KR20230157743A - Method for certifying genuine procuct using nfc tag and smartphone, and method for writing url including encrypted uid to the nfc tag - Google Patents

Abstract

The product authentication method using an NFC tag attached to a product, an NFC terminal, a smartphone, and an information provision server includes the steps of the NFC terminal receiving the domain name of the information provision server from the information provision server, and the NFC terminal receiving the domain name of the information provision server from the information provision server. Obtaining the UID of the NFC tag from the NFC tag, generating an encrypted UID by the NFC terminal encrypting the UID with a private key stored in the NFC terminal, and generating an encrypted UID, wherein the NFC terminal uses the domain name and the encrypted It includes generating a URL including a UID according to NDEF, and writing the URL generated according to the NDEF to the NFC tag by the NFC terminal.

Description

A method of authenticating a product using an NFC tag and a smartphone and a method of writing a URL containing an encrypted UID to the NFC tag {METHOD FOR CERTIFYING GENUINE PROCUCT USING NFC TAG AND SMARTPHONE, AND METHOD FOR WRITING URL INCLUDING ENCRYPTED UID TO THE NFC TAG}

The present invention relates to a method of writing a URL (uniform resource locator) to an NFC tag. In particular, the UID (unique ID) of the NFC tag is encrypted with a private key to generate an encrypted UID, and the domain name and the encrypted UID are used. It relates to a method of providing product authentication information to the smartphone using an included URL and an information provision system that can use the method.

NFC (Near Field Communication), one of the RFID (Radio Frequency Identification) technologies, is a non-contact communication technology. NFC has a band of 13.56Mhz and is a technology for wireless communication within a distance of approximately 10cm.

An NFC device with a writing function and a reading function can perform a function of writing data to an NFC tag and a function of reading data stored in the NFC tag, so the NFC device and the NFC tag do not perform pairing.

NFC readers are used for user authentication and payment by reading data stored in NFC tags through tagging.

The NFC mode of a smartphone is divided into NFC card mode and NFC basic mode. NFC card mode is used for mobile payment services using the NFC function, and operates in a reception standby state so that an external NFC device can wirelessly connect with a smartphone operating in NFC card mode. NFC basic mode supports all NFC functions, such as reading function, writing function, and data exchange function, as well as NFC card mode. The data exchange function refers to a P2P two-way communication mode, and in the P2P two-way communication mode, the smartphone performs data exchange communication with an external NFC device.

Public Patent Publication: Publication No. 10-2015-0045543 (published on April 29, 2015) Registered Patent Gazette: Registration No. 10-1218807 (announced on January 22, 2013)

The technical problem to be achieved by the present invention is to generate an encrypted UID by encrypting the UID (unique ID) of an NFC tag with a private key, and to generate a URL containing the domain name and the encrypted UID according to the NFC Data exchange Format (NDEF). Create and store it in the NFC tag, and use a smartphone with an NFC function that can tag the NFC tag to obtain information about whether the product to which the NFC tag is attached is genuine without installing a separate mobile application. The goal is to provide a method that can be provided through a smartphone and an information provision system that can use the method.

According to the present invention, the product authentication method using an NFC tag attached to a product, an NFC terminal, a smartphone, and an information providing server includes the steps of the NFC terminal receiving the domain name of the information providing server from the information providing server, A step of the NFC terminal acquiring the UID of the NFC tag from the NFC tag, a step of the NFC terminal encrypting the UID with a private key stored in the NFC terminal to generate an encrypted UID, and the NFC terminal using the domain name , generating a URL including the UID of the NFC tag and the encrypted UID according to NDEF (NFC Data exchange Format), and the NFC terminal writing the URL generated according to the NDEF to the NFC tag. Includes steps.

According to the present invention, a method of writing a URL to an NFC tag using an NFC terminal includes the steps of receiving, by the NFC terminal, a domain name of an information providing server from the information providing server, and receiving the domain name of the information providing server from the NFC tag. Obtaining a UID, the NFC terminal encrypting the UID with a private key stored in the NFC terminal to generate an encrypted UID, and the NFC terminal using the domain name, the UID of the NFC tag, and the encryption It includes generating a URL including the UID according to NDEF (NFC Data exchange Format), and writing the URL generated according to the NDEF to the NFC tag by the NFC terminal.

The NFC terminal generates the URL by inserting the UID of the NFC tag and the encrypted UID into a query string.

According to the present invention, the product authentication method using an NFC tag attached to a product, an NFC terminal, a smartphone, and an information providing server includes the steps of the NFC terminal receiving the domain name of the information providing server from the information providing server, A step of the NFC terminal acquiring the UID of the NFC tag from the NFC tag, a step of the NFC terminal encrypting the UID with a private key stored in the NFC terminal to generate an encrypted UID, and the NFC terminal using the domain name and generating a URL including the encrypted UID according to NDEF (NFC Data exchange Format), and writing the URL generated according to the NDEF to the NFC tag by the NFC terminal.

According to the present invention, a method of writing a URL to an NFC tag using an NFC terminal includes the steps of the NFC terminal receiving the domain name of the information providing server from the information providing server, and the NFC terminal receiving the NFC tag from the NFC tag. Obtaining the UID of the tag, generating an encrypted UID by encrypting the UID with a private key stored in the NFC terminal, and generating an encrypted UID, the NFC terminal generating a URL containing the domain name and the encrypted UID. It includes generating a URL according to NDEF (NFC Data exchange Format), and writing the URL generated according to the NDEF to the NFC tag by the NFC terminal.

The NFC terminal generates the URL by inserting the encrypted UID into a query string.

The method of writing a URL to an NFC tag and the product authentication method using the NFC tag and a smartphone according to an embodiment of the present invention encrypt the UID (unique ID) of the NFC tag with a private key to generate an encrypted UID, and the domain Create a URL containing the name and the encrypted UID according to NDEF (NFC Data exchange Format), store it in the NFC tag, and use a smartphone with an NFC function capable of tagging the NFC tag. This has the effect of providing information on whether the product with the attached tag is genuine to the smartphone without installing a separate mobile application.

In order to more fully understand the drawings cited in the detailed description of the present invention, a detailed description of each drawing is provided.
Figure 1a is a block diagram of an information provision system that performs an information provision method using an NFC tag and a smartphone according to an embodiment of the present invention.
Figure 1b is a block diagram of an information provision system that performs an information provision method using an NFC tag attached to a product and a smartphone.
FIG. 2 is a data flow for explaining an embodiment of an information provision method using the information provision system shown in FIGS. 1A and 1B.
FIG. 3 is a data flow for explaining another embodiment of an information provision method using the information provision system shown in FIGS. 1A and 1B.
FIG. 4 is a data flow for explaining another embodiment of an information provision method using the information provision system shown in FIGS. 1A and 1B.
FIG. 5 is a data flow for explaining another embodiment of an information provision method using the information provision system shown in FIGS. 1A and 1B.
Figure 6 is a block diagram of an information provision system that performs an information provision method using an NFC tag and a smartphone according to another embodiment of the present invention.
FIG. 7 is a data flow for explaining an embodiment of an information provision method using the information provision system shown in FIGS. 1B and 6.
FIG. 8 is a data flow for explaining another embodiment of an information provision method using the information provision system shown in FIGS. 1B and 6.
FIG. 9 shows examples of messages displayed on a display device of a mobile device in the step of displaying the messages shown in FIGS. 2, 3, 4, 5, 7, and 8.
FIG. 10 shows an example of an image displayed on a display device of a mobile device in the step of displaying the message shown in FIGS. 2, 3, 4, 5, 7, and 8.

In an asymmetric key algorithm, a private key (also called 'secret key') used to encrypt plain text and a public key used to decrypt the plain text encrypted with the private key are different from each other.

Figure 1a is a block diagram of an information provision system that performs an information provision method using an NFC tag and a smartphone according to an embodiment of the present invention.

Referring to FIG. 1A, the information providing system 100 capable of performing a product authentication method includes a first Near Field Communication (NFC) tag 200, an NFC writer (also referred to as an NFC writer, or 'NFC terminal' 300), It includes a mobile device 400 with an NFC function, and an information providing server (or authentication information providing server; 500).

The first NFC tag 200 includes a communication device 210, a controller 220, and a memory device 230. For example, the NFC tag 200 may be a passive NFC tag.

The communication device 210 transmits a read request sent from the NFC writer 300 to the controller 220, and the controller 220 reads the information stored in the memory device 230 according to the read request. It can be transmitted to the communication device 210. Additionally, the communication device 210 transmits a write request sent from the NFC writer 300 to the controller 220, and the controller 220 stores the information included in the write request in the memory device 230. Light can be done.

In addition, the communication device 210 transmits a read request sent from the mobile device 400 to the controller 220, and the controller 220 reads information from the memory device 230 according to the read request to the communication device ( It can be transmitted to the mobile device 400 through 210).

An NFC writer (or NFC terminal; 300) capable of performing a data read function and a data write function includes a communication device 310, a processor 320, and a memory device 330. . The communication device 310 may receive information from the communication device 510 of the information providing server 500 and transmit it to the processor 320, and the processor 320 may write the information to the memory device 330. Additionally, the processor 320 may read information stored in the memory device 330 and transmit the read information to the NFC tag 200 through the communication device 310.

NFC-enabled mobile device 400 includes a communication device 405, a processor 410, and a display device 430. The mobile device 400 may be a smartphone, Internet of Things (IoT) device, laptop computer, or wearable computer.

The mobile device 400 can communicate with the NFC tag 200 through the communication device 405 as well as communicate with the information providing server 500. The communication device 405 includes both a function for communicating with the NFC tag 200 and a function for communicating with the information providing server 500.

Communication devices 210, 310, 405, and 510 are transceivers capable of transmitting and receiving information, and may also be referred to as transmitting and receiving circuits.

The processor 410 can execute an operating system (OS) 420 and control the communication device 405 and the display device 430.

The information providing server 500, also called a web server corresponding to the domain name, includes a communication device 510, a processor 520, and a data storage device 530. The data storage device 530 can be accessed (read or written) by the information providing server 500, and the data storage device 530 may be installed inside or outside the information providing server 500. Data storage device 530 includes a database.

The information providing server 500 may communicate with the NFC writer 300 or the mobile device 400 through the communication device 510. The processor 520 controls the operation of the communication device 510 and manages data stored in the database. Here, examples of management include write operations, read operations, search operations, and update operations, etc.

The public key (PuK) and information (INFO) paired with the private key (PrK) are stored in the database. Depending on embodiments, the first UID (UID1) of the first NFC tag 200 may be previously stored in a database. The UID (unique identifier) described in this specification refers to a unique identifier that can uniquely identify an NFC tag.

Information (INFO) includes URLs (URL1 to URLn), each of which is determined according to a domain name (DN) and each UID (UID1 to UIDn). Each URL (URL1 to URLn) may be matched with each domain name (DN), each UID (UID1 to UIDn), and each web page (WP1 to WPn), and, depending on embodiments, each URL ( URL1~URLn) may be further matched with each detailed information (DSI1~DSIn) and/or each image (IM1~IMn). The detailed information may include at least one of the product name, product description, price, size, manufacturer, and manufacturing date, and the image may include at least one image of the product.

URI (Uniform Resource Identifier) refers to a format that consistently expresses unique addresses representing accessible resources on the Internet.

Subconcepts of URI include URL and URN (Uniform Resource Name). Although the first URL (URL1) and the second URL (URL2) are displayed and described in this specification, depending on the embodiment, the first URL (URL1) may mean the first URI or the first URN, and the second URL (URL2) may mean the first URL (URL2). It may mean 2URI or 2nd URN.

The URL structure includes protocol (scheme)/host (or Domain name)/port/path/Query Parameter/Fragment.

A protocol (scheme) such as http (Hyper Text Transfer Protocol) is a protocol (convention), and these days, https is used as the basic protocol, and https is a version with enhanced security.

The host (or domain name) specifies the location of the web server in the URL. An IP address is sometimes used instead of a domain name.

port is the gateway used to access resources on the web server. The standard http port is 80 and the standard https port is 443. If a standard port is used, port is omitted.

path refers to the path to the resource provided by the web server, and "/" is used to indicate the root resource.

Query parameters, also called query strings, are expressed as key=value pairs separated by ampersands (&). Query Parameter may refer to transmitted data.

Fragment starts with #, and scrolls to the location of the corresponding ID within the accessed page.

The first UID (UID1), which will be described with reference to FIGS. 1 to 5, and the first UID (En_PrK(UID1)) encrypted with the private key (PrK) are included in the query string of the first URL (URL1), and are shown in FIGS. 6 to 8. The second UID (En_PrK(UID2)) encrypted with the private key (PrK), which will be described with reference to , is included in the query string of the second URL (URL2).

Figure 1b is a block diagram of an information provision system that performs an information provision method using an NFC tag attached to a product and a smartphone.

Referring to FIG. 1B, the first NFC tag 200 shown in FIG. 1A or the second NFC tag 200a shown in FIG. 6 may be attached to the product 110. In this specification, product 110 refers collectively to products, goods, commodities, industrial products, agricultural products, marine products, and livestock products.

FIG. 2 is a data flow for explaining an embodiment of an information provision method using the information provision system shown in FIGS. 1A and 1B.

1A to 2, the first UID (UID) of the first NFC tag 200a is stored in the memory device 230, and the private key (also called a 'secret key'. PrK) is NFC. It is stored in the memory device 330 of the writer 300, and the public key (PuK) paired with the private key (Prk) is stored in the data storage device 530 of the information provision server 500. Assume.

The communication device 310 of the NFC light 300 receives the domain name (DN) transmitted from the communication device 510 of the information providing server 500 and transmits it to the processor 320, and the processor 320 transmits the domain name (DN) to the processor 320. (DN) is stored in the memory device 330 (S105).

The processor 320 generates a first request to obtain the first UID (UID1) stored in the first NFC tag 200 and transmits the first request to the first NFC tag 200 through the communication device 310. .

The controller 220 of the first NFC tag 200 receives and interprets the first request through the communication device 210, reads the first UID (UID) from the memory device 230 according to the analysis result, and reads the first request. 1UID (UID1) is transmitted to the communication device 310 of the NFC light 300 through the communication device 210 (S110).

The processor 320 of the NFC writer 300 receives the first UID (UID1) through the communication device 310, encrypts the first UID (UID1) using the private key (PrK) stored in the memory device 330, and , The encrypted first UID (EN_PrK(UID1)) is automatically generated (S112).

The processor 320 generates a first URL (URL1) including a domain name (ND), a first UID (UID1), and an encrypted first UID (EN_PrK (UID1)) according to the NFC Data Exchange Format (NDEF). ) is generated (S114).

NDEF is a data exchange format used in data communication using NFC. Most NFC tags operate as passive elements that transmit data stored in NDEF format. When the mobile device 400 with the NFC function contacts (scans or tags) the NFC tag 200 or 200a, the mobile application installed by default from the time of manufacture of the mobile device 400 stores NDEF data (e.g., Figure 1 Read URL1 in and URL2 in FIG. 6).

As described above, the first UID (UID1) and the encrypted first UID (EN_PrK(UID1)) are inserted into the position of the query string.

The processor 320 transmits a second request including the first URL (URL1) generated according to the NDEF to the communication device 210 of the NFC tag 200 through the communication device 310.

The controller 220 of the NFC tag 200 receives the second request through the communication device 210 and writes the first URL (URL1) to the memory device 230 according to the second request (S116).

1A and 1B, after the user (or holder) of the smartphone 400 sets the NFC icon of the smartphone 400 with the NFC function to the basic mode, the user When the first NFC tag 200 attached to the product 110 to be purchased is scanned (this is also called 'tagging') using the mobile device 400, the controller of the first NFC tag 200 ( 220 reads the first URL (URL1) stored in the memory device 230 and transmits it to the communication device 405 of the mobile device 400 through the communication device 210 (S118). That is, the mobile device 400 reads the first URL (URL1) from the first NFC tag 200 (S118).

The OS 420 running on the processor 410 receives the first URL (URL1) through the communication device 405 and determines the domain name (DN) included in the first URL (URL1) without running a separate mobile app. It directly connects to the information provision server 500 and transmits the first URL (URL1) to the communication device 510 of the information provision server 500 (S120).

The processor 520 of the information providing server 500 receives the first URL (URL1) through the communication device 510, parses the first URL (URL1), and creates a domain name (DN) from the first URL (URL1). , extract the first UID (UID1), and the encrypted first UID (EN_PrK(UID1)).

The processor 520 searches the database and displays the first web page (WP1) corresponding to the first URL (URL1) defined according to the domain name (DN) and the first UID (UID1) through the communication devices 510 and 405. Transmit to OS 420 (S122). At this time, the OS 420 pops up and displays the first web page WP1 on the display device 430.

The processor 520 decrypts the encrypted first UID (EN_PrK(UID1)) using a public key (PuK) and generates the decrypted first UID (S124).

The processor 520 compares the first UID (UID1) included in the first URL (URL1) with the decrypted first UID (S126), generates a message corresponding to the comparison result, and sends the generated message to the communication devices 510 and 405. ) to the OS 420 (S130). For example, the message includes the characters shown in (a) and (b) of FIGS. 9 or the authenticity mark shown in FIG. 10, and the authenticity mark is an example of a graphical user interface.

The OS 420 displays (or pops up) the received message on the display device 430 (S132).

FIG. 9 shows examples of messages displayed on a display device of a mobile device in the step of displaying the messages shown in FIGS. 2, 3, 4, 5, 7, and 8.

Referring to FIGS. 1B, 2, and 9(a), when the first UID (UID1) included in the first URL (URL1) and the decrypted first UID match, the processor 520 generates the domain name (DN) The text 'Authentication Success' may be displayed on the first URL (URLi, i=1) or the first web page (WPi_1, i=1) including the first UID (UID1) (S132).

However, referring to (b) of FIGS. 1B, 2, and 9, when the first UID (UID1) included in the first URL (URL1) and the decrypted first UID do not match, the processor 520 The text 'Authentication Failed' may be displayed on the first URL (URL1) or the first web page (WPi_2, i=1) including (DN) and the first UID (UID1) (S132).

FIG. 10 shows an example of an image displayed on a display device of a mobile device in the step of displaying the message shown in FIGS. 2, 3, 4, 5, 7, and 8.

Referring to FIGS. 1B, 2, and 10, when the first UID (UID1) included in the first URL (URL1) and the decrypted first UID match, the processor 520 generates the domain name (DN) and the first UID ( The first image (IMi, i=1) of the product 110 and the product authentication mark (or product authentication image; 432) on the first URL (URL1) or the first web page (WPi_3, i=1) including UID1) can be displayed (S132).

FIG. 3 is a data flow for explaining another embodiment of an information provision method using the information provision system shown in FIGS. 1A and 1B.

Since each of the steps (S105 to S120) shown in FIG. 2 and each of the steps (S105 to S120) shown in FIG. 3 are the same, detailed description of the steps (S105 to S120) shown in FIG. 3 will be omitted. .

Referring to FIG. 3, the processor 520 decrypts the encrypted first UID (EN_PrK(UID1)) using a public key (PuK), generates the decrypted first UID (S124), and includes it in the first URL (URL1). The decrypted first UID (UID1) is compared with the decrypted first UID (S126).

When the first UID (UID1) included in the first URL (URL1) and the decrypted first UID match, the processor 520 searches the database and retrieves the first URL ( A message along with the first web page (WP1) corresponding to URL1) is transmitted to the OS 420 through the communication devices 510 and 405 (S131).

The OS 420 displays (or pops up) a message along with the first web page WP1 on the display device 430 (S133).

Referring to FIGS. 1B, 3, and 9(a), when the first UID (UID1) included in the first URL (URL1) and the decrypted first UID match, the processor 520 generates the domain name (DN) The text 'Authentication Success' may be displayed along with the first URL (URL1) or the first web page (WP1_1) including the first UID (UID1) (S133).

However, referring to (b) of FIGS. 1B, 3, and 9, when the first UID (UID1) included in the first URL (URL1) and the decrypted first UID do not match, the processor 520 The text 'Authentication Failed' may be displayed along with the first URL (URL) or the first web page (WP1_2) including (DN) and the first UID (UID1) (S133).

1B, 3, and 10, when the first UID (UID1) included in the first URL (URL1) and the decrypted first UID match, the processor 520 generates the domain name (DN) and the first UID ( The first image (IM1) of the product 110 and the authenticity certification mark (this is also called 'authentication image' 432) can be displayed together on the first URL (URL1) or the first web page (WP1_3) including UID1). (S133).

FIG. 4 is a data flow for explaining another embodiment of an information provision method using the information provision system shown in FIGS. 1A and 1B.

Since each of the steps (S105 to S124, S130, and S131) shown in FIG. 2 and the steps (S105 to S124, S130, and S131) shown in FIG. 4 are the same, the steps (S105 to S105) shown in FIG. Detailed description of S124, S130, and S131) is omitted.

At this time, the information providing server 500 stores the first UID (UID1) in the database.

When the first UID (UID1) included in the first URL (URL1) and the decrypted first UID match (S126), the processor 520 stores the first UID (UID1) included in the first URL (URL1) and the database 530. The stored first UID (UID1) is compared once again (S128).

The processor 520 compares the first UID (UID1) included in the first URL (URL1) with the first UID (UID1) stored in the database 530 (S128), generates a message corresponding to the comparison result, and sends the generated message. It is transmitted to the OS 420 through the communication devices 510 and 405 (S130).

FIG. 5 is a data flow for explaining another embodiment of an information provision method using the information provision system shown in FIGS. 1A and 1B.

Since each of the steps (S105 to S120, S124, S126, S131, and S133) shown in FIG. 3 and the steps (S105 to S120, S124, S126, S131, and S133) shown in FIG. 5 are the same, FIG. Detailed description of the steps shown in 5 (S105 to S120, S124, S126, S131, and S133) is omitted.

At this time, the information providing server 500 stores the first UID (UID1) in the database.

When the first UID (UID1) included in the first URL (URL1) and the decrypted first UID match (S126), the processor 520 stores the first UID (UID1) included in the first URL (URL1) and the database 530. The stored first UID (UID1) is compared once again (S128).

When the first UID (UID1) included in the first URL (URL1) and the first UID (UID1) stored in the database 530 match, the processor 520 searches the database to determine the domain name (DN) and the first UID (UID1). A message is created along with the first web page (WP1) corresponding to the first URL (URL1) defined according to and transmitted to the OS 420 through the communication devices 510 and 405 (S131).

In the embodiment shown in FIGS. 4 and 5, the processor 520 sequentially performs two comparison operations or two authentication operations. That is, the processor 520 determines whether the first UID (UID1) included in the first URL (URL1) and the decrypted first UID match (S126), and the first UID (UID1) included in the first URL (URL1) and the decrypted UID. The match is sequentially performed between any one of the 1UIDs and the first UID (UID1) stored in the database.

Figure 6 is a block diagram of an information provision system that performs an information provision method using an NFC tag and a smartphone according to another embodiment of the present invention.

Referring to FIG. 6, the information providing system 100a capable of performing a product authentication method includes a second NFC tag 200a, an NFC writer 300, a mobile device 400, and an information providing server 500. .

The structure of the first NFC tag 200 and the structure of the second NFC tag 200a are the same.

FIG. 7 is a data flow for explaining an embodiment of an information provision method using the information provision system shown in FIGS. 1B and 6.

1B, 6, and 7, the second UID (UID2) of the second NFC tag 200a is stored in the memory device 230, and the private key (PrK) is stored in the memory device of the NFC writer 300. It is assumed that the public key (PuK), which is stored in 330 and paired with the private key (Prk), is stored in the data storage device 530 of the information providing server 500.

The communication device 310 of the NFC light 300 receives the domain name (DN) transmitted from the communication device 510 of the information providing server 500 and transmits it to the processor 320, and the processor 320 transmits the domain name (DN) to the processor 320. (DN) is stored in the memory device 330 (S105).

The processor 320 generates a third request to obtain the second UID (UID2) stored in the second NFC tag 200a and transmits the third request to the NFC tag 200 through the communication device 310.

The controller 220 of the second NFC tag 200a receives and interprets the third request through the communication device 210, reads the second UID (UID2) from the memory device 230 according to the analysis result, and reads the third request. 2UID (UID2) is transmitted to the communication device 310 of the NFC light 300 through the communication device 210 (S110a)

The processor 320 of the NFC writer 300 receives the second UID (UID2) through the communication device 310, encrypts the second UID (UID2) using the private key (PrK) stored in the memory device 330, and , an encrypted second UID (EN_PrK(UID2)) is generated (S112a).

The processor 320 generates a second URL (URL2) including a domain name (ND) and an encrypted second UID (EN_PrK(UID2)) according to the NDEF (S114a). As described previously, the encrypted second UID (EN_PrK(UID2)) is inserted at the position of the query string.

The processor 320 transmits the fourth request including the second URL (URL2) generated according to the NDEF to the communication device 210 of the NFC tag 200 through the communication device 310.

The controller 220 of the NFC tag 200 receives the fourth request through the communication device 210 and writes the second URL (URL2) to the memory device 230 according to the fourth request (S116a).

Referring to FIGS. 1B, 6, and 7, when the user of the mobile device 400 scans the second NFC tag 200a attached to the product 110 to be purchased using the mobile device 400, The controller 220 of the second NFC tag 200a reads the second URL (URL2) stored in the memory device 230 and transmits it to the communication device 405 of the mobile device 400 through the communication device 210 (S118a) ). That is, the mobile device 400 reads the second URL (URL2) from the second NFC tag 200a (S118a).

The OS 420 running on the processor 410 receives the second URL (URL2) through the communication device 405 and determines the domain name (DN) included in the second URL (URL2) without running a separate mobile app. It directly connects to the information provision server 500 and transmits the second URL (URL2) to the communication device 510 of the information provision server 500 (S120a).

The processor 520 of the information providing server 500 receives the second URL (URL2) through the communication device 510, parses the second URL (URL2), and generates a domain name (DN) and an encrypted code from the second URL (URL2). Extract the second UID (EN_PrK(UID2)).

The processor 520 decrypts the encrypted second UID (EN_PrK(UID2)) using the public key (PuK) and generates the decrypted second UID (S121a).

The processor 520 searches the database and sends the second web page (WP2) corresponding to the second URL (URL2) defined according to the domain name (DN) and the decrypted second UID (UID2) to the communication devices 510 and 405. It is transmitted to the OS 420 through (S122a).

The processor 520 compares the second UID (UID2) stored in the database with the decrypted second UID (S126a), generates a message corresponding to the comparison result, and sends the generated message to the OS (OS) through the communication devices 510 and 405. 420) (S130a).

The OS 420 displays (or pops up) the received message on the display device 430 (S132a).

Referring to FIGS. 1B, 7, and 9(a), when the second UID (UID2) included in the second URL (URL2) and the decrypted second UID match, the processor 520 generates the domain name (DN) The text 'Authentication Success' can be displayed along with the second URL (URLi, i=2) or the second web page (WPi_1, i=2) including the second UID (UID2) (S132a) .

However, referring to (b) of FIGS. 1B, 7, and 9, when the second UID (UID2) included in the second URL (URL2) and the decrypted second UID do not match, the processor 520 The text 'Authentication Failed' may be displayed along with the second URL (URL2) or the second web page (WPi_2, i=2) including (DN) and the second UID (UID2) (S132a).

Referring to FIGS. 1B, 7, and 10, when the second UID (UID2) included in the second URL (URL2) and the decrypted second UID match, the processor 520 generates the domain name (DN) and the second UID ( The second image (IMi, i=2) of the product 110 and the authentication mark 432 can be displayed on the second URL (URL2) or the second web page (WPi_3, i=2) including UID2). (S132a).

FIG. 8 is a data flow for explaining another embodiment of an information provision method using the information provision system shown in FIGS. 1B and 6.

Since each of the steps (S105 to S121a, and S126a) of FIG. 7 and each of the steps (S105 to S121a, and S126a) of FIG. 7 are the same, the description of the steps (S105 to S121a, and S126a) of FIG. 7 is omitted.

When the second UID (UID2) stored in the database matches the decrypted second UID, the processor 520 searches the database and corresponds to the second URL (URL2) defined according to the domain name (DN) and the second UID (UID1). A message along with the second web page (WP2) is transmitted to the OS 420 through the communication devices 510 and 405 (S131a).

The OS 420 displays (or pops up) a message along with the second web page WP2 on the display device 430 (S133a).

Referring to (a) of FIGS. 1B, 6, 8, and 9, when the second UID (UID2) stored in the database matches the decrypted second UID, the processor 520 stores the domain name (DN) and the second UID. The text 'Authentication Success' can be displayed along with the second URL (URL2) or the second web page (WPi_1, i=2) including 2UID (UID2) (S133a).

However, referring to (b) of FIGS. 1B, 6, 8, and 9, when the second UID (UID2) stored in the database does not match the decrypted second UID, the processor 520 uses the domain name (DN) ) and the second URL (URL2) or the second web page (WPi_2, i=2) including the second UID (UID2) and the text 'Authentication Failed' may be displayed (S133a).

Referring to FIGS. 1B, 6, 8, and 10, when the second UID (UID2) stored in the database matches the decrypted second UID, the processor 520 generates the domain name (DN) and the second UID (UID2). The second image (IMi, i=2) of the product 110 and the authentication mark 432 can be displayed on the second URL (URL2) or the second web page (WPi_3, i=2) including (S133a) ).

The information provision system 100 or 100a may transmit (or push) information or a message about whether a product is genuine or not to the mobile device 400.

As described with reference to FIGS. 1A to 10, the user (or holder) of the mobile device 400 with the NFC function only performs a scanning operation on the NFC tag 200 or 200a attached to the product 110. , there is an effect of automatically obtaining information about the product 110 even without separate manipulation of the mobile device 400.

Here, not performing a separate operation on the mobile device 400 means that the user of the mobile device 400 must use a separate mobile application on the mobile device 400 to obtain information stored in the NFC tag 200 or 200a. This means that not only does it not require installation, but no action is required other than activating the NFC function.

The present invention has been described with reference to the embodiments shown in the drawings, but these are merely illustrative, and those skilled in the art will understand that various modifications and other equivalent embodiments are possible therefrom. Therefore, the true scope of technical protection of the present invention should be determined by the technical spirit of the attached registration claims.

100, 100a: Information provision system
200, 200a: NFC tag
210: communication device
220: controller
230: memory device
300: NFC writer, NFC terminal
310: communication device
320: processor
330: memory device
400: mobile device
405: communication device
410: processor
420: operating system
430: display device
500: Information provision server, web server
510: communication device
520: processor
530: data storage device

Claims (8)

In the product authentication method using an NFC tag attached to a product, an NFC terminal, a smartphone, and an information provision server,
The NFC terminal receiving the domain name of the information provision server from the information provision server;
The NFC terminal acquiring a unique identifier (UID) of the NFC tag from the NFC tag;
generating an encrypted UID by the NFC terminal encrypting the UID with a private key stored in the NFC terminal;
generating, by the NFC terminal, a URL (uniform resource locator) including the domain name and the encrypted UID according to NDEF (NFC Data exchange Format); and
A product authentication method comprising the step of the NFC terminal writing the URL generated according to the NDEF to the NFC tag. According to paragraph 1,
An operating system running on the smartphone acquiring the URL generated according to the NDEF from the NFC tag;
the operating system connecting to the information provision server using the domain name included in the URL and transmitting the URL to the information provision server;
The information providing server extracting the domain name and the encrypted UID from the URL; and
The information providing server decrypts the extracted encrypted UID using a public key to generate a decrypted UID;
The product authentication method further comprising transmitting, by the information providing server, a web page corresponding to the extracted domain name and the decrypted UID to the smartphone. According to paragraph 2,
The information providing server compares the UID stored in a database accessible by the information providing server with the decrypted UID, and when the UID stored in the database matches the decrypted UID, a message is generated and transmitted to the smartphone. steps; and
The product authentication method further includes the step of the operating system displaying the message on the web page. According to paragraph 3,
The above message is a text message or image for genuine product authentication. According to paragraph 1,
An operating system running on the smartphone acquiring the URL generated according to the NDEF from the NFC tag;
the operating system connecting to the information provision server using the domain name included in the URL and transmitting the URL to the information provision server;
The information providing server extracting the domain name and the encrypted UID from the URL;
The information providing server decrypts the extracted encrypted UID using a public key to generate a decrypted UID;
The information providing server compares the decrypted UID with a UID stored in a database accessible by the information providing server, generates a message when the UID stored in the database matches the decrypted UID, and the extracted domain Transmitting the message along with a name and a web page corresponding to the decrypted UID to the smartphone; and
The product authentication method further includes the step of the operating system displaying the message along with the web page. According to clause 5,
The above message is a text message or image for genuine product authentication. In a method of writing a URL to an NFC tag using an NFC terminal,
The NFC terminal receiving the domain name of the information provision server from the information provision server;
The NFC terminal acquiring a unique identifier (UID) of the NFC tag from the NFC tag;
generating an encrypted UID by the NFC terminal encrypting the UID with a private key stored in the NFC terminal;
generating, by the NFC terminal, a URL (uniform resource locator) including the domain name and the encrypted UID according to NDEF (NFC Data exchange Format); and
A method of writing a URL to an NFC tag using an NFC terminal, including the step of the NFC terminal writing the URL generated according to the NDEF to the NFC tag. In clause 7,
A method of writing a URL to an NFC tag using the NFC terminal, wherein the NFC terminal generates the URL by inserting the encrypted UID into a query string.