TWI470990B - Radio frequency identification (RFID) tag to link the individual information disclosure method, the right to grant the method and authority control and management system - Google Patents

Description

Individual information disclosure method, rights granting method and authority control and management system for radio frequency identification (RFID) tag linkage

The present invention relates to an exposing technique for individual information, and more particularly to an information disclosure method, a rights granting method, and an authority control and management system for an individual linked by a radio frequency identification (RFID) tag.

When identifying different individuals, they can be identified based on a unique data. For example, in the Republic of China, the identity card numbers of the two people will not be the same, so the ID number is often used as the attribute of the identification person. The data used to identify an individual can be called "identification data."

In the design of information systems, the choice of unique "identification data" is very important because it is an index that searches for information related to individuals from a large amount of data. Common identification materials include the ID number, the patient's medical record number, the student's student ID number, the item number in the store, the bank's account number (natural or legal person's account number), or a unique one given by a global standards organization. Sexual identification code; sometimes the combination of two or more materials is also unique, and such a combination is also a "identification data."

In the operation of the information system, the identification data received by the system is often input by a person. For example, the student inputs the student ID number in the school system, the hospital staff enters the patient's medical record number in the medical system, and the human input identification data may occur. Errors in the input reduce the efficiency and accuracy of the identification.

Radio Frequency Identification (RFID) technology is currently used to improve the efficiency and accuracy of individual identification. In a system equipped with a radio frequency identification reader, the prior art for exposing the information of an individual usually stores the serial number of the tag and the identification data of the individual to which the tag is linked, in order to record the correspondence between the two; When the system receives the tag serial number transmitted by the reading device, the system may obtain the corresponding identification data according to the stored correspondence relationship, thereby exposing the information of the individual connected by the tag. In general, if the RFID system is not specially designed, it holds the reading device. Unauthorized persons can also read the serial number of the label, and thus may obtain the individual's information according to the stored relevance; this is a possible risk of improper disclosure of information, and the scholar Ohkubo et al. also put forward the same viewpoint in 2005.

The information privacy protection of individuals currently connected by RFID tags is mostly to restrict the reading of tags, so that only authorized personnel can read the information in the tags, thereby avoiding unauthorized use. The information in the tag searches for the identification data of the individual to which the tag is linked. For example, using a computing capability tag to perform symmetric cryptography, asymmetric cryptography, hash-lock, hash-chain, etc. Learn the method of calculation to verify the reader's read permissions. Another example is the use of other devices and methods to limit the way the tags are read, to avoid leakage of information inside the tags, such as faraday cages, active jamming, blockers, and the like.

The above-mentioned information privacy protection method for an individual connected by a radio frequency identification tag requires implementation of a computing-capable tag, a specially designed tag, or an additional device; however, the RFID application system usually uses a large amount of Labels add to the cost burden.

Therefore, the main object of the present invention is to provide an information disclosure method for an individual to which a radio frequency identification tag is connected. The method is implemented by a processor that includes a storage module and is connectable to at least one tag reading device. The method comprises the steps of: (A) receiving a request from a user, an identity identification material, a personalization secret, and a tag serial number from a tag reading device; (B) receiving according to step (A) The identity identification data, the personalized secret, and the tag serial number are used to verify the authority by using an associated data collection file in the storage module, wherein the associated data collection file includes the pair of information corresponding to the identity identification data and the tag serial number. A "permission substitute code", the step (B) comprises the following sub-steps: (b-1) according to the identity identification data and the tag serial number received in the step (A), using the associated data collection file to perform a search to find the permission replacement (b-2) according to the identity identification data received in step (A), the personalized secret, and the permission substitution code found in sub-step (b-1), and using a reply calculation formula to obtain a After the reply, the individual identifies the data; (b-3) verifies according to the individual identification data after being replied; and (C) if the verification result of the sub-step (b-3) is that the individual identification data is verified after being replied, Permission verification and proceed with the requested action.

Another object of the present invention is to provide a program product for exposing information of an individual connected to a radio frequency identification tag. When a processor loads and executes the program, the information of the individual connected to the radio frequency identification tag can be completed. Exposure method

It is still another object of the present invention to provide an information-related rights granting method for an individual to which a radio frequency identification tag is linked. The method is implemented by a processor that includes a storage module and is connectable to at least one tag reading device. The method comprises the steps of: (A) receiving a body identification data, a tag serial number from a tag reading device, a identity identification data from a user, and a personalization secret; (B) based on the received individual identification data , the tag serial number, and the personalization secret, and use an alternative code calculation formula to obtain a permission replacement code; (C) according to the received individual identification data and the tag serial number and using an index value calculation formula to obtain a corresponding One of the rights substitution codes replaces the code index value; (D) obtains an individual based on the received individual identification data and utilizes a hash function (E) adding the substitute code index data, the rights replacement code, and the individual identification data hash value to an associated data collection file in the storage module; and F) Delete identity identification data, personalized secrets, and tag serial numbers.

Another object of the present invention is to provide a program product for granting information read rights for an individual of a radio frequency identification tag link, which can be read by at least one processor after the program is loaded and executed. Method of granting rights.

It is still another object of the present invention to provide an information-related authority control and management system for an individual to which a radio frequency identification tag is linked.

Therefore, the authority control and management system of the present invention is configured to identify data according to a first identity of a first user, a first personalized secret of the first user, and a first tag serial number, and utilize a program control The unit cooperates with an established data collection file to verify whether the first user has the relevant rights of the first individual associated with the first tag serial number. The authority control and management system further comprises a program control module, a rights replacement code calculation unit, a data management unit, a search unit, an index value calculation unit, a reply calculation unit, a hash value calculation unit, and a ratio For the unit.

The program control unit is used to interact with other units to control the execution of related procedures for authority control and management.

When the authority control and management system gives a user the right to be associated with an individual identified by the RFID tag, the authority substitution code calculation unit calculates a rights replacement according to the personalized secret determined by the user and the serial number of the tag. code.

The data management unit is used to manage the related data collection file, wherein the related data collection The set file includes a first privilege substitute code corresponding to the first tag serial number, the first identity identification data, and a first individual identification data hash value of the first individual. The index value calculation unit is configured to use an index value calculation formula to obtain an alternative code index value according to the first identity identification data and the first tag serial number. The searching unit is configured to search for the first privilege substitute code and the first identifiable data hash value according to the calculated substitute code index value and the associated data merging file. The reply calculation unit is configured to use the return calculation formula according to the first personalized secret, the first tag serial number, and the first authority replacement code to obtain an individual identification data after being returned. The hash value calculation unit is configured to use the hash identification function according to the individual identification data after the reply, to obtain a hash value of the individual identification data after being recovered. The comparison unit is configured to compare the individual data hash value after the reply with the first individual identification data hash value, and if the two match, the authority control and management system authority verification result indicates that the first user has the first individual A related right, if the two do not match, the authority verification and management system's authority verification result indicates that the first user does not have the right associated with the first individual.

The effect of the present invention is to replace the serial number of a tag, the identification data of the individual to which the tag is linked, and the authorized code selected by the user with individual rights, using a permission replacement code generated and stored in advance. The correspondence relationship is such that the tag serial number and the authorized code do not have to be stored, and the mutual correspondence between the tag serial number, the authorized code, and the individual identification data is also hidden. After that, whether the information of the individual linked to the label is revealed is based on whether the user's input, the serial number of the label, and the corresponding authority replacement code can reply to the identification data of the individual as the basis for verification; If the reply is replied, the individual's identification data is used as an index to obtain the individual's information and expose it, and vice versa. Because of the generation of the privilege substitution code and the reply of the individual identification data It is executed on the information system, and the label used to link the individual only needs to have the label serial number, so it is not necessary to use the computing capability label to verify the authorization to read the information in the label, and does not need to use a specially designed label or Additional equipment to limit the reading of information within the tag has the advantage of low cost.

For a better understanding and understanding of the structural features and the achievable effects of the present invention, please refer to the preferred embodiment and the detailed description.

Please refer to Figure 1. A preferred embodiment of the associated authority control and security architecture of the RFID-tagged individual of the present invention comprises a data determination unit 11, an authority control and management system 12, a body information acquisition unit 13, and a storage module 14. In the preferred embodiment, the rights control and security architecture is implemented by a processor 1 that can communicate with at least one radio frequency identification (RFID) tag reader (not shown).

The data judging unit 11 is configured to receive data from the reading device and from a user for determining; the authority control and management system 12 is configured to determine the judgment result of the data judging unit 11 based on the data from the reading device and the user. The related information processing and management are performed; the individual information obtaining unit 13 is configured to perform the acquisition of the individual information; the storage module 14 is configured to store the processing result of the authority control and management system 12, and the information of the individual.

The authority control and management system 12 is the improvement focus and core of the present invention, and includes a program control unit 120, a data management unit 121, a search unit 122, a body identification data recovery (recovery) calculation unit 123, and a A rights substitute code (substitute-code) calculation unit 124, an index value calculation unit 125, a body identification data hash value calculation unit 126, and a comparison unit 127.

The authority control and management system 12 can be based on a first user's first identity identification (ID), and the first user is in charge of the first user. (discretionary) a first personalization secret (personalize secret), and a first label number linked to a first individual, and cooperate with an established association data collection file to verify whether the first user has the first The individual related rights; furthermore, the rights control and management system 12 may also grant rights associated with the first individual to a second user corresponding to a second identity identification material.

The program control unit 120 is configured to interact with other units according to the judgment of the data judging unit 11 to control the execution of the related steps.

The data management unit 121 is configured to establish and manage an associated data collection file. The associated data collection file is stored in the storage module 14, and the associated data collection file includes a first tag serial number and a first identity. And identifying a first privilege substitute code of the pair of information, a first substitute code index value corresponding to the first privilege substitute code, and a first individual identification data hash value corresponding to the first privilege substitute code.

When the judgment result of the data judging unit 11 is: to verify whether the first user has the right related to the first individual (for example, having the right to read the information of the first individual), the program control unit 120 controls The pipe performs the following steps. First, the index value calculation unit 125 identifies the data and the first tag number according to the first identity, and uses an index value calculation formula to obtain a first post-replacement substitute code index value. Then, the searching unit 122 After the first reply, the substitute code index value is used to find the first substitute code index value from the association data collection file, and then find a first permission corresponding to the first identity identification data and the first tag serial number. The replacement code and a first individual identification data hash value. The reply calculation unit 123 uses a reply calculation formula according to the first personalized secret and the first authority replacement code to obtain a first recognized individual identification data. The hash value calculation unit 126 uses the hash function according to the first post-recovery individual identification data to obtain a hash value of the first identified individual data. The comparison unit 127 compares the first identified individual hash data value with the first individual identification data hash value; if the two match, the authority control and management system 12 authority verification result indicates (indicate) A user has rights associated with the first individual; if the two do not match, the rights verification result of the rights control and management system 12 indicates that the first user does not have rights associated with the first individual.

It is worth mentioning that the first personalization secret is “independently controlled by the first user”; if the first user passes the aforementioned authority verification, it means that the first personalized secret that is controlled by itself is correct, so it has the same A body related right.

When the right to be associated with the first individual is to be granted to the second user, the data management unit 121 first assigns a predetermined personalized secret information to the second user; then, the index value calculating unit 125 The second identity identification data and the first tag serial number, and using the index value calculation formula to obtain a second substitute code index value; then, the rights replacement code calculation unit 124 is based on the preset personalized secret, the first tag serial number, and the An identity identification data is used, and a substitute code calculation formula is used to obtain a second authority replacement code; then, the hash value calculation unit 126 identifies the data according to the first identity and uses the hash function to obtain the first individual identification data hash value. The data management unit 121 adds the second substitute code index value, the first individual identification data hash value, and the second rights replacement code to the associated data aggregation file to update the associated data collection file.

The hash function employed by the index value calculation unit 125 and the hash value calculation unit 126 has one-way and collision-resistance properties. The meaning of one-way is: given the input value of the hash function, it is very difficult to push back the input value from the output value calculated by the hash function; the meaning of the collision impedance is: to find two different input values to It is very difficult to calculate the same output value by the hash function.

Let f ₁ () represent the index value calculation formula, f ₂ () represents the substitute code calculation formula, and f ₃ () represents the return calculation formula, which respectively represent the following equations (1) to (3): I = f ₁ (T, A).........(1)

Wherein, T and A is the index value calculation formula two input parameters f ₁ (), and T represents the index value calculation formula input to a tag number f ₁ (), and A represents the input to the index value calculation formula f ₁ () is An identification data, I represents an index value of the substitute code index obtained by the index value f ₁ ().

S=f ₂ (P,T,O).........(2)

Where P, T, and O are the three input parameters of the alternative code calculation formula f ₂ (), P represents a humanized secret input to the substitute code calculation formula f ₂ (), and T represents the input to the substitute code calculation formula f ₂ ( A tag number, O represents an identity identification data input to the substitute code calculation formula f ₂ (), and S represents a rights replacement code obtained by the substitute code calculation formula f ₂ ().

O'=f ₃ (P',T',S').........(3)

Where P', T', and S' are the three input parameters of the return calculation formula f ₃ (), P' represents a humanized secret input to the return calculation formula f ₃ (), and T' represents the input to the reply calculation formula. a tag number of f ₃ (), S' represents a privilege substitute code input to the reply calculation formula f ₃ (), and O' represents a replied key identification data obtained by the reply key calculation formula f ₃ () .

It is worth mentioning that the index value calculation formula f ₁ () is a combination of one-way hash functions, and such a combination function also has a one-way property; that is, the index value calculates the substitute code of the output of the formula f ₁ () Although the index value is stored in the association data collection file, it is difficult to derive the identity identification data and the tag number as the input of the index value calculation formula f ₁ () from the substitute code index value. In addition, the substitute code calculation formula f ₂ () and the return calculation formula f ₃ () are paired, and the two have an inverse relationship; that is, when P=P' and T=T', input to the substitute code The individual identification data O of the calculation formula f ₂ () must coincide with the returned individual identification data O' obtained by the response calculation formula f ₃ (). Furthermore, it is still difficult to derive the corresponding identity identification data, the tag serial number, and the individual identification data by obtaining the stored substitute code index value, the authority substitution code, and the individual identification data hash value in the associated data collection file, thereby achieving Protect the benefits of individual information.

More specifically, in the preferred embodiment, the following equations (4) to (6) can be used, respectively, as the index value calculation formula f ₁ (), the substitute code calculation formula f ₂ (), and the return calculation formula f ₃ (): I=f ₁ (T,A)=hash(hash(T)||hash(A)).........(4)

S=f ₂ (P,T,O)=E _(P||T) (O).........(5)

O'=f ₃ (P',T',S')=D _(P'||T') (S').........(6)

Where hash() represents a hash function, the symbol "||" represents a concatenation of two messages, (P||T) represents an encryption key, and (P'||T') represents a decryption key. , E is an encryption calculation formula, and D is a decryption calculation formula.

In addition to the equations (5) to (6), the alternative code calculation formula f ₂ () and the return calculation formula f ₃ () can also be implemented in different calculation manners, for example, the following equations (7) to (8): S=f ₂ (P,T,O)=(hash(P||T)+α×O)mod q (7)

O'=f ₃ (P',T',S')=(α ^-1 ×S'+((-(α ^-1 ×hash(P'||T')mod q))mod q))mod q.........(8)

Where mod represents the modulus operation, α and q are two preset values and are mutually prime, and α ^-1 is a multiplicative inverse element of the modulo operation of α in q. For further explanation of the formulas (3) to (4), please refer to the Patent No. I255121 of the Republic of China proposed by the inventor of the present invention.

In the preferred embodiment, the data judging unit 11, the authority control and management system 12, and the individual information obtaining unit 13 are implemented in a software manner, and the implementation aspect thereof is a program product of the internal storage program. After the processor 1 loads and executes the program, the related authority control and security method of the individual connected to the RFID tag of the present invention can be completed. An embodiment of the storage module 14 is a database.

The following is a plurality of examples to further explain the steps of the related authority control and security method of the individual to which the RFID tag is linked, and the related rights control of the individual to which the RFID tag is linked and the operation of each component of the security architecture.

In the following examples, it is assumed that the associated authority control and security architecture of the individual to which the RFID tag is linked manages the related authority control and confidentiality of the plurality of individuals; and, a rights manager has the management authority of the plural entity and has authority to manage The identity identification data of the user who is granted the relevant authority of the individual.

[An example of granting a user the relevant rights of an individual to a tag link]

Please refer to Figure 1, Figure 2, and Figure 3. When an authority manager wants to grant the relevant rights of an individual linked to a tag to an authorized person, the relevant authority control and security framework of the individual to which the RFID tag is linked first verifies whether the executor of the authority grants the right. The job is executed, and the verification process is as shown in FIG. 2. If the verification determines that the performer has the job permission, the relevant steps of the authority grant as shown in FIG. 3 are successively executed, and otherwise the execution of the program is suspended.

Please refer to Figure 1 and Figure 2 first. In step S210, the related authority control of the individual to which the RFID tag is connected and the first tag number of the license receiving the label, the second identity identification data of the authorized person, and the first information received from the authority manager The first identity identification data of the user, a first personalized secret, and one of the related rights processing of the individual linked by the tag are requested.

In step S220, the material judging unit 11 makes a judgment according to the request; in the present example, the judging result of the material judging unit 11 is: a request for granting the relevant right of the individual to which the tag is attached to the authorized person.

In step S225, the program control unit 120 performs the regulation of the program steps based on the judgment result of the material judging unit 11.

In step S230, the index value calculation unit 125 identifies the data and the first tag number according to the first identity, and uses the index value calculation formula of the above formula (4) to obtain a first post-replacement substitute code index value.

In step S240, the searching unit 122 finds the first substitute code index value from the associated data collocation file based on the first post-replacement substitute code index value, and further searches for the first identity identification data and the first tag. A first privilege substitute code for the pair of information and a hash value of the first individual identification data.

In step S250, the reply calculation unit 123 obtains a first post-recovery individual identification data according to the first personalized secret and the first authority replacement code, and uses the reply calculation formula of the above formula (6).

In step S260, the hash value calculation unit 126 uses the pre-selected hash function according to the first post-recovery individual identification data to obtain a first post-recovery individual identification data hash value.

In step S270, the comparing unit 127 compares the first post-recovery individual identification data hash value with the first individual identification data hash value; if the two match, the permission control and management system 12 permissions are as in step S280. The verification result indicates that the authority manager has the right to perform the requested job; if the two do not match, the execution of the program is aborted as in step S290.

Next, please refer to FIG. 1 and FIG. 3 in combination, and it is confirmed in step S270 that the authority manager has the right to perform the assignment of the rights and then perform the execution.

In step S310, the material management unit 121 first assigns a preset personalized secret information to the second user who is the authorized person.

In step S320, the index value calculation unit 125 identifies the data and the first tag number based on the second identity, and uses the index value calculation formula of the above equation (4) to obtain a second substitute code index value.

In step S330, the rights replacement code calculation unit 124 determines the data according to the preset personalized secret, the first tag serial number, and the first identity identification data, and uses the substitute code calculation formula of the above formula (5) to obtain a second. Permission substitute code.

In step S340, the hash value calculation unit 126 identifies the data based on the first identity and uses the hash function to obtain the first individual identification data hash value.

In step S350, the data management unit 121 adds the second substitute code index value, the first individual identification data hash value, and the second rights replacement code to the associated data aggregation file to update the association data collection file; The authorized person has been granted the relevant rights of the individual to which the label is linked.

In step S360, the data management unit 121 of the authority control and management system 12 deletes the first tag serial number, the first personalized secret, the first identity identification data, the second identity identification data, the preset personalized secret, and the first Individual identification data after reply.

The associated authority control and security architecture of the RFID tag-linked individual may be organized into the following list after the processing of the authorization process is processed multiple times; wherein the table 1 includes an alternative The correspondence between the code index value, the authority substitution code, and the individual identification data hash value. In the preferred embodiment, a flag is further used to indicate that the record belongs to the rights manager or the authorized person; the flag value is 1 to indicate that it belongs to the rights manager, and the flag value is 0 to indicate Belongs to the authorized person.

[Example of deauthorization]

Continuing the above-mentioned authorization paradigm, this example illustrates the rights of the licensee to cancel the rights of the authorized person to the individual to which the tag is linked. Similar to the previous example, the execution process of this example consists of two parts: first, the related authority control and the confidentiality framework of the RFID tag link, and whether the executor of the deauthorization authority has the right to perform the operation. The verification process is as follows. As shown in the figure; if the verification determines that the performer has the job permission, the subsequent steps of canceling the authorization as shown in FIG. 4 are continued, and otherwise the execution of the program is suspended.

Steps S210 to S270 in FIG. 2, please refer to the description in the previous example; but in the present example, there is a slight difference in step S220, that is, the judgment result of the data judging unit 11 is: canceling the licensee for the label The requirements of the related rights of the connected individuals.

Next, please refer to FIG. 1 and FIG. 4 in combination, and it is confirmed in step S270 that the authority manager has the right to perform the operation of canceling the authorization and then perform the execution.

In step S410, the index value calculation unit 125 identifies the data and the first tag number according to the second identity, and uses the index value calculation formula of the above formula (4) to obtain a second post-replacement substitute code index value.

In step S420, the searching unit 122 finds a matching second substitute code index value from the association data collocation file based on the second replies substitute code index value, and further searches for the second substitute code index value. A second privilege substitute code.

In step S430, the data management unit 121 replaces the second permission substitute code corresponding to the step 420 in the associated data collocation file with an invalid code (NULL) to update the association data collocation file; at this time, it is authorized The relevant rights of the individuals linked to the label have been removed.

Continuing the above example, please refer to Table 1 and assume that the second substitute code index value is "index value 6", and the updated association data collection file is as shown in Table 2 below.

In step 440, the data management unit 121 of the authority control and management system 12 deletes the first tag serial number, the first personalized secret, the first identity identification data, the second identity identification data, and the first post-reviewed individual identification data.

[Example of changing personalization secrets]

The implementation process of this example consists of two parts: first, the related authority control and confidentiality framework verification of the individual connected to the RFID tag. Whether the user who wants to change the personalized secret has the right to perform the operation, the verification process is as shown in Figure 5. If the verification determines that the performer has the job permission, the subsequent steps of changing the personalized secret as shown in FIG. 6 are continued, and otherwise the execution of the program is suspended.

Please refer to Figures 1 and 5 first. In step S510, the related authority control and security framework of the individual to which the RFID tag is connected receives a first tag serial number, a first identity identification data, a first personalized secret, and a request to change the personalized secret.

In step S520, the material judging unit 11 makes a judgment according to the request; in the present example, the judging result of the material judging unit 11 is a request for changing the personalized secret.

In step S525, the program control unit 120 performs the regulation of the program steps based on the judgment result of the material judging unit 11.

In step S530, the index value calculation unit 125 identifies the data and the first tag number according to the first identity, and uses the index value calculation formula of the above formula (4) to obtain a first post-replacement substitute code index value.

In step S540, the searching unit 122 finds a matching first substitute code index value from the associated data collocation file based on the first post-replacement substitute code index value, and further searches for the first identity identification data, The first tag serial number is a first privilege substitute code for the pair of information and a first individual identification data hash value.

In step S550, the reply calculation unit 123 uses the reply calculation formula of the above formula (6) according to the first personalized secret and the first authority substitute code to obtain a first post-recovery individual identification data.

In step S560, the hash value calculation unit 126 uses the hash function according to the first post-recovery individual identification data to obtain a first post-recovery individual identification data hash value.

In step S570, the comparing unit 127 compares the first post-recovery individual identification data hash value with the first individual identification data hash value; if the two match, the permission control and management system 12 permissions are as in step S580. The verification result indicates that the user has the right to perform the requested job; if the two do not match, the execution of the program is aborted as in step S590.

Next, please refer to FIG. 1 and FIG. 6 in combination, and it is confirmed in step S570 that the user has the right to perform the personalization secret change operation and then execute it.

In step S610, the related authority control and the privacy framework of the individual connected to the RFID tag receive a new personalized secret; the authorized person may be required to input the new personalized secret twice, and the authorization is authorized by two inputs. The new personalized secret entered by the person is correct.

In step S620, the reply calculation unit 123 obtains a new permission by using the first tag serial number, the first post-recovery individual identification data, and the new personalized secret, and using the substitute code calculation formula of the above formula (5). code.

In step S630, the material management unit 121 replaces the first rights replacement code with the new rights replacement code to update the association data collection file; at this time, the authorized person's personalized secret has been Updated.

In step 640, the material management unit 121 of the authority control and management system 12 deletes the first tag serial number, the first personalized secret, the first identity identification material, the new personalized secret, and the first post-reviewed individual identification data.

[Example of reading]

Please refer to Figure 1 and Figure 7. In step S710, the associated authority control and security framework of the RFID-tagged individual receives a first tag serial number from a tag reading device, and a first identity identification data from a first user, a first person Secrets, and a body information read request.

In step S720, the data judging unit 11 makes a judgment according to the request; in the present example, the judgment result of the material judging unit 11 is: the request for individual information reading.

In step S725, the program control unit 120 performs the regulation of the program steps based on the judgment result of the material judging unit 11.

In step S730, the index value calculation unit 125 identifies the data and the first tag number based on the first identity, and uses the index value calculation formula of the above equation (4) to obtain a first post-replacement substitute code index value.

In step S740, the searching unit 122 finds a matching first substitute code index value from the associated data collocation file based on the first post-replacement substitute code index value, and further searches for the first identity identification data, The first tag serial number is a first privilege substitute code for the pair of information and a first individual identification data hash value.

In step S750, the reply calculation unit 123 obtains a first post-recovery individual identification data according to the first personalized secret and the first authority replacement code, and uses the reply calculation formula of the above formula (6).

In step S760, the hash value calculation unit 126 uses the hash function according to the first post-recovery individual identification data to obtain a first post-recovery individual identification data hash value.

In step S770, the comparison unit 127 compares the first recovered individual identification data hash value with the first individual identification data hash value; if the two match, then in step S780, The authority verification result of the authority control and management system 12 indicates that the authority manager has the right to read the information of the individual; if the two do not match, the execution of the program is suspended as in step S790.

In step S795, the individual information obtaining unit 13 obtains information corresponding to the first individual of the first post-returned individual identification data from the storage module 14 according to the first post-recovery individual identification data, and presents the information to the user.

In step S796, the material management unit 121 of the authority control and management system 12 deletes the first tag serial number, the first personalized secret, the first identity identification material, and the first post-reviewed individual identification data.

In summary, after the related authority control and security framework of the RFID tag link is completed, the received tag serial number, identity identification data, personalized secret, and individual identification data after being replied are deleted. . Even if the system intruder can only obtain the authority substitution code, the substitute code index value, the individual identification data hash value, etc. in the storage module 14; because the system intruder lacks the first personalized secret of the authority manager, and assigns to the authorized person The preset personalization secret, therefore, it is difficult to reply to the individual identification data, and thus the information protecting the individual is not obtained. In addition, the label used to link the individual only needs to have the label serial number, and the generation of the authority substitution code and the reply of the individual identification data are performed on the information system, so it is not necessary to use the computing capability label to verify the information in the reading label. Authorization does not require the use of specially designed labels or additional equipment to limit the reading of information within the label. The invention not only can effectively protect the privacy of individual data, but also has the hardware advantage of low cost.

The above is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, so that the shapes, structures, features, and spirits described in the claims of the present invention are equally varied and modified. All should be included in the scope of the patent application of the present invention.

1‧‧‧ processor

11‧‧‧Data Judging Unit

12‧‧‧Permission Control and Management System

120‧‧‧Program Control Unit

121‧‧‧Data Management Unit

122‧‧‧Search unit

123‧‧‧Response calculation unit

124‧‧‧Permission substitute code calculation unit

125‧‧‧ index value calculation unit

126‧‧‧Hybrid value calculation unit

127‧‧‧ comparison unit

13‧‧‧Individual information acquisition unit

14‧‧‧Storage module

The first figure is a block diagram of the related authority control and security architecture of the individual connected to the RFID tag of the present invention.

FIG. 2 is a flow chart showing the steps of verifying the execution permission of the verification operation in the related authority control and security method of the RFID tag connection.

FIG. 3 is a flow chart showing the steps of granting a user an associated right of a tag link to a user in the associated authority control and privacy method of the RFID tag tag associated with the present invention.

FIG. 4 is a flow chart showing the steps of canceling the authority that an authorized person has obtained in the related authority control and confidentiality method of the individual to which the RFID tag is connected.

FIG. 5 is a flow chart showing the steps of verifying a user's operation permission to change a personalized secret in a related authority control and confidentiality method of an individual connected to the RFID tag of the present invention.

FIG. 6 is a flow chart showing the steps of changing a user's personalized secret in the related authority control and privacy method of the RFID tag connection individual of the present invention.

FIG. 7 is a flow chart showing the steps of a user reading a piece of information linked to a tag in a related authority control and privacy method of an individual connected to the RFID tag of the present invention.

Claims (13)

A method for revealing individual information of a radio frequency identification (RFID) tag, which is executed by a processor loading program, and the associated data collection file of the processor is stored in pairs corresponding to a first user a first privilege substitute code of the first tag serial number and a pair of first identity identification information, a first substitute code index value corresponding to the first privilege substitute code, and a first privilege substitute value corresponding to the first privilege substitute code a first individual identification data hash value, the first label serial number is linked to a first individual, and the method for exposing the individual information of the radio frequency identification label comprises the following steps: identifying the data according to the first identity and the first label serial number, and An index value calculation formula is used to obtain a first post-replacement substitute code index value; and the first substitute code index value is found from the processor according to the first post-replacement substitute code index value, thereby finding a corresponding The first identity replacement code and the first individual identification data hash value of the first identity identification information and the first individual identification data; and the first user according to the first user Humanized secret and the first privilege substitute code, and using a reply calculation formula to obtain a first identifiable individual identification data; according to the first replied individual identification data and using a hash function to obtain a first identified data hash value after the first reply; and a determination as to whether the first identified individual hash data value matches the first individual identification data hash value: if yes, the first user has an indication The first individual related right; and if not, indicating that the first user does not have rights associated with the first individual. The disclosure method of the individual information linked by the radio frequency identification tag according to claim 1, wherein when the step of indicating that the first user has the right related to the first individual, the method further comprises the following steps: assigning a pre- Setting the personalized secret information to a second user; identifying the data and the first label serial number according to the second identity of the second user, and benefiting Using the index value calculation formula to obtain a second substitute code index value; according to the preset personalized secret, the first tag serial number, and the first identity identification data, and using an alternative code calculation formula, Obtaining a second authority substitute code; identifying the data according to the first identity and using the hash function to obtain the first individual identification data hash value; and the second substitute code index value and the first individual identification data are hashed And the second privilege substitute code is paired to the associated data merging file to update the associated data merging file; and deleting the first tag serial number, the first personalized secret, the first The identity identification data, the second identity identification data, the preset personalized secret, and the first identified personal identification data. The method for exposing the individual information of the radio frequency identification tag according to claim 2, wherein when the step of indicating that the first user has the right related to the first individual, the method further comprises the step of: identifying according to the second identity Data and the first tag serial number, and using the index value calculation formula to obtain a second post-replacement substitute code index value; and using the second post-replacement substitute code index value as the basis, and finding from the related data collection file Aligning a second substitute code index value, and further finding a second privilege substitute code corresponding to the second substitute code index value; replacing the corresponding one of the associated data assemblage files with an invalid code (NULL) The second authority substitute code to update the association data collection file; and deleting the first label serial number, the first personalized secret, the first identity identification data, the second identity identification data, and the first reply Post-individual identification data. The disclosure method of the individual information linked by the radio frequency identification tag according to claim 1, wherein when the step of indicating that the first user has the right related to the first individual, the method further comprises the step of: receiving a new personalized secret According to the first label serial number, the first identified individual information after being replied, and the new individual Securing a secret, and using a substitute code calculation formula to obtain a new permission replacement code; replacing the first permission replacement code with the new permission replacement code to update the associated data collection file; and deleting the first tag serial number The first personalized secret, the first identity identification material, the new personalized secret, and the first identified personal identification data. The method for exposing the individual information of the radio frequency identification tag according to claim 1, wherein when the step of indicating that the first user has the right related to the first individual, the method further comprises the step of: obtaining the first corresponding to the first The information of the first individual of the individual identification data is retrieved after being replied; and the first tag serial number, the first personalized secret, the first identity identification data, and the first post-reviewed individual identification data are deleted. The disclosure method of the individual information linked by the radio frequency identification tag described in claim 1, wherein the index value is calculated as I=hash(hash(T)||hash(A)), and T and A are the first identity respectively. The identification data and the first label serial number, I is the replacement code index value after the first reply, hash() represents a hash function, and the symbol "||" represents a concatenation of two messages. The disclosure method of the individual information linked by the radio frequency identification tag described in claim 1, wherein the reply calculation formula is O'=D _(P'||T') (S'), and P' represents the first personalized secret. T' represents the first tag serial number, S' represents the first privilege substitute code, O' represents the first identified individual identification data, (P'||T') represents a decryption key, and D is decrypted. Calculation formula. The disclosure method of the individual information linked by the radio frequency identification tag described in claim 1, wherein the return calculation formula is O'=(α ^-1 ×S'+((-(α ^-1 ×hash(P'||T ') mod q)) mod q)) mod q, P' represents the first personalized secret, T' represents the first tag serial number, S' represents the first privilege replacement code, and O' represents the first replied Individual identification data, (P'||T') represents a decryption key, mod represents modulo operation, α and q are two preset values and are mutually prime, α ^-1 is the modulo operation of α in q A multiplicative inverse element, hash() represents a hash function. The disclosure method of the individual information linked by the radio frequency identification tag described in claim 2, wherein the substitute code is S=E _(P||T) (O), P represents the preset personalized secret, and T represents The first label serial number, O represents the first identity identification data, S represents the second authority replacement code, (P||T) represents an encryption key, E is an encryption calculation formula, and the response calculation formula is O '=D _(P'||T') (S'), P' represents the first personalized secret, T' represents the first tag serial number, S' represents the first privilege substitute code, and O' represents the first After being replied to the individual identification data, (P'||T') represents a decryption key and D is a decryption calculation formula. The disclosure method of the individual information linked by the radio frequency identification tag described in claim 2, wherein the substitute code is S=(hash(P||T)+α×O)mod q, and P represents the preset individual The secret, T represents the first label serial number, O represents the first identity identification data, S represents the second authority replacement code, mod represents the modulus operation, α and q are two preset values and are relatively prime, α ^{- 1} is a multiplicative inverse element of the modulo operation of α in q, hash() represents a hash function, and the return is calculated as O'=(α ^-1 ×S'+((-(α ^-1 ×hash( P'||T') mod q)) mod q)) mod q, P' represents the first personalized secret, T' represents the first tag serial number, S' represents the first privilege substitute code, and O' represents the After the first reply, the individual identification data, (P'||T') represents a decryption key, mod represents the modulus operation, α and q are two preset values and are mutually prime, α ^-1 is α in q A multiplicative inverse element of the modulo operation, hash() represents a hash function. A method for granting an individual information of a radio frequency identification tag is implemented by a processor loading program, the processor includes a storage module, and the method for granting individual information of the RFID tag comprises the following steps: A) receiving a body identification data, a tag serial number and a user identity identification data and a personalization secret; (B) calculating according to the tag serial number, the individual identification data, and the personalized secret and using a substitute code To obtain a privilege substitute code; (C) using an index value calculation formula to obtain a substitute code index value corresponding to one of the privilege substitute codes according to the identity identification data and the tag number; (D) identifying the individual based on the code Data and use a hash function to find the corresponding substitute code (E) adding the index value, the permission substitute code, and the hash value to an associated data collection file in the storage module; and (H) deleting the identity identification information , the personalized secret, and the serial number of the label. An authority control and management system for personal information linked by a radio frequency identification tag, configured to identify data according to a first identity of a first user, a first personalized secret of the first user, and link to a first individual a first label serial number, and cooperate with an established association data collection file to verify whether the first user has the relevant right of the first individual, the authority control and management system comprises: a data management unit, configured to: Managing the association data collection file, wherein the association data collection file includes at least one substitute code index value, a rights replacement code corresponding to the substitute code index value, and a body identification data hash corresponding to the rights replacement code a value calculation unit for identifying the data and the first label number according to the first identity, and using an index value calculation formula to obtain an alternative code index value; a search unit for replacing the Code index value, and using the associated data collection file to find a first authority replacement code and a first individual identification data hash value; a reply The calculating unit is configured to: according to the first personalized secret and the first privilege substitute code found, and use a reply calculation formula to obtain an individual identification data after being replied; a hash value calculation unit for After being replied, the individual identifies the data and uses a hash function to obtain a hash value of the individual identification data after being replied; a comparison unit for arranging the hash value of the individual identification data after the reply and the first individual found Identifying the data hash value for comparison, when the two match, indicating that the first user has rights related to the first individual, and if the two do not match, indicating that the first user does not have the first Individual related rights; and a program control unit for interacting with the above units to control the execution of the above procedures. The permission control and management system of claim 12, further comprising a rights replacement code calculation unit, wherein the data management unit further assigns a preset second personalized secret to a second user, the second use Corresponding to a second identity identification data, the cable The index calculation unit is configured to identify the information and the first label number according to the second identity, and use the index value calculation formula to obtain a preset second substitute code index value, where the authority substitute code calculation unit is used. Determining a preset second privilege substitute code according to the preset second personalized secret and the identification data of the first individual, and using a substitute code calculation formula, the data management unit The second substitute code index value and the preset second rights substitute code are added to the associated data aggregate file to update the associated data aggregate file, wherein the preset second rights substitute code Corresponding to the preset second substitute code index value.