storage medium (2) 325b according to one embodiment of the present invention.

In more detail, FIG. 5 illustrates a storage medium storing ID information for granting the dynamic ID information not to be duplicated in the dynamic ID information storage area 200 of the memory unit 110 included in the RFID tag 100. 2) shows a preferred structure for 325b.

Referring to Figure 5, the storage medium (2) (325b) is a predetermined dynamic ID information to be given to a predetermined RFID tag 100 and whether the dynamic ID information is used (for example, predetermined RFID tag 100 Is stored in the dynamic ID information storage area 200 of the provided memory unit 110, or is not in use (for example, the dynamic ID information storage area of the memory unit 110 provided in the predetermined RFID tag 100 ( 200) or a " used / unused " flag for checking whether the information is stored in the dynamic ID information storage area 200). As a result, the extraction (generation) unit 360 provided in the RFID terminal 300 may give the RFID tag 100 such that the dynamic ID information does not overlap.

Figure 6 shows a preferred embodiment of a storage medium (3) 325c according to one embodiment of the invention.

In more detail, FIG. 6 illustrates a preferred structure of a storage medium (3) 325c for storing dynamic ID information stored in the dynamic ID information storage area 200 of the memory unit 110 included in the RFID tag 100. It is shown.

Referring to FIG. 6, the storage medium (3) 325c includes dynamic ID information stored in the dynamic ID information storage area 200 of the memory unit 110 included in a predetermined RFID tag 100. According to an embodiment, the dynamic ID information allocation date and time information including the date and time the dynamic ID information is recorded in the dynamic ID information storage area 200, and the dynamic ID information in the RFID tag 100 Preferably, the terminal further includes identification information of the RFID terminal 300 including the RFID terminal number recorded therein, and object information location information including a URL for storing predetermined object information corresponding to the dynamic ID information. If predetermined fixed ID information is stored in the RFID tag 100 in which the dynamic ID information is stored, the storage medium 3 and 325c may further store the fixed ID information.

FIG. 7 is a diagram illustrating a process of delivering a predetermined random number R and a key index to an RFID tag 100 in an RFID terminal for delivering a security key according to an exemplary embodiment of the present invention.

In more detail, FIG. 7 illustrates a predetermined random number R generated by the RFID terminal 300 and a predetermined security key among at least one security key set 205 stored in the storage medium (1) 325a. Extracting a corresponding key index and transmitting the random number R and a key index to the RFID tag 100 to transfer a predetermined security key necessary for the dynamic ID information allocation to the RFID tag 100 It is about.

Referring to FIG. 7, after a predetermined slot is allocated to a predetermined RFID tag 100 receiving a predetermined broadcast signal transmitted from the RFID terminal 300, the corresponding slot is activated from the RFID tag 100. A signal is received and / or predetermined key set identification 215 (or fixed ID information corresponding to key set identification 215) is received from the RFID tag 100 to which the slot is assigned, and / Alternatively, when the operation mode of the RFID tag 100 is switched to the dynamic ID information allocation mode, the random number generation unit 330 of the RFID terminal 300 authenticates the validity of the dynamic ID information allocation process according to a predetermined random number generation algorithm. Generating a predetermined random number (R) for the predetermined security key delivery for the 700, the random number (R) preferably comprises a fixed length.

According to an exemplary embodiment of the present invention, the random number generator 330 may include a predefined fixed length generation algorithm, or generate a random number having a predetermined length to generate a fixed random number, and generate a random number. It is desirable to include a function of processing a fixed length by applying a predetermined hash function.

When a predetermined random number R is generated as described above, the transmitting unit 120 of the RFID tag 100 corresponds to a predetermined security key to be transmitted from the storage medium (1) 325a to the RFID tag 100. Extracting the key index (705), the random number (R) generated by the random number generator 330 and the key index extracted from the storage medium (1) (325a) the RFID tag 100 and RFID reader ( Transmit via an air interface between 400 (710).

According to another exemplary embodiment of the present invention, in transmitting the random number R and the key index to the RFID tag 100 in the RFID terminal 300, the predetermined number corresponding to the key index is determined. You can encrypt with the security key.

FIG. 8 is a diagram illustrating a process of generating an authentication value M0 for a random number R in an RFID tag 100 and transmitting the generated authentication value M0 to an RFID terminal 300 according to an embodiment of the present invention. .

In more detail, FIG. 8 illustrates a security key set 205 having a predetermined security key corresponding to the key index received from the RFID tag 100 through the same process as that of FIG. 7. Is included in the security key set 205, the predetermined authentication value M0 corresponding to the received random number R to inform the RFID terminal 300 of the security key transmission. ) Is generated and transmitted to the RFID terminal 300.

When a predetermined random number R and a key index are received from the RFID terminal 300 to the receiver 115 of the RFID tag 100 (800), the receiver 115 returns the random number R and the key index. The authentication unit 140 (or the data generating unit 135) is provided to the display unit 805, and the authentication unit 140 (or the data generating unit 135) is provided in the memory unit 110 of the RFID tag 100. Search for a predetermined key index from the security key set 205 that matches the received key index (810) and compare the retrieved key index with the received key index (815) for the key index Authenticate validity

If the key indexes match (820), the data generator 135 generates a predetermined authentication value (M0) corresponding to the received random number (R) (825), and the transmitter (120) The generated authentication value M0 is transmitted through the air interface between the RFID tag 100 and the RFID reader 400 (830).

9 is a diagram illustrating a process of confirming the transfer of the security key through the authentication value (M0) in the RFID terminal 300 according to an embodiment of the present invention.

In more detail, FIG. 9 illustrates a predetermined authentication value corresponding to the authentication value M0 received from the RFID tag 100 to the RFID terminal 300 through the same process as in FIG. 8 in the RFID terminal 300. Generate M0 and compare the authentication value M0 with the authentication value M0 to authenticate the security key exchange and / or transfer and / or distribution between the RFID tag 100 and the RFID terminal 300 It is about the process.

Referring to FIG. 9, when a predetermined authentication value M0 is received from the RFID tag 100 through the same process as that of FIG. 8 (900), the authentication unit 350 of the RFID terminal 300 receives the random number. Generate a predetermined authentication value (M0) from the random number (R) generated by the generation unit 330 (905), the authentication value (M0) received from the RFID tag 100 and the generated authentication value (M0) By comparing (910), the validity of the security key corresponding to the key index is authenticated.

If the authentication value M0 and the authentication value M0 coincide with each other (915), the RFID terminal 300 encrypts predetermined dynamic ID information through a security key corresponding to the key index to securely store the RFID tag ( 100).

10A and 10B illustrate a process of encrypting dynamic ID information through a predetermined security key and transmitting the RFID ID to the RFID tag 100 according to an exemplary embodiment of the present invention.

In more detail, FIGS. 10A and 10B illustrate a predetermined security transmitted from the RFID terminal 300 to the RFID tag 100 through the same process as that of FIGS. 7, 8, and 9 in the RFID terminal 300. The present invention relates to a process of encrypting predetermined dynamic ID information through a key and transmitting the same to the RFID tag 100.

Referring to FIG. 10A, the extraction (generation) unit 360 of the RFID terminal 300 extracts predetermined dynamic ID information from the storage medium 2 or 325b (1000a) and / or assigns the RFID to the RFID. Generates predetermined dynamic ID information (1000b), and the encryption unit 340 confirms the generated dynamic ID information through the same process as in FIGS. 7, 8, and 9 (or storage medium 1). Encrypting (1005) a security key (extracted from 325a), generating a predetermined authentication value (M1 ') from the encrypted dynamic ID information (EID) (1010), and the transmitting unit (345) the encryption The generated dynamic ID information EID and the authentication value M1 ′ are transmitted through an air interface between the RFID reader 400 and the RFID tag 100 (1015).

Referring to FIG. 10B, the extraction (generation) unit 360 of the RFID terminal 300 extracts predetermined dynamic ID information from the storage medium 2 and 325b (1000a) and / or assigns the RFID to the RFID. Generating predetermined dynamic ID information (1000b), the encryption unit 340 generates a predetermined authentication value (M1 ') from the generated dynamic ID information (1020), the dynamic ID information to the Figure 7 And encrypting (1025) the security key identified through the process of FIG. 8 (or extracted from the storage medium (1) 325a) (1025), and the transmitting unit 345 is the encrypted dynamic ID information (EID) The authentication value M1 ′ is transmitted through the air interface between the RFID reader 400 and the RFID tag 100 (1015).

According to another exemplary embodiment of the present invention, the steps 1005 and 1025 of encrypting the dynamic ID information in the encryption unit 340 include a predetermined secret key promised between the RFID tag 100 and the RFID terminal 300. It is possible to encrypt through (not shown) or through a predetermined security key promised with the RFID tag 100 in addition to the security key corresponding to the key index.

11A and 11B illustrate a process of recording dynamic ID information received from the RFID terminal 300 in a memory in the RFID tag 100 according to an exemplary embodiment of the present invention.

In more detail, FIGS. 11A and 11B show validity of dynamic ID information received from the RFID terminal 300 to the RFID tag 100 through the same process as that of FIG. 10A or 10B in the RFID tag 100. And a process of recording the received dynamic ID information in the dynamic ID information storage area 200 on the memory unit 110. FIG. 11A illustrates an authentication value generated through the process of FIG. 10A. (M1 ') to check the validity of the dynamic ID information, this figure 11b is used for the dynamic ID information using the authentication value (M1') generated through the same process as in FIG. This includes checking the validity.

Referring to FIG. 11A, the receiver 115 of the RFID tag 100 transmits encrypted dynamic ID information EID and a predetermined authentication value M1 ′ transmitted from the RFID terminal 300 through the same process as that of FIG. 10A. ), And provides the authentication unit 140 with the dynamic ID information (EID) and the predetermined authentication value (M1 ') encrypted and received by the RFID terminal 300 (1105).

The authentication unit 140 of the RFID tag 100 generates a predetermined authentication value M1 from the dynamic ID information EID encrypted and received from the RFID terminal 300 through the process as shown in FIG. 1110, by comparing the generated authentication value M1 with the authentication value M1 ′ received from the RFID terminal 300 (1115), the validity of the encrypted dynamic ID information EID is authenticated.

If the validity of the encrypted dynamic ID information EID is authenticated through a comparison process of the authentication value M1 and the authentication value M1 '(1120), the recording unit 145 may determine a predetermined value corresponding to the key index. The encrypted dynamic ID information is decrypted using the security key of FIG. 1125, and the decrypted dynamic ID information is recorded in the dynamic ID information storage area 200 of the memory unit 110 (1130).

After the decoded dynamic ID information is recorded in the dynamic ID information storage area 200, the data generation unit 135 generates a predetermined authentication value M2 from the recorded dynamic ID information (1135). In operation 1140, the transmitter 120 transmits the generated authentication value M2 through an air interface between the RFID tag 100 and the RFID reader 400.

Referring to FIG. 11B, the receiving unit 115 of the RFID tag 100 transmits encrypted dynamic ID information EID transmitted from the RFID terminal 300 through the same process as that of FIG. 10B and a predetermined authentication value M1 ′. ), And provides the authentication unit 140 with the dynamic ID information (EID) and the predetermined authentication value (M1 ') encrypted and received by the RFID terminal 300 (1105).

The authentication unit 140 of the RFID tag 100 uses the predetermined security key corresponding to the key index to the dynamic ID information (EID) encrypted and received from the RFID terminal 300 through the process as shown in FIG. 10B. Decryption (1145), and generates a predetermined authentication value (M1) from the decrypted dynamic ID information (1150), the generated authentication value (M1) and the authentication value (M1) received from the RFID terminal 300 By comparing '), the validity of the encrypted dynamic ID information (EID) is authenticated.

If the validity of the encrypted dynamic ID information EID is authenticated through a comparison process of the authentication value M1 and the authentication value M1 '(1160), the recording unit 145 stores the decrypted dynamic ID information. The dynamic ID information storage area 200 of the memory unit 110 is recorded (1130).

After the decoded dynamic ID information is recorded in the dynamic ID information storage area 200, the data generation unit 135 generates a predetermined authentication value M2 from the recorded dynamic ID information (1135). In operation 1140, the transmitter 120 transmits the generated authentication value M2 through an air interface between the RFID tag 100 and the RFID reader 400.

11A and 11B, the dynamic ID information in FIG. 10A or FIG. 10B is encrypted through a predetermined secret key (not shown) promised between the RFID tag 100 and the RFID terminal 300, or Alternatively, when the encryption is performed using a predetermined security key promised with the RFID tag 100 in addition to the security key corresponding to the key index, the decryption processes 1110 and 1145 may include a secret key corresponding to FIG. 10a or 10b. (Not shown) or through a security key promised in advance.

11A and 11B, the authentication value M2 is preferably generated directly from the dynamic ID information stored in the dynamic ID information storage area 200. According to another exemplary embodiment, the stored dynamic ID The information may be generated by encrypting the information or may be generated from the dynamic ID information before the decryption. However, the RFID terminal 300 undergoes the same encryption / decryption procedure in the process of authenticating the validity of the authentication value M2. do.

12 is a diagram illustrating a process of storing and managing dynamic ID information stored in an RFID tag 100 according to an exemplary embodiment of the present invention.

More specifically, FIG. 12 shows the RFID tag 100 using the authentication value M2 generated by the RFID tag 100 and received by the RFID terminal 300 through the same process as in FIGS. 11A and 11B. The present invention relates to a process of authenticating validity of stored dynamic ID information and storing and managing dynamic ID information of which the validity is authenticated in the storage medium (3) 325c.

Referring to FIG. 12, when a predetermined authentication value M2 is received at the receiving unit 335 of the RFID terminal 300 through an air interface between the RFID tag 100 and the RFID reader 400 (1200), The authentication unit 350 of the RFID terminal 300 receives a predetermined authentication value corresponding to the authentication value M2 from the dynamic ID information transmitted to the RFID tag 100 through the process of FIG. 10A or 10B. M2 ′) and comparing the generated authentication value M2 ′ with the authentication value M2 received from the RFID tag 100 (1210), thereby storing the dynamic stored in the RFID tag 100. Validate the validity of ID information.

According to the exemplary embodiment of the present invention, when the authentication value M2 is generated from the dynamic ID information stored in the dynamic ID information storage area 200 in the RFID tag 100, the authentication unit 350 extracts the authentication. It is preferable that the generation unit 360 generates a predetermined authentication value M2 'from the dynamic ID information extracted from the storage medium 2 or 325b, or if the RFID tag 100 is generated. In the case where the authentication value M2 is generated by encrypting the dynamic ID information or generated from the undecrypted dynamic ID information EID, the authentication unit 350 is encrypted by the encryption unit 340. It is preferable to generate a predetermined authentication value M2 'from the dynamic ID information EID.

If the validity of the dynamic ID information stored in the FID tag is authenticated (1215), the storage unit 355 of the RFID terminal 300 stores the dynamic ID information in the storage medium (3) 325c ( 1220), the dynamics allocated to the RFID tag 100 through the same process as in FIGS. 7, 8, 9, 10a or 10b, and 11a or 11b. Manage ID information.

100: RFID tag 110: memory unit
115: receiver 120: transmitter
135: data generation unit 140: authentication unit
145: recording unit 200: dynamic ID information storage area
205: security key set 300: RFID terminal
325a: storage medium (1) 325b: storage medium (2)
325c: storage medium (3) 330: random number generation unit
335: receiving unit 340: encryption unit
345: transmitting unit 350: authentication unit
355: storage unit 360: extraction (generation)
400: RFID Reader 500: Air Interface

Claims (1)

RFID tag,
A memory unit having a storage area for storing ID information, the memory unit storing at least one encryption key and a key index in association with each other;
A receiving unit for receiving a predetermined random number R and a predetermined key index from a predetermined RFID terminal;
Search for a key index matching the received key index among at least one or more key indexes stored in the memory unit, and generate a predetermined authentication value M0 corresponding to the received random number R when the key index is found. A data generating unit;
A transmitter for transmitting the authentication value (M0) to the RFID terminal;
The RFID terminal verifies the authentication value (M0) to authenticate the validity of the security key corresponding to the key index, and transmits the predetermined encrypted ID information and the authentication value (M1) according to the authentication result, the receiving unit When receiving this from the, decrypt the received encrypted ID information, generates a predetermined authentication value (M1) corresponding to the ID information, the received authentication value (M1) and the generated authentication value (M1) An authentication unit for comparing the ID and authenticating the validity of the ID information;
And a recording unit for recording the decrypted ID information in the ID information storage area of the memory unit when the validity of the authentication result is authenticated.

Images