TWI470990B - Radio frequency identification (RFID) tag to link the individual information disclosure method, the right to grant the method and authority control and management system - Google Patents
Radio frequency identification (RFID) tag to link the individual information disclosure method, the right to grant the method and authority control and management system Download PDFInfo
- Publication number
- TWI470990B TWI470990B TW101134677A TW101134677A TWI470990B TW I470990 B TWI470990 B TW I470990B TW 101134677 A TW101134677 A TW 101134677A TW 101134677 A TW101134677 A TW 101134677A TW I470990 B TWI470990 B TW I470990B
- Authority
- TW
- Taiwan
- Prior art keywords
- individual
- identification data
- data
- code
- tag
- Prior art date
Links
Description
本發明係有關一種個體資訊之揭露技術,特別是關於一種被射頻辨識(RFID)標籤所連結之個體的資訊揭露方法、權利授予方法及權限控制與管理系統。The present invention relates to an exposing technique for individual information, and more particularly to an information disclosure method, a rights granting method, and an authority control and management system for an individual linked by a radio frequency identification (RFID) tag.
在識別不同個體時,可以依據某個具有唯一性的資料來進行識別,例如在中華民國,兩個人的身分證號碼不會相同,因此身分證號碼常做為識別人的屬性,這類可以用來識別個體的資料,可以稱之為「識別用資料」。When identifying different individuals, they can be identified based on a unique data. For example, in the Republic of China, the identity card numbers of the two people will not be the same, so the ID number is often used as the attribute of the identification person. The data used to identify an individual can be called "identification data."
在資訊系統的設計上,具唯一性的「識別用資料」之選擇是非常關鍵的,因為它是從大量資料中搜尋出與個體相關之資訊的索引。常見的識別用資料有身分證號碼、病人的病歷號碼、學生的學生證號碼、商店裡的物品編號、銀行的帳號(自然人或法人的帳號)、或者是一個全球性標準組織所賦予的具唯一性之識別碼;有時候兩個以上的資料的組合也具有唯一性,這樣的組合也是一種「識別用資料」。In the design of information systems, the choice of unique "identification data" is very important because it is an index that searches for information related to individuals from a large amount of data. Common identification materials include the ID number, the patient's medical record number, the student's student ID number, the item number in the store, the bank's account number (natural or legal person's account number), or a unique one given by a global standards organization. Sexual identification code; sometimes the combination of two or more materials is also unique, and such a combination is also a "identification data."
在資訊系統的運作中,系統接收的識別用資料常常是由人輸入的,例如學生在學校系統輸入學生證號碼、醫院人員在醫療系統輸入病人的病歷號碼等;人為輸入識別用資料可能會發生輸入上的錯誤,降低了識別的效率與準確性。In the operation of the information system, the identification data received by the system is often input by a person. For example, the student inputs the student ID number in the school system, the hospital staff enters the patient's medical record number in the medical system, and the human input identification data may occur. Errors in the input reduce the efficiency and accuracy of the identification.
射頻識別(Radio Frequency Identification,RFID)技術是目前常用來提昇個體識別效率與準確度的應用科技。在配備射頻辨識讀取裝置(reader)的系統中,揭露個體之資訊的先前技術,通常是將標籤之序號及標籤所連結之個體的識別資料成對儲存,以記錄兩者的對應關係;因此,系統接收到讀取裝置傳來的標籤序號時,可以根據儲存的對應關係取得對應的識別資料,進而揭露被該標籤所連結之個體的資訊。一般而言,若RFID系統未經特別設計,則持有讀取裝置的 未經授權者也可以讀取得到標籤序號,進而可能根據被儲存的關連性,取得個體的資訊;此一不當揭露資訊的可能風險,學者Ohkubo等人於2005年也提出相同的觀點。Radio Frequency Identification (RFID) technology is currently used to improve the efficiency and accuracy of individual identification. In a system equipped with a radio frequency identification reader, the prior art for exposing the information of an individual usually stores the serial number of the tag and the identification data of the individual to which the tag is linked, in order to record the correspondence between the two; When the system receives the tag serial number transmitted by the reading device, the system may obtain the corresponding identification data according to the stored correspondence relationship, thereby exposing the information of the individual connected by the tag. In general, if the RFID system is not specially designed, it holds the reading device. Unauthorized persons can also read the serial number of the label, and thus may obtain the individual's information according to the stored relevance; this is a possible risk of improper disclosure of information, and the scholar Ohkubo et al. also put forward the same viewpoint in 2005.
目前被RFID標籤連結之個體的資訊隱私保護,多是以限制標籤之讀取的方式,達到只有被授權的人才可以讀取標籤內之資訊的目的,進而避免未經授權的人利用所取得之標籤內的資訊搜尋到標籤所連結之個體的識別用資料。例如使用具運算能力之標籤,以執行對稱式金鑰加密法(symmetric cryptography)、公開金鑰加密法(asymmetric cryptography)、赫序鎖定(hash-lock)、連鎖赫序(hash-chain)等密碼學方法的計算,以驗證讀取者的讀取權限。又如用到其他裝置與方法來限制標籤讀取的方式,避免標籤內的資訊外洩,如法拉地箱(faraday cage)、主動干擾(active jamming)、阻斷(blocker)等。The information privacy protection of individuals currently connected by RFID tags is mostly to restrict the reading of tags, so that only authorized personnel can read the information in the tags, thereby avoiding unauthorized use. The information in the tag searches for the identification data of the individual to which the tag is linked. For example, using a computing capability tag to perform symmetric cryptography, asymmetric cryptography, hash-lock, hash-chain, etc. Learn the method of calculation to verify the reader's read permissions. Another example is the use of other devices and methods to limit the way the tags are read, to avoid leakage of information inside the tags, such as faraday cages, active jamming, blockers, and the like.
上述用於被射頻辨識標籤連結之個體的資訊隱私保護習知方法,其實施需要採用具有運算能力的標籤、特殊設計的標籤,或是額外的設備;但是,RFID應用系統通常會使用到大量的標籤,增加了成本負擔。The above-mentioned information privacy protection method for an individual connected by a radio frequency identification tag requires implementation of a computing-capable tag, a specially designed tag, or an additional device; however, the RFID application system usually uses a large amount of Labels add to the cost burden.
因此,本發明之主要目的,在於提供一種射頻辨識標籤連結之個體的資訊揭露方法。此方法係由一處理器來實現,處理器包括一儲存模組且可與至少一標籤讀取裝置連結。此方法包含下列步驟:(A)接收來自一使用者的一請求、一身分識別資料、一個人化秘密,以及來自一標籤讀取裝置的一標籤序號;(B)根據步驟(A)所接收的身分識別資料、個人化秘密,及標籤序號,利用儲存模組內的一關聯性資料彙集檔進行權限驗證,其中,關聯性資料彙集檔包括對應於身分識別資料、標籤序號這一對資訊的 一「權限替代碼」,步驟(B)包括下列子步驟:(b-1)根據步驟(A)所接收的身分識別資料及標籤序號,利用關聯性資料彙集檔進行查找,以查找出權限替代碼;(b-2)根據步驟(A)所接收的身分識別資料、個人化秘密、及子步驟(b-1)查找出的權限替代碼,並利用一回復計算式,以求得一被回復後個體識別資料;(b-3)根據被回復後個體識別資料進行驗證;及(C)若子步驟(b-3)的驗證結果為被回復後個體識別資料驗證無誤,則代表使用者通過權限驗證,並繼續進行相關於請求的操作。Therefore, the main object of the present invention is to provide an information disclosure method for an individual to which a radio frequency identification tag is connected. The method is implemented by a processor that includes a storage module and is connectable to at least one tag reading device. The method comprises the steps of: (A) receiving a request from a user, an identity identification material, a personalization secret, and a tag serial number from a tag reading device; (B) receiving according to step (A) The identity identification data, the personalized secret, and the tag serial number are used to verify the authority by using an associated data collection file in the storage module, wherein the associated data collection file includes the pair of information corresponding to the identity identification data and the tag serial number. A "permission substitute code", the step (B) comprises the following sub-steps: (b-1) according to the identity identification data and the tag serial number received in the step (A), using the associated data collection file to perform a search to find the permission replacement (b-2) according to the identity identification data received in step (A), the personalized secret, and the permission substitution code found in sub-step (b-1), and using a reply calculation formula to obtain a After the reply, the individual identifies the data; (b-3) verifies according to the individual identification data after being replied; and (C) if the verification result of the sub-step (b-3) is that the individual identification data is verified after being replied, Permission verification and proceed with the requested action.
本發明之另一目的,即在提供一種用於揭露已被射頻辨識標籤連結之個體的資訊之程式產品,當一處理器載入程式並執行後,可完成上述射頻辨識標籤連結之個體的資訊揭露方法Another object of the present invention is to provide a program product for exposing information of an individual connected to a radio frequency identification tag. When a processor loads and executes the program, the information of the individual connected to the radio frequency identification tag can be completed. Exposure method
本發明之又一目的,即在提供一種射頻辨識標籤連結之個體的資訊相關權利授予方法。此方法係由一處理器來實現,處理器包括一儲存模組且可與至少一標籤讀取裝置連結。此方法包含下列步驟:(A)接收一個體識別資料、來自一標籤讀取裝置的一標籤序號、來自一使用者的一身分識別資料及一個人化秘密;(B)根據所接收的個體識別資料、標籤序號,及個人化秘密,並利用一替代碼計算式,以求得一權限替代碼;(C)根據所接收的個體識別資料及標籤序號並利用一索引值計算式,以求得對應權限替代碼之一替代碼索引值;(D)根據所接收的個體識別資料並利用一雜湊函數,以求得個體 識別資料的對應替代碼索引值之一雜湊值;(E)將替代碼索引資料、權限替代碼,及個體識別資料雜湊值新增至儲存模組內的一關聯性資料彙集檔中;及(F)刪除身分識別資料、個人化秘密,及標籤序號。It is still another object of the present invention to provide an information-related rights granting method for an individual to which a radio frequency identification tag is linked. The method is implemented by a processor that includes a storage module and is connectable to at least one tag reading device. The method comprises the steps of: (A) receiving a body identification data, a tag serial number from a tag reading device, a identity identification data from a user, and a personalization secret; (B) based on the received individual identification data , the tag serial number, and the personalization secret, and use an alternative code calculation formula to obtain a permission replacement code; (C) according to the received individual identification data and the tag serial number and using an index value calculation formula to obtain a corresponding One of the rights substitution codes replaces the code index value; (D) obtains an individual based on the received individual identification data and utilizes a hash function (E) adding the substitute code index data, the rights replacement code, and the individual identification data hash value to an associated data collection file in the storage module; and F) Delete identity identification data, personalized secrets, and tag serial numbers.
本發明之又一目的,即在提供一種用於射頻辨識標籤連結的個體之資訊讀取權利授予的程式產品,當至少一處理器載入此程式並執行後,可完成上述之個體資訊讀取權利授予方法。Another object of the present invention is to provide a program product for granting information read rights for an individual of a radio frequency identification tag link, which can be read by at least one processor after the program is loaded and executed. Method of granting rights.
本發明之又一目的,即在提供一種射頻辨識標籤連結之個體的資訊相關權限控制與管理系統。It is still another object of the present invention to provide an information-related authority control and management system for an individual to which a radio frequency identification tag is linked.
於是,本發明權限控制與管理系統,用以根據一第一使用者的一第一身分識別資料、第一使用者的一第一個人化秘密,及一第一標籤序號,並利用一程序控管單元及配合已建立的一關聯性資料彙集檔,以驗證第一使用者是否具有與第一標籤序號相關連之第一個體的相關權利。權限控制與管理系統還包含一程序控管模組、一權限替代碼計算單元、一資料管理單元、一查找單元、一索引值計算單元、一回復計算單元、一雜湊值計算單元、及一比對單元。Therefore, the authority control and management system of the present invention is configured to identify data according to a first identity of a first user, a first personalized secret of the first user, and a first tag serial number, and utilize a program control The unit cooperates with an established data collection file to verify whether the first user has the relevant rights of the first individual associated with the first tag serial number. The authority control and management system further comprises a program control module, a rights replacement code calculation unit, a data management unit, a search unit, an index value calculation unit, a reply calculation unit, a hash value calculation unit, and a ratio For the unit.
程序控管單元用以與其他單元互動,以控管權限控制與管理的相關程序之執行。The program control unit is used to interact with other units to control the execution of related procedures for authority control and management.
權限控制與管理系統在將被一射頻辨識標籤連結之一個體的相關權利給一使用者時,由權限替代碼計算單元根據該使用者決定之個人化秘密及該標籤之序號計算得到一權限替代碼。When the authority control and management system gives a user the right to be associated with an individual identified by the RFID tag, the authority substitution code calculation unit calculates a rights replacement according to the personalized secret determined by the user and the serial number of the tag. code.
資料管理單元用以管理關聯性資料彙集檔,其中,關聯性資料彙 集檔包括對應於第一標籤序號、第一身分識別資料這一對資訊的一第一權限替代碼,以及第一個體的一第一個體識別資料雜湊值。索引值計算單元用以根據第一身分識別資料及第一標籤序號,利用一索引值計算式以求得一替代碼索引值。查找單元用以根據計算所得之替代碼索引值,並利用關聯性資料彙集檔,以查找出第一權限替代碼及第一識別資料雜湊值。回復計算單元用以根據第一個人化秘密、第一標籤序號、及第一權限替代碼,並利用一回復計算式,以求得一被回復後個體識別資料。雜湊值計算單元用以根據被回復後個體識別資料並利用雜湊函數,以求得一被回復後個體識別資料雜湊值。比對單元用以將被回復後個體資料雜湊值與第一個體識別資料雜湊值進行比對,若兩者相符,則權限控制與管理系統的權限驗證結果指示第一使用者具有與第一個體相關之權利,若兩者不相符,則權限控制與管理系統的權限驗證結果指示第一使用者不具有與第一個體相關之權利。The data management unit is used to manage the related data collection file, wherein the related data collection The set file includes a first privilege substitute code corresponding to the first tag serial number, the first identity identification data, and a first individual identification data hash value of the first individual. The index value calculation unit is configured to use an index value calculation formula to obtain an alternative code index value according to the first identity identification data and the first tag serial number. The searching unit is configured to search for the first privilege substitute code and the first identifiable data hash value according to the calculated substitute code index value and the associated data merging file. The reply calculation unit is configured to use the return calculation formula according to the first personalized secret, the first tag serial number, and the first authority replacement code to obtain an individual identification data after being returned. The hash value calculation unit is configured to use the hash identification function according to the individual identification data after the reply, to obtain a hash value of the individual identification data after being recovered. The comparison unit is configured to compare the individual data hash value after the reply with the first individual identification data hash value, and if the two match, the authority control and management system authority verification result indicates that the first user has the first individual A related right, if the two do not match, the authority verification and management system's authority verification result indicates that the first user does not have the right associated with the first individual.
本發明之功效在於使用預先產生並儲存的一權限替代碼來取代一標籤之序號、標籤所連結之個體的識別資料、及一位具個體相關權限之使用者自主選擇的被授權碼等三者之對應關係,使得標籤序號及被授權碼不必被儲存,標籤序號、被授權碼、及個體識別資料三者之間的相互對應關係也被隱藏。之後,一標籤所連結之個體的資訊是否被揭露的判斷,是以使用者的一輸入、標籤之序號、及對應之權限替代碼等三者是否可以回復出個體之識別資料為驗證的依據;若可以回復,則以被回復的個體識別資料為索引來取得個體之資訊並予以揭露,反之則拒絕揭露。因為權限替代碼之產生及個體識別資料之回復 是在資訊系統上執行,並且,用以連結個體的標籤只需要具有標籤序號,故不需要使用具有運算能力的標籤來驗證讀取標籤內資訊的授權,也不需要使用特殊設計的標籤或是額外的設備來限制標籤內資訊的讀取,具有低成本的優勢。The effect of the present invention is to replace the serial number of a tag, the identification data of the individual to which the tag is linked, and the authorized code selected by the user with individual rights, using a permission replacement code generated and stored in advance. The correspondence relationship is such that the tag serial number and the authorized code do not have to be stored, and the mutual correspondence between the tag serial number, the authorized code, and the individual identification data is also hidden. After that, whether the information of the individual linked to the label is revealed is based on whether the user's input, the serial number of the label, and the corresponding authority replacement code can reply to the identification data of the individual as the basis for verification; If the reply is replied, the individual's identification data is used as an index to obtain the individual's information and expose it, and vice versa. Because of the generation of the privilege substitution code and the reply of the individual identification data It is executed on the information system, and the label used to link the individual only needs to have the label serial number, so it is not necessary to use the computing capability label to verify the authorization to read the information in the label, and does not need to use a specially designed label or Additional equipment to limit the reading of information within the tag has the advantage of low cost.
茲為使 貴審查委員對本發明之結構特徵及所達成之功效更有進一步之瞭解與認識,謹佐以較佳之實施例圖及配合詳細之說明,說明如後:For a better understanding and understanding of the structural features and the achievable effects of the present invention, please refer to the preferred embodiment and the detailed description.
請參閱第1圖。本發明射頻辨識標籤連結之個體的相關權限控制與保密架構之較佳實施例,包含一資料判斷單元11、一權限控制與管理系統12、一個體資訊取得單元13,及一儲存模組14。在本較佳實施例中,權限控制與保密架構係以一處理器1來實現,處理器1可與至少一射頻辨識(RFID)標籤讀取裝置(reader)(圖未示)相通訊。Please refer to Figure 1. A preferred embodiment of the associated authority control and security architecture of the RFID-tagged individual of the present invention comprises a data determination unit 11, an authority control and management system 12, a body information acquisition unit 13, and a storage module 14. In the preferred embodiment, the rights control and security architecture is implemented by a processor 1 that can communicate with at least one radio frequency identification (RFID) tag reader (not shown).
該資料判斷單元11用以接收來自讀取裝置及來自一使用者的資料進行判斷;權限控制與管理系統12用以根據來自讀取裝置及來自使用者的資料,及資料判斷單元11的判斷結果,進行與權限控制與管理的相關處理;個體資訊取得單元13用以進行個體資訊之取得;儲存模組14用以儲存權限控制與管理系統12的處理結果,以及個體之資訊。The data judging unit 11 is configured to receive data from the reading device and from a user for determining; the authority control and management system 12 is configured to determine the judgment result of the data judging unit 11 based on the data from the reading device and the user. The related information processing and management are performed; the individual information obtaining unit 13 is configured to perform the acquisition of the individual information; the storage module 14 is configured to store the processing result of the authority control and management system 12, and the information of the individual.
其中,權限控制與管理系統12為本發明之改良重點與核心,其包括一程序控管單元120、一資料管理單元121、一查找單元122、一個體識別資料回復(recovery)計算單元123、一權限替代碼(substitute-code)計算單元124、一索引值計算單元125、一個體識別資料雜湊(hash)值計算單元126、及一比對單元127。The authority control and management system 12 is the improvement focus and core of the present invention, and includes a program control unit 120, a data management unit 121, a search unit 122, a body identification data recovery (recovery) calculation unit 123, and a A rights substitute code (substitute-code) calculation unit 124, an index value calculation unit 125, a body identification data hash value calculation unit 126, and a comparison unit 127.
其中,權限控制與管理系統12主要可根據一第一使用者的一第一身分識別資料(identifier,ID)、第一使用者自主掌控的 (discretionary)一第一個人化秘密(personalize secret)、及連結到一第一個體之一第一標籤序號,並配合已建立的一關聯性資料彙集檔,以驗證第一使用者是否具有與第一個體相關之權利;再者,權限控制與管理系統12還可授予與第一個體相關之權利給對應於一第二身分識別資料的一第二使用者。The authority control and management system 12 can be based on a first user's first identity identification (ID), and the first user is in charge of the first user. (discretionary) a first personalization secret (personalize secret), and a first label number linked to a first individual, and cooperate with an established association data collection file to verify whether the first user has the first The individual related rights; furthermore, the rights control and management system 12 may also grant rights associated with the first individual to a second user corresponding to a second identity identification material.
其中,程序控管單元120用以根據資料判斷單元11之判斷來與其他單元互動,以控管相關步驟之執行。The program control unit 120 is configured to interact with other units according to the judgment of the data judging unit 11 to control the execution of the related steps.
其中,資料管理單元121用以建立並管理一關聯性資料彙集檔;其中,關聯性資料彙集檔係儲存於儲存模組14,且關聯性資料彙集檔包括對應於第一標籤序號、第一身分識別資料這一對資訊的一第一權限替代碼、對應於第一權限替代碼的一第一替代碼索引值、及對應於第一權限替代碼的一第一個體識別資料雜湊值。The data management unit 121 is configured to establish and manage an associated data collection file. The associated data collection file is stored in the storage module 14, and the associated data collection file includes a first tag serial number and a first identity. And identifying a first privilege substitute code of the pair of information, a first substitute code index value corresponding to the first privilege substitute code, and a first individual identification data hash value corresponding to the first privilege substitute code.
當資料判斷單元11的判斷結果為:要驗證第一使用者是否具有與第一個體相關之權利(例如,具有「可讀取該第一個體之資訊的權利)時,程序控管單元120控管進行以下步驟,首先,索引值計算單元125根據第一身分識別資料及第一標籤序號,並利用一索引值計算式以求得一第一回復後替代碼索引值。接著,查找單元122以第一回復後替代碼索引值為依據,從關聯性資料彙集檔中找到第一替代碼索引值,進而查找出對應於第一身分識別資料、第一標籤序號這一對資訊的一第一權限替代碼及一第一個體識別資料雜湊值。回復計算單元123根據第一個人化秘密及第一權限替代碼,並利用一回復計算式,以求得一第一被回復後個體識别資料。接著,雜湊值計算單元126根據第一被回復後個體識别資料並利用雜湊函數,以求得一第一被回復後個體識别資料雜湊值。最後,比對單元127再將第一被回復後個體識别資料雜湊值與第一個體識別資料雜湊值進行比對;若兩者相符,則權限控制與管理系統12的權限驗證結果指示(indicate)第一使用者具有與第一個體相關之權利;若兩者不相符,則權限控制與管理系統12的權限驗證結果指示第一使用者不具有與第一個體相關之權利。When the judgment result of the data judging unit 11 is: to verify whether the first user has the right related to the first individual (for example, having the right to read the information of the first individual), the program control unit 120 controls The pipe performs the following steps. First, the index value calculation unit 125 identifies the data and the first tag number according to the first identity, and uses an index value calculation formula to obtain a first post-replacement substitute code index value. Then, the searching unit 122 After the first reply, the substitute code index value is used to find the first substitute code index value from the association data collection file, and then find a first permission corresponding to the first identity identification data and the first tag serial number. The replacement code and a first individual identification data hash value. The reply calculation unit 123 uses a reply calculation formula according to the first personalized secret and the first authority replacement code to obtain a first recognized individual identification data. The hash value calculation unit 126 uses the hash function according to the first post-recovery individual identification data to obtain a hash value of the first identified individual data. The comparison unit 127 compares the first identified individual hash data value with the first individual identification data hash value; if the two match, the authority control and management system 12 authority verification result indicates (indicate) A user has rights associated with the first individual; if the two do not match, the rights verification result of the rights control and management system 12 indicates that the first user does not have rights associated with the first individual.
值得一提的是,第一個人化秘密是由第一使用者「自主掌控的」;若第一使用者通過前述權限驗證,則表示其自主掌控的第一個人化秘密正確無誤,故其具有與第一個體相關之權利。It is worth mentioning that the first personalization secret is “independently controlled by the first user”; if the first user passes the aforementioned authority verification, it means that the first personalized secret that is controlled by itself is correct, so it has the same A body related right.
當要授予與第一個體之相關權利給第二使用者時,該資料管理單元121先指派(assign)一預設的個人化秘密資訊給第二使用者;接著,索引值計算單元125根據第二身分識別資料及第一標籤序號,並利用索引值計算式以求得一第二替代碼索引值;接著,權限替代碼計算單元124根據預設的個人化秘密、第一標籤序號、及第一身分識別資料,並利用替代碼計算式,以求得一第二權限替代碼;然後,雜湊值計算單元126根據第一身分識別資料並利用雜湊函數,以求得第一個體識别資料雜湊值;資料管理單元121將第二替代碼索引值、第一個體識别資料雜湊值、及第二權限替代碼新增至關聯性資料彙集檔,以更新(update)關聯性資料彙集檔。When the right to be associated with the first individual is to be granted to the second user, the data management unit 121 first assigns a predetermined personalized secret information to the second user; then, the index value calculating unit 125 The second identity identification data and the first tag serial number, and using the index value calculation formula to obtain a second substitute code index value; then, the rights replacement code calculation unit 124 is based on the preset personalized secret, the first tag serial number, and the An identity identification data is used, and a substitute code calculation formula is used to obtain a second authority replacement code; then, the hash value calculation unit 126 identifies the data according to the first identity and uses the hash function to obtain the first individual identification data hash value. The data management unit 121 adds the second substitute code index value, the first individual identification data hash value, and the second rights replacement code to the associated data aggregation file to update the associated data collection file.
其中,索引值計算單元125及雜湊值計算單元126所採用的雜湊函數具有單向(one way)及碰撞阻抗(collision-resistance)的性質。單向的意義是:給定雜湊函數一輸入值,要從雜湊函數計算後的一輸出值回推輸入值是非常困難的;碰撞阻抗的意義是:要找到兩個相異的輸入值至雜湊函數以計算出相同的一輸出值是非常困難的。The hash function employed by the index value calculation unit 125 and the hash value calculation unit 126 has one-way and collision-resistance properties. The meaning of one-way is: given the input value of the hash function, it is very difficult to push back the input value from the output value calculated by the hash function; the meaning of the collision impedance is: to find two different input values to It is very difficult to calculate the same output value by the hash function.
令f1 ()代表索引值計算式、f2 ()代表替代碼計算式、f3 ()代表回復計算式,分別表示如以下式(1)~(3):I=f1 (T,A)………(1)Let f 1 () represent the index value calculation formula, f 2 () represents the substitute code calculation formula, and f 3 () represents the return calculation formula, which respectively represent the following equations (1) to (3): I = f 1 (T, A).........(1)
其中,T及A為索引值計算式f1 ()的兩個輸入參數,T代表輸入至索引值計算式f1 ()的一標籤序號,A代表輸入至索引值計算式f1 ()的一身分識別資料,I代表索引值計算式f1 ()所求得的一替代碼索引值。Wherein, T and A is the index value calculation formula two input parameters f 1 (), and T represents the index value calculation formula input to a tag number f 1 (), and A represents the input to the index value calculation formula f 1 () is An identification data, I represents an index value of the substitute code index obtained by the index value f 1 ().
S=f2 (P,T,O)………(2)S=f 2 (P,T,O).........(2)
其中,P、T、及O為替代碼計算式f2 ()的三個輸入參數,P代表輸入至替代碼計算式f2 ()的一個人化秘密,T代表輸入至替代碼計算式f2 ()的一標籤序號,O代表輸入至替代碼計算式f2 ()的一身分識別資 料,S代表替代碼計算式f2 ()所求得的一權限替代碼。Where P, T, and O are the three input parameters of the alternative code calculation formula f 2 (), P represents a humanized secret input to the substitute code calculation formula f 2 (), and T represents the input to the substitute code calculation formula f 2 ( A tag number, O represents an identity identification data input to the substitute code calculation formula f 2 (), and S represents a rights replacement code obtained by the substitute code calculation formula f 2 ().
O’=f3 (P’,T’,S’)………(3)O'=f 3 (P',T',S').........(3)
其中,P’、T’、及S’為回復計算式f3 ()的三個輸入參數,P’代表輸入至回復計算式f3 ()的一個人化秘密,T’代表輸入至回復計算式f3 ()的一標籤序號,S’代表輸入至回復計算式f3 ()的一權限替代碼,O’代表回復金鑰計算式f3 ()所求得的一被回復後個體識別資料。Where P', T', and S' are the three input parameters of the return calculation formula f 3 (), P' represents a humanized secret input to the return calculation formula f 3 (), and T' represents the input to the reply calculation formula. a tag number of f 3 (), S' represents a privilege substitute code input to the reply calculation formula f 3 (), and O' represents a replied key identification data obtained by the reply key calculation formula f 3 () .
值得一提的是,索引值計算式f1 ()是一單向雜湊函數的組合,這樣的組合函數也具有單向的性質;也就是說,索引值計算式f1 ()輸出的替代碼索引值雖然被儲存於關聯性資料彙集檔,但是,從替代碼索引值難以推導出作為索引值計算式f1 ()之輸入的身分識別資料及標籤序號。另外,替代碼計算式f2 ()與回復計算式f3 ()是成對的,且兩者具有反向關係;亦即,當P=P’且T=T’時,輸入至替代碼計算式f2 ()的個體識別資料O,必須與回復計算式f3 ()所求得的被回復後個體識別資料O’相符合。更進一步來說,關聯性資料彙集檔中取得被儲存的替代碼索引值、權限替代碼、及個體識別資料雜湊值,仍難以推導對應的身分識別資料、標籤序號、及個體識別資料,因而達到保護個體資訊之效益。It is worth mentioning that the index value calculation formula f 1 () is a combination of one-way hash functions, and such a combination function also has a one-way property; that is, the index value calculates the substitute code of the output of the formula f 1 () Although the index value is stored in the association data collection file, it is difficult to derive the identity identification data and the tag number as the input of the index value calculation formula f 1 () from the substitute code index value. In addition, the substitute code calculation formula f 2 () and the return calculation formula f 3 () are paired, and the two have an inverse relationship; that is, when P=P' and T=T', input to the substitute code The individual identification data O of the calculation formula f 2 () must coincide with the returned individual identification data O' obtained by the response calculation formula f 3 (). Furthermore, it is still difficult to derive the corresponding identity identification data, the tag serial number, and the individual identification data by obtaining the stored substitute code index value, the authority substitution code, and the individual identification data hash value in the associated data collection file, thereby achieving Protect the benefits of individual information.
更具體地,在本較佳實施例中,可以採用以下式(4)~(6),分別作為索引值計算式f1 ()、替代碼計算式f2 ()、及回復計算式f3 (): I=f1 (T,A)=hash(hash(T)||hash(A))………(4)More specifically, in the preferred embodiment, the following equations (4) to (6) can be used, respectively, as the index value calculation formula f 1 (), the substitute code calculation formula f 2 (), and the return calculation formula f 3 (): I=f 1 (T,A)=hash(hash(T)||hash(A)).........(4)
S=f2 (P,T,O)=E(P||T) (O)………(5)S=f 2 (P,T,O)=E (P||T) (O).........(5)
O’=f3 (P’,T’,S’)=D(P’||T’) (S’)………(6)O'=f 3 (P',T',S')=D (P'||T') (S').........(6)
其中,hash()代表一雜湊函數,符號「||」代表兩個訊息的串接,(P||T)代表一把加密金鑰,(P’||T’)代表一把解密金鑰,E是加密計算式,D是解密計算式。Where hash() represents a hash function, the symbol "||" represents a concatenation of two messages, (P||T) represents an encryption key, and (P'||T') represents a decryption key. , E is an encryption calculation formula, and D is a decryption calculation formula.
除了式(5)~(6)之外,替代碼計算式f2 ()及回復計算式f3 ()亦可以不同運算方式來實現,例如以下式(7)~(8):S=f2 (P,T,O)=(hash(P||T)+α×O)mod q (7)In addition to the equations (5) to (6), the alternative code calculation formula f 2 () and the return calculation formula f 3 () can also be implemented in different calculation manners, for example, the following equations (7) to (8): S=f 2 (P,T,O)=(hash(P||T)+α×O)mod q (7)
O’=f3 (P’,T’,S’)=(α-1 ×S’+((-(α-1 ×hash(P’||T’)mod q))mod q))mod q………(8)O'=f 3 (P',T',S')=(α -1 ×S'+((-(α -1 ×hash(P'||T')mod q))mod q))mod q.........(8)
其中,mod代表模數運算,α及q為兩個預設值且互質,α-1 是α在q之模數運算的一乘法反元素。關於式(3)~(4)的進一步說明,請參考本案發明人之前所提出的中華民國第I255121號專利。Where mod represents the modulus operation, α and q are two preset values and are mutually prime, and α -1 is a multiplicative inverse element of the modulo operation of α in q. For further explanation of the formulas (3) to (4), please refer to the Patent No. I255121 of the Republic of China proposed by the inventor of the present invention.
在本較佳實施例中,資料判斷單元11、權限控制與管理系統12,及個體資訊取得單元13係以軟體的方式實施,其實施態樣為內儲程式之程式產品(program product),當處理器1載入程式並執行後,可完成本發明射頻辨識標籤連結之個體的相關權限控制與保密方法。儲存模組14的實施態樣為一資料庫。In the preferred embodiment, the data judging unit 11, the authority control and management system 12, and the individual information obtaining unit 13 are implemented in a software manner, and the implementation aspect thereof is a program product of the internal storage program. After the processor 1 loads and executes the program, the related authority control and security method of the individual connected to the RFID tag of the present invention can be completed. An embodiment of the storage module 14 is a database.
以下配合多個範例,進一步說明射頻辨識標籤連結之個體的相關權限控制與保密方法之步驟,及射頻辨識標籤連結之個體的相關權限控制與保密架構的各元件之運作。The following is a plurality of examples to further explain the steps of the related authority control and security method of the individual to which the RFID tag is linked, and the related rights control of the individual to which the RFID tag is linked and the operation of each component of the security architecture.
在以下範例中,係假設射頻辨識標籤連結之個體的相關權限控制與保密架構管理了複數個體之相關權限控制與保密;並且,一權限管理者具有該複數個體的管理權限,且具有權限可管理被授予個體相關權限之使用者的身分識別資料。In the following examples, it is assumed that the associated authority control and security architecture of the individual to which the RFID tag is linked manages the related authority control and confidentiality of the plurality of individuals; and, a rights manager has the management authority of the plural entity and has authority to manage The identity identification data of the user who is granted the relevant authority of the individual.
請參閱第1圖、第2圖、及第3圖。當一權限管理者欲將一標籤所連結之一個體的相關權利授予給一被授權者時,射頻辨識標籤連結之個體的相關權限控制與保密架構1首先驗證該權限授予之執行者是否有權執行該作業,其驗證過程如第2圖所示之步驟;若驗證確定執行者具作業權限,則接續執行如第3圖所示之權限授予的相關步驟,反之則中止程序之執行。Please refer to Figure 1, Figure 2, and Figure 3. When an authority manager wants to grant the relevant rights of an individual linked to a tag to an authorized person, the relevant authority control and security framework of the individual to which the RFID tag is linked first verifies whether the executor of the authority grants the right. The job is executed, and the verification process is as shown in FIG. 2. If the verification determines that the performer has the job permission, the relevant steps of the authority grant as shown in FIG. 3 are successively executed, and otherwise the execution of the program is suspended.
請先合併參閱第1圖及第2圖。步驟S210中,射頻辨識標籤連結之個體的相關權限控制與保密架構接收標籤的一第一標籤序號、被授權者的一第二身分識別資料,並且,接收來自作為權限管理者之第一 使用者的一第一身分識別資料、一第一個人化秘密、及被標籤連結之個體的相關權限處理之一請求。Please refer to Figure 1 and Figure 2 first. In step S210, the related authority control of the individual to which the RFID tag is connected and the first tag number of the license receiving the label, the second identity identification data of the authorized person, and the first information received from the authority manager The first identity identification data of the user, a first personalized secret, and one of the related rights processing of the individual linked by the tag are requested.
在步驟S220中,資料判斷單元11根據請求進行判斷;在本範例中,資料判斷單元11的判斷結果為:將標籤所連結之個體的相關權利授予給被授權者之要求。In step S220, the material judging unit 11 makes a judgment according to the request; in the present example, the judging result of the material judging unit 11 is: a request for granting the relevant right of the individual to which the tag is attached to the authorized person.
在步驟S225中,程序控管單元120根據資料判斷單元11的判斷結果來執行程序步驟之管制。In step S225, the program control unit 120 performs the regulation of the program steps based on the judgment result of the material judging unit 11.
在步驟S230中,該索引值計算單元125根據第一身分識別資料及第一標籤序號,並利用上式(4)的索引值計算式以求得一第一回復後替代碼索引值。In step S230, the index value calculation unit 125 identifies the data and the first tag number according to the first identity, and uses the index value calculation formula of the above formula (4) to obtain a first post-replacement substitute code index value.
在步驟S240中,該查找單元122以第一回復後替代碼索引值為依據,從關聯性資料彙集檔中找到第一替代碼索引值,進而查找出對應於第一身分識別資料及第一標籤序號這一對資訊的一第一權限替代碼及一第一個體識別資料雜湊值。In step S240, the searching unit 122 finds the first substitute code index value from the associated data collocation file based on the first post-replacement substitute code index value, and further searches for the first identity identification data and the first tag. A first privilege substitute code for the pair of information and a hash value of the first individual identification data.
在步驟S250中,回復計算單元123根據第一個人化秘密及第一權限替代碼,並利用上式(6)的回復計算式,以求得一第一被回復後個體識别資料。In step S250, the reply calculation unit 123 obtains a first post-recovery individual identification data according to the first personalized secret and the first authority replacement code, and uses the reply calculation formula of the above formula (6).
在步驟S260中,雜湊值計算單元126根據第一被回復後個體識别資料並利用一預先選定的雜湊函數,以求得一第一被回復後個體識别資料雜湊值。In step S260, the hash value calculation unit 126 uses the pre-selected hash function according to the first post-recovery individual identification data to obtain a first post-recovery individual identification data hash value.
在步驟S270中,比對單元127將第一被回復後個體識别資料雜湊值與第一個體識別資料雜湊值進行比對;若兩者相符,則如步驟S280,權限控制與管理系統12的權限驗證結果指示權限管理者有權進行所請求之作業;若兩者不相符,則如步驟S290,中止程序之執行。In step S270, the comparing unit 127 compares the first post-recovery individual identification data hash value with the first individual identification data hash value; if the two match, the permission control and management system 12 permissions are as in step S280. The verification result indicates that the authority manager has the right to perform the requested job; if the two do not match, the execution of the program is aborted as in step S290.
接下來請合併參閱第1圖及第3圖,它是在步驟S270確認了權限管理者有權進行權利授予之作業後接續執行。Next, please refer to FIG. 1 and FIG. 3 in combination, and it is confirmed in step S270 that the authority manager has the right to perform the assignment of the rights and then perform the execution.
在步驟S310中,資料管理單元121先指派一預設的個人化秘密資訊給作為被授權者之第二使用者。In step S310, the material management unit 121 first assigns a preset personalized secret information to the second user who is the authorized person.
在步驟S320中,索引值計算單元125根據第二身分識別資料及第一標籤序號,並利用上式(4)的索引值計算式以求得一第二替代碼索引值。In step S320, the index value calculation unit 125 identifies the data and the first tag number based on the second identity, and uses the index value calculation formula of the above equation (4) to obtain a second substitute code index value.
在步驟S330中,權限替代碼計算單元124根據預設的個人化秘密、第一標籤序號、及第一身分識別資料,並利用上式(5)的替代碼計算式,以求得一第二權限替代碼。In step S330, the rights replacement code calculation unit 124 determines the data according to the preset personalized secret, the first tag serial number, and the first identity identification data, and uses the substitute code calculation formula of the above formula (5) to obtain a second. Permission substitute code.
在步驟S340中,雜湊值計算單元126根據第一身分識別資料並利用雜湊函數,以求得第一個體識别資料雜湊值。In step S340, the hash value calculation unit 126 identifies the data based on the first identity and uses the hash function to obtain the first individual identification data hash value.
在步驟S350中,資料管理單元121將第二替代碼索引值、第一個體識别資料雜湊值、及第二權限替代碼新增至關聯性資料彙集檔,以更新關聯性資料彙集檔;此時,被授權者已被授予標籤所連結之個體的相關權利。In step S350, the data management unit 121 adds the second substitute code index value, the first individual identification data hash value, and the second rights replacement code to the associated data aggregation file to update the association data collection file; The authorized person has been granted the relevant rights of the individual to which the label is linked.
在步驟S360中,權限控制與管理系統12的資料管理單元121刪除第一標籤序號、第一個人化秘密、第一身分識別資料、第二身分識別資料、預設的個人化秘密、及第一被回復後個體識别資料。In step S360, the data management unit 121 of the authority control and management system 12 deletes the first tag serial number, the first personalized secret, the first identity identification data, the second identity identification data, the preset personalized secret, and the first Individual identification data after reply.
射頻辨識標籤連結之個體的相關權限控制與保密架構在處理過多次的授權處理後,該儲存模組14內所儲存的關聯性資料彙集檔,可整理為下列表一;其中,表一包括替代碼索引值、權限替代碼、及個體識別資料雜湊值之間的對應關係。在本較佳實施例中,還進一步配合一旗標(flag)來指示記錄屬於權限管理者或被授權者;旗標值為1者指示其屬於權限管理者,旗標值為0者指示其屬於被授權者。The associated authority control and security architecture of the RFID tag-linked individual may be organized into the following list after the processing of the authorization process is processed multiple times; wherein the table 1 includes an alternative The correspondence between the code index value, the authority substitution code, and the individual identification data hash value. In the preferred embodiment, a flag is further used to indicate that the record belongs to the rights manager or the authorized person; the flag value is 1 to indicate that it belongs to the rights manager, and the flag value is 0 to indicate Belongs to the authorized person.
延續上述的授權範例,本範例以權限管理者取消被授權者對於標籤所連結的個體之相關權利進行說明。類似於上一範例,本範例之執行過程包括兩個部份:首先是射頻辨識標籤連結之個體的相關權限控制與保密架構驗證取消授權之執行者是否有權執行作業,其驗證過程如第2圖所示;若驗證確定執行者具作業權限,則接續執行如第4圖所示之取消授權的相關步驟,反之則中止程序之執行。Continuing the above-mentioned authorization paradigm, this example illustrates the rights of the licensee to cancel the rights of the authorized person to the individual to which the tag is linked. Similar to the previous example, the execution process of this example consists of two parts: first, the related authority control and the confidentiality framework of the RFID tag link, and whether the executor of the deauthorization authority has the right to perform the operation. The verification process is as follows. As shown in the figure; if the verification determines that the performer has the job permission, the subsequent steps of canceling the authorization as shown in FIG. 4 are continued, and otherwise the execution of the program is suspended.
第2圖中的步驟S210到步驟S270,請參閱上一範例中的說明;但在本範例中,步驟S220有些許的差異,即,資料判斷單元11的判斷結果為:取消被授權者對於標籤所連結之個體的相關權利之要求。Steps S210 to S270 in FIG. 2, please refer to the description in the previous example; but in the present example, there is a slight difference in step S220, that is, the judgment result of the data judging unit 11 is: canceling the licensee for the label The requirements of the related rights of the connected individuals.
接下來請合併參閱第1圖及第4圖,它是在步驟S270確認了權限管理者有權進行取消授權之作業後接續執行。Next, please refer to FIG. 1 and FIG. 4 in combination, and it is confirmed in step S270 that the authority manager has the right to perform the operation of canceling the authorization and then perform the execution.
在步驟S410中,索引值計算單元125根據第二身分識別資料及第一標籤序號,並利用上式(4)的索引值計算式以求得一第二回復後替代碼索引值。In step S410, the index value calculation unit 125 identifies the data and the first tag number according to the second identity, and uses the index value calculation formula of the above formula (4) to obtain a second post-replacement substitute code index value.
在步驟S420中,查找單元122以第二回復後替代碼索引值為依據,從關聯性資料彙集檔中找到相符合的一第二替代碼索引值,進而查找出對應於第二替代碼索引值的一第二權限替代碼。In step S420, the searching unit 122 finds a matching second substitute code index value from the association data collocation file based on the second replies substitute code index value, and further searches for the second substitute code index value. A second privilege substitute code.
在步驟S430中,資料管理單元121以一無效碼(NULL)取代關聯性資料彙集檔中對應於步驟420所查找出的第二權限替代碼,以更新關聯性資料彙集檔;此時,被授權者已被取消標籤所連結之個體的相關權利。In step S430, the data management unit 121 replaces the second permission substitute code corresponding to the step 420 in the associated data collocation file with an invalid code (NULL) to update the association data collocation file; at this time, it is authorized The relevant rights of the individuals linked to the label have been removed.
延續以上範例,請配合參考表一,假設第二替代碼索引值為「索引值6」,則更新後的關聯性資料彙集檔如以下表二所示。Continuing the above example, please refer to Table 1 and assume that the second substitute code index value is "index value 6", and the updated association data collection file is as shown in Table 2 below.
在步驟440中,權限控制與管理系統12的資料管理單元121刪除第一標籤序號、第一個人化秘密、第一身分識別資料、第二身分識別資料、第一被回復後個體識别資料。In step 440, the data management unit 121 of the authority control and management system 12 deletes the first tag serial number, the first personalized secret, the first identity identification data, the second identity identification data, and the first post-reviewed individual identification data.
本範例之執行過程包括兩個部份:首先是射頻辨識標籤連結之個體的相關權限控制與保密架構驗證一欲變更個人化秘密之使用者是否有權執行作業,其驗證過程如第5圖所示;若驗證確定執行者具作業權限,則接續執行如第6圖所示之變更個人化秘密的相關步驟,反之則中止程序之執行。The implementation process of this example consists of two parts: first, the related authority control and confidentiality framework verification of the individual connected to the RFID tag. Whether the user who wants to change the personalized secret has the right to perform the operation, the verification process is as shown in Figure 5. If the verification determines that the performer has the job permission, the subsequent steps of changing the personalized secret as shown in FIG. 6 are continued, and otherwise the execution of the program is suspended.
請先合併參閱第1圖及第5圖。在步驟S510中,射頻辨識標籤連結之個體的相關權限控制與保密架構接收一第一標籤序號、一第一身分識別資料、一第一個人化秘密、及一變更個人化秘密之請求。Please refer to Figures 1 and 5 first. In step S510, the related authority control and security framework of the individual to which the RFID tag is connected receives a first tag serial number, a first identity identification data, a first personalized secret, and a request to change the personalized secret.
在步驟S520中,資料判斷單元11根據請求進行判斷;在本範例中,資料判斷單元11的判斷結果為:變更個人化秘密之要求。In step S520, the material judging unit 11 makes a judgment according to the request; in the present example, the judging result of the material judging unit 11 is a request for changing the personalized secret.
在步驟S525中,程序控管單元120根據資料判斷單元11的判斷結果來執行程序步驟之管制。In step S525, the program control unit 120 performs the regulation of the program steps based on the judgment result of the material judging unit 11.
在步驟S530中,索引值計算單元125根據第一身分識別資料及第一標籤序號,並利用上式(4)的索引值計算式以求得一第一回復後替代碼索引值。In step S530, the index value calculation unit 125 identifies the data and the first tag number according to the first identity, and uses the index value calculation formula of the above formula (4) to obtain a first post-replacement substitute code index value.
在步驟S540中,查找單元122以第一回復後替代碼索引值為依據,從關聯性資料彙集檔中找到相符合的一第一替代碼索引值,進而查找出對應於第一身分識別資料、第一標籤序號這一對資訊的一第一權限替代碼及一第一個體識別資料雜湊值。In step S540, the searching unit 122 finds a matching first substitute code index value from the associated data collocation file based on the first post-replacement substitute code index value, and further searches for the first identity identification data, The first tag serial number is a first privilege substitute code for the pair of information and a first individual identification data hash value.
在步驟S550中,回復計算單元123根據第一個人化秘密及第一權限替代碼,並利用上式(6)的回復計算式,以求得一第一被回復後個體識别資料。In step S550, the reply calculation unit 123 uses the reply calculation formula of the above formula (6) according to the first personalized secret and the first authority substitute code to obtain a first post-recovery individual identification data.
在步驟S560中,雜湊值計算單元126根據第一被回復後個體識别資料並利用雜湊函數,以求得一第一被回復後個體識别資料雜湊值。In step S560, the hash value calculation unit 126 uses the hash function according to the first post-recovery individual identification data to obtain a first post-recovery individual identification data hash value.
在步驟S570中,比對單元127將第一被回復後個體識别資料雜湊值與第一個體識別資料雜湊值進行比對;若兩者相符,則如步驟S580,權限控制與管理系統12的權限驗證結果指示使用者有權進行所請求之作業;若兩者不相符,則如步驟S590,中止程序之執行。In step S570, the comparing unit 127 compares the first post-recovery individual identification data hash value with the first individual identification data hash value; if the two match, the permission control and management system 12 permissions are as in step S580. The verification result indicates that the user has the right to perform the requested job; if the two do not match, the execution of the program is aborted as in step S590.
接下來請合併參閱第1圖及第6圖,它是在步驟S570確認了使用者有權進行個人化秘密之變更作業後接續執行。Next, please refer to FIG. 1 and FIG. 6 in combination, and it is confirmed in step S570 that the user has the right to perform the personalization secret change operation and then execute it.
在步驟S610中,射頻辨識標籤連結之個體的相關權限控制與保密架構接收一新個人化秘密;在此可要求被授權者輸入新個人化秘密兩次,以兩次之輸入相符合判斷被授權者輸入的新個人化秘密為正確。In step S610, the related authority control and the privacy framework of the individual connected to the RFID tag receive a new personalized secret; the authorized person may be required to input the new personalized secret twice, and the authorization is authorized by two inputs. The new personalized secret entered by the person is correct.
在步驟S620中,回復計算單元123根據第一標籤序號、第一被回復後個體識别資料、及新個人化秘密、並利用上式(5)的替代碼計算式,以求得一新權限替代碼。In step S620, the reply calculation unit 123 obtains a new permission by using the first tag serial number, the first post-recovery individual identification data, and the new personalized secret, and using the substitute code calculation formula of the above formula (5). code.
在步驟S630中,資料管理單元121以新權限替代碼取代第一權限替代碼,以更新關聯性資料彙集檔;此時,被授權者的個人化秘密已 被更新。In step S630, the material management unit 121 replaces the first rights replacement code with the new rights replacement code to update the association data collection file; at this time, the authorized person's personalized secret has been Updated.
在步驟640中,權限控制與管理系統12的資料管理單元121刪除第一標籤序號、第一個人化秘密、第一身分識別資料、新個人化秘密、及第一被回復後個體識别資料。In step 640, the material management unit 121 of the authority control and management system 12 deletes the first tag serial number, the first personalized secret, the first identity identification material, the new personalized secret, and the first post-reviewed individual identification data.
請合併參閱圖1及圖7。在步驟S710中,射頻辨識標籤連結之個體的相關權限控制與保密架構接收來自一標籤讀取裝置的一第一標籤序號,以及來自一第一使用者的一第一身分識別資料、一第一個人化秘密,及一個體資訊讀取請求。Please refer to Figure 1 and Figure 7. In step S710, the associated authority control and security framework of the RFID-tagged individual receives a first tag serial number from a tag reading device, and a first identity identification data from a first user, a first person Secrets, and a body information read request.
在步驟S720中,資料判斷單元11根據請求進行判斷;在本範例中,資料判斷單元11的判斷結果為:個體資訊讀取之要求。In step S720, the data judging unit 11 makes a judgment according to the request; in the present example, the judgment result of the material judging unit 11 is: the request for individual information reading.
在步驟S725中,程序控管單元120根據資料判斷單元11的判斷結果來執行程序步驟之管制。In step S725, the program control unit 120 performs the regulation of the program steps based on the judgment result of the material judging unit 11.
在步驟S730中,索引值計算單元125根據第一身分識別資料及第一標籤序號,並利用上式(4)的索引值計算式以求得一第一回復後替代碼索引值。In step S730, the index value calculation unit 125 identifies the data and the first tag number based on the first identity, and uses the index value calculation formula of the above equation (4) to obtain a first post-replacement substitute code index value.
在步驟S740中,查找單元122以第一回復後替代碼索引值為依據,從關聯性資料彙集檔中找到相符合的一第一替代碼索引值,進而查找出對應於第一身分識別資料、第一標籤序號這一對資訊的一第一權限替代碼及一第一個體識別資料雜湊值。In step S740, the searching unit 122 finds a matching first substitute code index value from the associated data collocation file based on the first post-replacement substitute code index value, and further searches for the first identity identification data, The first tag serial number is a first privilege substitute code for the pair of information and a first individual identification data hash value.
在步驟S750中,回復計算單元123根據第一個人化秘密及第一權限替代碼,並利用上式(6)的回復計算式,以求得一第一被回復後個體識别資料。In step S750, the reply calculation unit 123 obtains a first post-recovery individual identification data according to the first personalized secret and the first authority replacement code, and uses the reply calculation formula of the above formula (6).
在步驟S760中,雜湊值計算單元126根據第一被回復後個體識别資料並利用雜湊函數,以求得一第一被回復後個體識别資料雜湊值。In step S760, the hash value calculation unit 126 uses the hash function according to the first post-recovery individual identification data to obtain a first post-recovery individual identification data hash value.
在步驟S770中,比對單元127將第一被回復後個體識别資料雜湊值與第一個體識別資料雜湊值進行比對;若兩者相符,則如步驟S780, 權限控制與管理系統12的權限驗證結果指示權限管理者有權讀取個體之資訊;若兩者不相符,則如步驟S790,中止程序之執行。In step S770, the comparison unit 127 compares the first recovered individual identification data hash value with the first individual identification data hash value; if the two match, then in step S780, The authority verification result of the authority control and management system 12 indicates that the authority manager has the right to read the information of the individual; if the two do not match, the execution of the program is suspended as in step S790.
在步驟S795中,該個體資訊取得單元13根據第一被回復後個體識别資料,從儲存模組14取得對應於第一被回復後個體識别資料之第一個體的資訊,呈現給使用者。In step S795, the individual information obtaining unit 13 obtains information corresponding to the first individual of the first post-returned individual identification data from the storage module 14 according to the first post-recovery individual identification data, and presents the information to the user.
在步驟S796中,權限控制與管理系統12的資料管理單元121刪除第一標籤序號、第一個人化秘密、第一身分識別資料、及第一被回復後個體識别資料。In step S796, the material management unit 121 of the authority control and management system 12 deletes the first tag serial number, the first personalized secret, the first identity identification material, and the first post-reviewed individual identification data.
綜上所述,該射頻辨識標籤連結之個體的相關權限控制與保密架構在完成相關的處理後,會刪除所接收的標籤序號、身分識別資料、個人化秘密、及被回復後個體識别資料等。即便是系統入侵者,只能由儲存模組14內取得權限替代碼、替代碼索引值、個體識別資料雜湊值等;由於系統入侵者缺乏權限管理者的第一個人化秘密、指定給被授權者之預設的個人化秘密,因此,難以回復個體識别資料,因而保護個體之資訊不被取得。另外,用以連結個體的標籤只需要具有標籤序號,且權限替代碼之產生及個體識別資料之回復是在資訊系統上執行,故不需要使用具有運算能力的標籤來驗證讀取標籤內資訊的授權,也不需要使用特殊設計的標籤或是額外的設備來限制標籤內資訊的讀取。本發明不但能有效保護個體資料隱私,更具有低成本之硬體優勢。In summary, after the related authority control and security framework of the RFID tag link is completed, the received tag serial number, identity identification data, personalized secret, and individual identification data after being replied are deleted. . Even if the system intruder can only obtain the authority substitution code, the substitute code index value, the individual identification data hash value, etc. in the storage module 14; because the system intruder lacks the first personalized secret of the authority manager, and assigns to the authorized person The preset personalization secret, therefore, it is difficult to reply to the individual identification data, and thus the information protecting the individual is not obtained. In addition, the label used to link the individual only needs to have the label serial number, and the generation of the authority substitution code and the reply of the individual identification data are performed on the information system, so it is not necessary to use the computing capability label to verify the information in the reading label. Authorization does not require the use of specially designed labels or additional equipment to limit the reading of information within the label. The invention not only can effectively protect the privacy of individual data, but also has the hardware advantage of low cost.
以上所述者,僅為本發明一較佳實施例而已,並非用來限定本發明實施之範圍,故舉凡依本發明申請專利範圍所述之形狀、構造、特徵及精神所為之均等變化與修飾,均應包括於本發明之申請專利範圍內。The above is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, so that the shapes, structures, features, and spirits described in the claims of the present invention are equally varied and modified. All should be included in the scope of the patent application of the present invention.
1‧‧‧處理器1‧‧‧ processor
11‧‧‧資料判斷單元11‧‧‧Data Judging Unit
12‧‧‧權限控制與管理系統12‧‧‧Permission Control and Management System
120‧‧‧程序控管單元120‧‧‧Program Control Unit
121‧‧‧資料管理單元121‧‧‧Data Management Unit
122‧‧‧查找單元122‧‧‧Search unit
123‧‧‧回復計算單元123‧‧‧Response calculation unit
124‧‧‧權限替代碼計算單元124‧‧‧Permission substitute code calculation unit
125‧‧‧索引值計算單元125‧‧‧ index value calculation unit
126‧‧‧雜湊值計算單元126‧‧‧Hybrid value calculation unit
127‧‧‧比對單元127‧‧‧ comparison unit
13‧‧‧個體資訊取得單元13‧‧‧Individual information acquisition unit
14‧‧‧儲存模組14‧‧‧Storage module
第1圖為本發明射頻辨識標籤連結之個體的相關權限控制與保密架構之方塊圖。The first figure is a block diagram of the related authority control and security architecture of the individual connected to the RFID tag of the present invention.
第2圖為本發明射頻辨識標籤連結之個體的相關權限控制與保密方法中一驗證作業執行權限之步驟流程圖。FIG. 2 is a flow chart showing the steps of verifying the execution permission of the verification operation in the related authority control and security method of the RFID tag connection.
第3圖為本發明射頻辨識標籤連結之個體的相關權限控制與保密方法中將一標籤連結之一個體的相關權利授予一使用者之步驟流程圖。FIG. 3 is a flow chart showing the steps of granting a user an associated right of a tag link to a user in the associated authority control and privacy method of the RFID tag tag associated with the present invention.
第4圖為本發明射頻辨識標籤連結之個體的相關權限控制與保密方法中取消一被授權者已獲得之權限的步驟流程圖。FIG. 4 is a flow chart showing the steps of canceling the authority that an authorized person has obtained in the related authority control and confidentiality method of the individual to which the RFID tag is connected.
第5圖為本發明射頻辨識標籤連結之個體的相關權限控制與保密方法中一驗證一使用者變更其個人化秘密之作業執行權限的步驟流程圖。FIG. 5 is a flow chart showing the steps of verifying a user's operation permission to change a personalized secret in a related authority control and confidentiality method of an individual connected to the RFID tag of the present invention.
第6圖為本發明射頻辨識標籤連結之個體的相關權限控制與保密方法中變更一使用者之個人化秘密的步驟流程圖。FIG. 6 is a flow chart showing the steps of changing a user's personalized secret in the related authority control and privacy method of the RFID tag connection individual of the present invention.
第7圖為本發明射頻辨識標籤連結之個體的相關權限控制與保密方法中一使用者讀取一標籤所連結之一個體之資訊的步驟流程圖。FIG. 7 is a flow chart showing the steps of a user reading a piece of information linked to a tag in a related authority control and privacy method of an individual connected to the RFID tag of the present invention.
Claims (13)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW101134677A TWI470990B (en) | 2012-09-21 | 2012-09-21 | Radio frequency identification (RFID) tag to link the individual information disclosure method, the right to grant the method and authority control and management system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW101134677A TWI470990B (en) | 2012-09-21 | 2012-09-21 | Radio frequency identification (RFID) tag to link the individual information disclosure method, the right to grant the method and authority control and management system |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201414259A TW201414259A (en) | 2014-04-01 |
TWI470990B true TWI470990B (en) | 2015-01-21 |
Family
ID=52784802
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW101134677A TWI470990B (en) | 2012-09-21 | 2012-09-21 | Radio frequency identification (RFID) tag to link the individual information disclosure method, the right to grant the method and authority control and management system |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI470990B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW200518544A (en) * | 2003-10-10 | 2005-06-01 | Univ Chang Gung | Partition and recovery of a verifiable digital secret |
CN1276352C (en) * | 2002-11-12 | 2006-09-20 | 索尼公司 | Apparatus and method for information processing, apparatus and method for communication processing and computer program thereof |
US20100045442A1 (en) * | 2008-08-22 | 2010-02-25 | Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited | RFID Privacy-Preserving Authentication System and Method |
US20110025458A1 (en) * | 2009-08-01 | 2011-02-03 | Rfmicron, Inc. | Method and apparatus for authenticating rfid tags |
-
2012
- 2012-09-21 TW TW101134677A patent/TWI470990B/en not_active IP Right Cessation
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1276352C (en) * | 2002-11-12 | 2006-09-20 | 索尼公司 | Apparatus and method for information processing, apparatus and method for communication processing and computer program thereof |
TW200518544A (en) * | 2003-10-10 | 2005-06-01 | Univ Chang Gung | Partition and recovery of a verifiable digital secret |
US20100045442A1 (en) * | 2008-08-22 | 2010-02-25 | Hong Kong R&D Centre for Logistics and Supply Chain Management Enabling Technologies Limited | RFID Privacy-Preserving Authentication System and Method |
US20110025458A1 (en) * | 2009-08-01 | 2011-02-03 | Rfmicron, Inc. | Method and apparatus for authenticating rfid tags |
Also Published As
Publication number | Publication date |
---|---|
TW201414259A (en) | 2014-04-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3416334B1 (en) | Portable biometric identity on a distributed data storage layer | |
DK2272021T3 (en) | SECURE DATACACHE | |
US20130318361A1 (en) | Encrypting and storing biometric information on a storage device | |
EP2053777B1 (en) | A certification method, system, and device | |
US20070245144A1 (en) | System and Method for Anonymously Indexing Electronic Record Systems | |
US20070226793A1 (en) | Parent-Child Card Authentication System | |
CN108009443A (en) | The access method and system of data | |
KR20140029984A (en) | Medical information management method of medical database operating system | |
AU2018256929B2 (en) | Systems and methods for identity atomization and usage | |
Datta et al. | Survey of security and privacy issues on biometric system | |
CN108021822A (en) | The desensitization method and system of data | |
Alabdulatif et al. | Protection of electronic health records (EHRs) in cloud | |
KR20210067353A (en) | Method and system for storing and providing medical records by strengthening individual's control over medical records with multi-signature smart contract on blockchain | |
JP5977847B2 (en) | Biometric authentication platform system, biometric authentication information management apparatus, biometric authentication information management method, and biometric authentication information management program | |
JP5951057B1 (en) | Biometric authentication platform system, biometric authentication information management apparatus, biometric authentication information management method, and biometric authentication information management program | |
Bradish et al. | Covichain: A blockchain based covid-19 vaccination passport | |
JP5986653B2 (en) | Biometric authentication platform system, biometric authentication information management apparatus, biometric authentication information management method, and biometric authentication information management program | |
TWI470990B (en) | Radio frequency identification (RFID) tag to link the individual information disclosure method, the right to grant the method and authority control and management system | |
JP5977846B2 (en) | Biometric authentication platform system, biometric authentication information management apparatus, biometric authentication information management method, and biometric authentication information management program | |
JP5940186B1 (en) | Biometric authentication platform system, biometric authentication information management apparatus, biometric authentication information management method, and biometric authentication information management program | |
Tan et al. | Survey on digital sovereignty and identity: from digitization to digitalization | |
Zhao et al. | Feasibility study on security deduplication of medical cloud privacy data | |
Van Alsenoy et al. | Privacy and data protection aspects of e-government identity management | |
CN110914821B (en) | System and method for identity atomization and use | |
KR102651688B1 (en) | Method and apparatus for sharing cancer screening data based on permissioned blockchains |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MM4A | Annulment or lapse of patent due to non-payment of fees |