JP2003317044A - Rfid authentication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide an RFID authentication system which prevents a code for authentication included in personal information from being stolen by increasing the safety of communication between a terminal device and an interrogator. <P>SOLUTION: When a server 4 authenticates the terminal device 3 and makes a communication connection, the transmission order of respective codes, stored in an IC tag 1, to be sent from a reader writer 2 controlled by the terminal device 3 to the terminal device 3 is reported. Then the reader writer 2 is controlled by the terminal device 3 and when the respective codes are read out of the IC tag 1, they are transmitted to the terminal device 3 in the reported transmission order. The respective sent codes are sent to the server 4, which authenticates the IC tag 1. <P>COPYRIGHT: (C)2004,JPO

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an authentication system in a communication network, and more particularly to an RFID (Radio Frequency Identification) such as an IC tag or an IC card.
authentication system using ntification).

[0002]

2. Description of the Related Art In recent years, RFID, which is non-contact wireless communication using radio wave induction, is being used as an authentication system in various places such as a physical distribution management system, a user authentication system, an electronic money system, and a transportation system. The physical distribution management system uses an IC tag to which data is given instead of a delivery slip or tag to sort packages and manage inventory, and a user authentication system uses an IC card having personal data used as a membership card. Access control is performed by using the room. Further, in the electronic money system, points and money are transferred to and from an IC card having personal data and used as a point card or a prepaid card. Furthermore, in the transportation system, ET an IC card with personal data
Used for C (Electronic Toll Collection) and commuter pass for public transportation.

In such an authentication system, a memory provided in an IC card or an IC tag stores a unique code as an ID given to each card or tag and an authentication code for individual authentication. Then, a reader or the like in which this IC card or IC tag is connected to the terminal device.
By performing non-contact wireless communication with the writer, the unique code and the authentication code read by the reader / writer are transmitted via the terminal device to the server that manages this terminal device through the communication network, and the unique code and the authentication code are transmitted. Is used for authentication.

[0004]

In the conventional authentication system, unique codes ID1 to ID4 assigned to four blocks B0 to B3 are stored in a memory provided in an IC card or an IC tag as shown in FIG. , 7 blocks B
4 to B10, the authentication codes PW1 to PW7,
Is stored. Then, the non-contact wireless communication is performed with the reader / writer, so that the reader / writer unique codes ID1 to ID4 and the authentication codes PW1 to PW.
W7 is read.

However, the read unique codes ID1 to ID4 and the authentication codes PW1 to PW7 are ID1 → ID2 → ID3 → ID4 → PW1 → PW2 → P.
W3 → PW4 → PW5 → PW6 → PW7 are sequentially given from the reader / writer to the terminal device. At this time, RS232C or US is used between the reader / writer and the terminal device.
Since data is exchanged according to a general standard method such as B, there is a risk of being stolen when the unique code and the authentication code are given from the reader / writer to the terminal device. Therefore, as in the past, when the unique code and the authentication code are always read in the same order, the stolen unique code and the authentication code are used to easily,
The IC tag or IC card may be forged.

In view of such a problem, the present invention provides an RFID authentication system that improves the security of communication between a terminal device and an interrogator and prevents the authentication code included in personal information from being stolen. The purpose is to provide.

[0007]

In order to achieve the above-mentioned object, an RFID authentication system according to a first aspect of the present invention includes a transponder including a first memory for storing personal information, and a communication with the transponder. In an RFID authentication system including an interrogator to perform, a terminal device that controls the operation of the interrogator, and a server that communicates with the terminal device and authenticates the responder, in the RFID authentication system, a plurality of pieces of personal information are stored. And a second code selected and read by the interrogator from among codes composed and configured of a plurality of codes. In the first memory of the container, a plurality of codes forming the first code and a plurality of codes forming the second code are preceded for each code. Stored to the blocks constituting the memory, the server, to the terminal apparatus, and notifies the block position in the first memory of the code to be read among the plurality of codes constituting the second code,
The terminal device notifies the interrogator to transmit the code of the block position notified from the server and the first code to the terminal device, and the interrogator communicates with the responder. When it becomes possible, after reading the personal information from the transponder, the code of the block position and the first code are transmitted to the terminal device, and the read code of the block position and the code First
The transponder is authenticated by the server by transmitting the code and the code from the terminal device to the server.

In such an RFID authentication system, personal information such as a unique code or an authentication code stored in the first memory of the IC tag that serves as a responder is read by a reader / writer that serves as an interrogator. At this time,
The server notifies the terminal device of the code for reading from the second code corresponding to the selection authentication code which is a part of the authentication code. Then, when the interrogator reads the personal information of the responder, the first code, which is a fixed code including the unique code, and the second code, which is notified from the server, are transmitted to the terminal device. . At this time, the code notified by the server may be a part of the second code or the entire code.

The RFID authentication system according to a second aspect of the present invention controls a transponder having a first memory for storing personal information, an interrogator for communicating with the transponder, and an operation of the interrogator. R comprising a terminal device and a server for communicating with the terminal device and authenticating the transponder
In the FID authentication system, the personal information is composed of a plurality of codes, and in the first memory of the transponder, the plurality of codes constituting the personal information are each block constituting the memory for each code. Stored in
When the server reads out a plurality of codes that constitute the personal information from the server, the server randomly notifies the terminal device of the reading order of the respective codes according to the block position in the first memory, and notifies the terminal device. Notifies the interrogator to transmit a plurality of codes forming the personal information to the terminal device according to the reading order according to the block position notified from the server, and the interrogator responds to the responder. When it becomes possible to communicate with, after reading the personal information from the responder,
By transmitting the plurality of codes to the terminal device according to the reading order according to the block position, and by transmitting the plurality of codes constituting the read personal information from the terminal device to the server, The transponder is authenticated.

In such an RFID authentication system, the personal information such as the unique code and the authentication code stored in the first memory of the IC tag which is the responder is read by the reader / writer which is the interrogator. At this time,
The server notifies the terminal device of the transmission order of the personal information from the interrogator to the terminal device. Then, when the interrogator reads the personal information of the responder, the personal information is transmitted to the terminal device in the transmission order notified from the server.

Further, the RFID authentication system according to a third aspect of the present invention controls a responder having a first memory for storing personal information, an interrogator for communicating with the responder, and an operation of the interrogator. R comprising a terminal device and a server for communicating with the terminal device and authenticating the transponder
In the FID authentication system, the personal information is selected and read by the interrogator from a first code in which all codes including and including a plurality of codes are read by the interrogator and a code including and including a plurality of codes. A plurality of codes forming the first code and a plurality of codes forming the second code in the first memory of the transponder. The server is stored in each block forming a memory, and the server notifies the terminal device of a block position in the first memory of a code to be read out of a plurality of codes forming the second code. The third code including a code read from the second code and a plurality of codes forming the first code The reading order according to the block position in the first memory of each code forming the third code at the time of reading is randomly set and notified, and the terminal device notifies the interrogator from the server. When the interrogator is in a state in which it can communicate with the transponder, the transponder is informed that the plurality of codes forming the third code are transmitted to the terminal device according to the reading order according to the block position. After reading the personal information from the terminal, the plurality of codes forming the third code are transmitted to the terminal device according to the reading order according to the block position, and the read third code is transmitted from the terminal device to the server. The transponder authenticates the transponder by being transmitted.

In such an RFID authentication system, personal information such as a unique code and an authentication code stored in the first memory of the IC tag that serves as a responder is read by a reader / writer that serves as an interrogator. At this time,
The server notifies the terminal device of the code for reading from the second code corresponding to the selection authentication code, which is a part of the authentication code, and the transmission order of the personal information from the interrogator to the terminal device. The terminal device is notified.
When the personal information of the responder is read by the interrogator, the first code that is a fixed code including the unique code
The third code including the code and the code of the second codes notified by the server is transmitted to the terminal device in the transmission order also notified by the server. At this time, the code notified by the server may be a part of the second code or the entire code.

In each of the above RFID authentication systems,
The interrogator may directly transmit the codes read from the transponder to the terminal device.
At this time, the interrogator is controlled by the terminal device and performs a read operation of the personal information according to the transmission operation notified by the server. That is, in the case of claim 1, the interrogator reads the code of the block position of the first code and the second code notified from the server from the responder, or
In the case of claim 2, the interrogator reads the personal information according to the reading order according to the block position notified by the server from the responder, and in the case of claim 3, the interrogator blocks the block position notified by the server from the responder. The third code is read according to the reading order according to.

Further, as described in claim 5, the interrogator comprises a second memory for temporarily holding the respective codes read from the responder, and the respective codes read from the responder are stored in the second memory. After the code is temporarily stored in the two memories, the code for transmission may be transmitted from the terminal device to the terminal device when a request for transmission of the code is made from the terminal device.

At this time, all the personal information stored in the first memory of the transponder is read by the interrogator according to the order of the stored block positions, stored in the second memory, and then stored in the second memory. The personal information may be transmitted to the terminal device according to the notification. At this time,
In the case of claim 1, the second memory of the interrogator transmits the first code and the code of the block position notified by the server of the second code, and in the case of claim 2, the interrogator Personal information is transmitted from the second memory according to the reading order according to the block position notified from the server,
Further, in the third aspect, the third code is transmitted from the second memory of the interrogator according to the reading order according to the block position notified from the server.

[0016] As described in claim 6, the notification from the server to the terminal device is performed at a predetermined timing. Further, at this time, as described in claim 7, the predetermined timing is a timing at which the terminal device requests a communication connection to the server and the server authenticates the terminal device. It doesn't matter.

[0017]

BEST MODE FOR CARRYING OUT THE INVENTION <First Embodiment> First Embodiment of the Present Invention
Embodiments will be described with reference to the drawings. FIG. 1 is a block diagram showing the configuration of the authentication system of this embodiment.
Further, FIG. 3 is a time chart showing an authentication procedure by the authentication system of FIG.

The authentication system shown in FIG. 1 includes an IC tag 1 for storing an individual unique code and an authentication code, and a plurality of reader / writers 2 for exchanging data by performing non-contact wireless communication with the IC tag 1. The reader / writer 2 is provided with a plurality of terminal devices 3 and a server 4 that manages the terminal devices 3 via the communication network 5.

In the authentication system shown in FIG. 1, the IC tag 1 includes an antenna 11 for transmitting / receiving signals to / from the reader / writer 2, and a modulation / demodulation circuit 1 for modulating / demodulating signals.
2, a rectifier circuit 13 that rectifies a signal synchronized with the antenna 11 to generate a power supply voltage, a control circuit 14 that processes the signal, and a memory 15 that stores a unique code and an authentication code. The reader / writer 2 also includes an antenna 21 for transmitting and receiving signals to and from the IC tag 1, a modulation / demodulation circuit 22 for performing modulation / demodulation of signals, and a control circuit 2 for processing signals.
3 and a communication interface (communication I / F) 24 for communicating with the terminal device 3.

In the authentication system having such a configuration,
In the memory 15 in the IC tag 1, as shown in FIG. 2, the unique codes IDa to IDd are stored in blocks B0 to B3, the fixed authentication codes PWa to PWd are stored in blocks B4 to B7,
Authentication codes PWA to PWC for selection are blocks B8 to B1
It is stored in 0 respectively. The fixed authentication code is
The authentication code that is always transmitted to the terminal device 3 via the reader / writer 2, and the selection authentication code is the reader / writer.
It is an authentication code selected when it is transmitted to the terminal device 3 via the writer 2.

The operation of each block in the authentication system at this time will be described with reference to the timing chart of FIG. First, in the terminal device 3, a browser is activated (STEP 1), and a tag data reading program for communicating with the reader / writer 2 is activated (STEP 2). When the tag data reading program is activated, it is confirmed whether or not the browser is activated (STEP 3), and when the browser is activated, a connection to the server 4 is requested via the communication network 5 (STEP 4). ).

When the server 4 recognizes the connection request from the terminal device 3 (STEP 5), a page for inputting the user ID and password of the user of the terminal device 3 is transmitted (STEP 6). And the terminal device 3
At, when this input page is displayed by the browser (STEP 7), the user ID and password are input and transmitted to the server 4 (STEP 8). The server 4, which has received the user ID and the password, authenticates the terminal device 3 (STEP 9).

In STEP 9, when the server 4 authenticates the terminal device 3, the reader / writer 2 set in the server 4
The transmission order of each code read from within the IC tag 1 transmitted from the terminal to the terminal device 3 is set (STEP 10).
Then, the transmission order of the codes and the page for reading the IC tag 1 are transmitted from the server 4 to the terminal device 3 (STEP 11).

As shown in FIG. 2, when the four unique codes, four fixed authentication codes, and three selection authentication codes are stored in the IC tag 1, the transmission order set in STEP 10 is set to three. Which of the selection authentication codes is to be used is determined. That is, when the selection authentication code to be used is any one of PWA to PWC, or PWA to PWC
Six combinations can be selected, such as a combination of two codes of WC or all the codes of PWA to PWC.

Then, the selection authentication code, the fixed authentication code, and the unique code, which are determined to be used, are combined, and the transmission order for transmission from the reader / writer 2 to the terminal device 3 is set at random. That is, when only one block of the selection authentication code is selected, the number of transmitted codes is nine including the unique code and the fixed authentication code, and therefore the transmission order is 9! (= 9 × 8 × 7 ×
6 × 5 × 4 × 3 × 2 × 1). Similarly, when two authentication codes for selection are selected, the transmission order is 1
0! If all the selection authentication codes are selected, the transmission order is 11! It becomes a street.

Then, when a page for reading is displayed by the browser on the terminal device 3 (STEP1
2), permission of communication with the reader / writer 2 is confirmed, a communication permission signal is created and given to the tag data reading program (STEP 13). When the tag data reading program receives the communication permission signal, the terminal device 3 and the reader / writer 2 are connected for communication in order to communicate with the reader / writer 2 (STEP 14). At this time, the transmission order of each code read from inside the IC tag 1 is transmitted to the reader / writer 2.

The reader / writer 2 capable of communication connection with the terminal device 3 through the communication I / F 24 modulates / demodulates an IC tag detection signal, which is a radio wave of electric power weaker than the electric power for communication with the IC tag 1. It is in a standby state where it is generated by the circuit 22 and transmitted from the antenna 21 (STEP 15). And
When this IC tag detection signal is received by the antenna 11 of the IC tag 1, the power supply voltage is obtained by the rectifier circuit 13 and each circuit in the IC tag 1 operates (STEP 1
6).

Therefore, when the modulation / demodulation circuit 12 demodulates the IC tag detection signal and the control circuit 14 recognizes that it is in the communicable area of the reader / writer 2, the IC tag 1 is in the communicable state. Is transmitted to the reader / writer 2 via the modulation / demodulation circuit 12 and the antenna 11 (STEP 17). When the reader / writer 2 receives the notification signal from the IC tag 1 through the antenna 21, the modulation / demodulation circuit 22 demodulates it and the control circuit 23 recognizes that the IC tag 1 is communicable (STEP 18).

In this way, the IC tag 1 and the reader
When the writers 2 are in a state where they can communicate with each other, non-contact wireless communication is performed, and the code stored in the memory 15 of the IC tag 1 is read (STEP 19). At this time, in STEP 10, the code is read according to the transmission order set by the server 4 and transmitted to the reader / writer 2.

That is, for example, when the selection authentication code PWB is selected and a transmission order is sequentially read, as shown in FIG. 4A, the block B0 →
Since the code is read in the order of B1 → B2 → B3 → B4 → B5 → B6 → B7 → B9, first, IDa → IDb.
After the unique code is read in the order of → IDc → IDd, the authentication code is read in the order of PWa → PWb → PWc → PWd → PWB.

Further, for example, when the selection authentication code PWC is selected and the transmission order as shown in FIG. 4B is given, the blocks B7 → B0 → B10 → B1 → in the memory 15 are selected.
Since the code is read in the order of B4 → B2 → B6 → B5 → B3, PWd → IDa → PWC → IDb → PWa.
The unique code and the authentication code are randomly read in the order of → IDc → PWc → PWb → IDd.

Further, for example, the authentication codes for selection PWA, P
When WB is selected and the transmission order as shown in FIG. 4C is given, blocks B6 → B0 → B8 → in memory 15
Since the code is read in the order of B7 → B4 → B2 → B3 → B5 → B9 → B1, PWc → IDa → PWA → P
Wd → PWa → IDc → IDd → PWb → PWB → ID
The unique code and the authentication code are randomly read in the order of b.

Further, for example, the selection authentication code PWA-
When PWC is selected and the transmission order as shown in FIG. 4D is given, blocks B5 → B1 → B4 of the memory 15
→ B10 → B3 → B0 → B7 → B2 → B6 → B9 → B8
The code is read in the order of PWb → IDb →
PWa → PWC → IDd → IDa → PWd → IDc → P
The unique code and the authentication code are randomly read in the order of Wc → PWB → PWA.

In this way, when the unique code and the authentication code in the memory 15 are read by the reader / writer 2, the read unique code and the authentication code are transmitted from the communication I / F 24 to the terminal device 3 in the above transmission order. Yes (STEP 20). Therefore, the reader / writer 2
In the case of FIG. 4A, IDa → IDb → IDc → ID
In the order of d → PWa → PWb → PWc → PWd → PWB,
In the case of FIG. 4B, PWd → IDa → PWC → IDb →
In the order of PWa → IDc → PWc → PWb → IDd, FIG.
In the case of (c), PWc → IDa → PWA → PWd → PW
a → IDc → IDd → PWb → PWB → IDb
In the case of FIG. 4D, PWb → IDb → PWa → PWC →
IDd → IDa → PWd → IDc → PWc → PWB → P
The unique code and the authentication code are transmitted in the order of WA.

When the unique code and the authentication code are received by the terminal device 3, the reception of the unique code and the authentication code is confirmed by the tag data reading program (S
TEP21). Then, after controlling the reader / writer 2 to be in a standby state (STEP 22), the received unique code and authentication code are given to the browser, and the unique code and authentication code are transmitted using the browser (STEP 23).

Then, through the communication network 5, I
The server 4 receives the unique code and the authentication code stored in the C tag 1 (STEP 24), and authenticates the IC tag 1 (STEP 25). At this time, STEP10
Authentication is performed by returning the unique code and the authentication code, which are transmitted based on the transmission order set in, to the original state recorded in the IC tag 1.

When the IC tag 1 is authenticated, an IC tag authentication notification signal for notifying that the IC tag 1 is authenticated is transmitted to the terminal device 3 (STEP 26). When the terminal device 3 receives the authentication notification signal, the authentication result is displayed using the browser (STEP 27). Further, the reader / writer 2 set to enter the standby state disconnects communication with the IC tag 1 (STEP 28) and enters the standby state (STE).
P29). Further, when the communication with the reader / writer 2 is cut off, the IC tag 1 stops the operation of each block (S
TEP30).

As described above, according to this embodiment, every time the tag data reading program for operating the reader / writer is activated, communication with the server is performed and the transmission order of the codes stored in the IC tag is set. To be done. Therefore,
Each time the tag data reading program is activated, the transmission order of the code will be different, so even if the code is read during communication between the reader / writer and the terminal device, the transmission order is not known, so each code is read. And its safety can be improved.

<Second Embodiment> A second embodiment of the present invention will be described with reference to the drawings. FIG. 5 is a time chart showing an authentication procedure by the authentication system of this embodiment. In the timing chart of FIG. 5, the same operations as those in the timing chart of FIG. 3 are designated by the same reference numerals, and detailed description thereof will be omitted.

In the present embodiment, it is assumed that the tag data reading program is plugged into the browser. In this way, by plugging in, the file size of the tag data reading program can be made smaller than when it is operated as one application, and the amount of memory used during operation can be reduced. Further, in the present embodiment, the authentication system having the configuration of FIG. 1 is used as in the first embodiment.

First, as in the first embodiment, the terminal device 3
In, when the browser and the tag data reading program are activated, the tag data reading program confirms the activation of the browser and requests the connection to the server 4 (STEP1 to STEP4). Then, the server 4 recognizes the connection request, and transmits the user ID and password input page (STEP 5, STEP 6). In the terminal device 3, this input page is displayed in the browser,
The entered user ID and password are sent (ST
EP7, STEP8), the server 4 authenticates the terminal device 3 (STEP9).

When the terminal device 3 is authenticated by the server 4,
The transmission order of each code read from within the IC tag 1 is set and transmitted to the terminal device 3 (STEP 10, ST
EP11). Then, in the terminal device 3, the tag data reading program is directly given the transmission order of each code, and the transmission order of each code is transmitted to the reader / writer 2 and connected to the reader / writer 2 for communication (ST.
EP14a).

Then, when the reader / writer 2 enters the standby state and the IC tag 1 receives the IC tag detection signal transmitted at this time and the operation starts, the IC tag 1 notifies the IC tag 1 that communication is possible. Then, the reader / writer 2 confirms (STEP 15 to STEP 18). In this way, when the IC tag 1 and the reader / writer 2 are in a state where they can communicate with each other, the code is read according to the transmission order set by the server 4 in STEP 10 and transmitted to the terminal device 3 (STEP 19 , 20).

When the reception of the unique code and the authentication code is confirmed by the tag data reading program of the terminal device 3, the received unique code and the authentication code are transmitted to the server 4 (STEP 21a). Then, when the server 4 receives the unique code and the authentication code, the IC tag 1 is authenticated and the authentication result is notified to the terminal device 3 (STEP 24 to STEP 2).
6). The terminal device 3 which has been notified of the authentication result displays the authentication result by the browser (STEP 27).

Further, in STEP 21a, the code is the server 4
Then, the reader / writer 2 is set to be in a standby state (STEP 22). Then, in the reader / writer 2, the communication with the IC tag 1 is disconnected to enter the standby state, and the IC tag 1 stops the operation of each block (STEP 28 to STEP 30).

As described above, when the IC tag is authenticated in the terminal device, the IC tag reading software directly communicates with the server, so that the processing time can be shortened as compared with the case where the communication is performed through the browser. it can. Further, since the data to the browser is not transmitted, it is possible to prevent the data on the web from being stolen.

In the first embodiment, as in the second embodiment, the tag data reading program may be plugged into the browser in the terminal device.
Conversely, in the second embodiment, the tag data reading program and the browser may operate as independent applications in the terminal device, as in the first embodiment.

<Third Embodiment> A third embodiment of the present invention will be described with reference to the drawings. FIG. 6 is a block diagram showing the configuration of the authentication system of this embodiment. Also, FIG.
6 is a time chart showing an authentication procedure by the authentication system of FIG. 6. In addition, in the authentication system of FIG.
The same parts as those of the authentication system are attached with the same notations and a detailed description thereof will be omitted.

The authentication system shown in FIG. 6 is composed of an IC tag 1, a reader / writer 2a, a terminal device 3, a server 4, and a communication network 5, like the authentication system shown in FIG. In this authentication system, the reader / writer 2
Unlike the reader / writer 2 (FIG. 1) in the first embodiment, a has a memory 25 for storing the unique code and the authentication code read from the IC tag 1.

The operation of each block in the authentication system at this time will be described with reference to the timing chart of FIG. In the timing chart of FIG.
The same operations as those in the timing chart of FIG. 3 are designated by the same reference numerals, and detailed description thereof will be omitted.

Similar to the first embodiment, in the terminal device 3, when the browser and the tag data reading program are activated and the connection to the server 4 is requested (STEP 1 to STEP 1).
(STEP 4), the server 4 transmits a user ID and password input page (STEP 5, STEP 5)
6). Then, the terminal device 3 transmits the user ID and password input to this input page (S
The server 3 authenticates the terminal device 3 (TEP7, STEP8) (STEP9).

When the terminal device 3 is authenticated by the server 4,
The transmission order of each code read from inside the IC tag 1 is
It is transmitted to the terminal device 3 (STEP 10, STEP 1
1). Then, in the terminal device 3, after the page for reading is displayed, a communication permission signal is created, the transmission order of each code is transmitted, and communication connection with the reader / writer 2a is made (STEP 12 to STEP 14).

Further, when the reader / writer 2a is in the standby state (STEP 15), when the IC tag 1 approaches the communicable area of the reader / writer 2a, each circuit of the IC tag 1 operates and the IC tag 1 operates. 1 sends the notification signal (S
It is recognized that the IC tag 1 is communicable in the reader / writer 2a (TEP16, STEP17) (S).
TEP18).

In this way, the IC tag 1 and the reader
When the writer 2a is in a state where it can communicate with each other, non-contact wireless communication is performed and the code stored in the memory 15 is read (STEP 19). At this time, IC tag 1
At the unique code I stored in the memory 15
Da to IDd, fixed authentication codes PWa to PWd, and selection authentication codes PWA to PWC are blocks B0 → B.
1 → B2 → B3 → B4 → B5 → B6 → B7 → B8 → B9
→ Read in the order of B10. Therefore, first, the leader
For the writer 2a, IDa → IDb → IDc → IDd
After the unique code is transmitted in this order, PWa → PWb
The authentication code is transmitted in the order of → PWc → PWd → PWA → PWB → PWC.

When the reader / writer 2a receives the unique codes IDa to IDd and the authentication codes PWa to PWd and PWA to PWC, the unique codes IDa to IDd and the authentication codes PWa to PWd and PW are stored in the memory 25.
A to PWC are sequentially stored (STEP 51). Then, when the communication connection in STEP 14 from the terminal device 3 is confirmed (STEP 52), each code of the IC tag 1 stored in the memory 25 is transferred from the communication I / F 24 to the STE.
It transmits to the terminal device 3 according to the transmission order set by P10 (STEP53).

That is, when the transmission order as shown in FIG. 4A is given from the terminal device 3, IDa → IDb → IDc → I
The unique code and the authentication code of the ID tag 1 stored in the memory 25 are read in the order of Dd → PWa → PWb → PWc → PWd → PWB, and are transmitted to the terminal device 3 from the communication I / F 24. Further, in the transmission order as shown in FIG. 4B, PWd → IDa → PWC → IDb → PWa → I.
Dc → PWc → PWb → IDd, and in the transmission order as shown in FIG. 4C, PWc → IDa → PWA → PWd → P.
Wa → IDc → IDd → PWb → PWB → IDb in this order, and in the transmission order as shown in FIG. 4D, PWb → IDb →
PWa → PWC → IDd → IDa → PWd → IDc → P
The data is transmitted to the terminal device 3 in the order of Wc → PWB → PWA.

When the reception of the unique code and the authentication code is confirmed by the tag data reading program in the terminal device 3 (STEP 21), the reader / writer 2a.
The communication connection with is disconnected (STEP 22). Then, the received unique code and authentication code are given to the browser, and the unique code and authentication code are transmitted (STE
P23). After that, the server 4 receives the unique code and the authentication code, the server 4 authenticates the IC tag 1, and transmits the IC tag authentication notification signal (STEP 2).
4 to STEP26). The terminal device 3 that has received the authentication notification signal displays the authentication result (STEP 27).

When the terminal device 3 issues a standby instruction in STEP 22, the reader / writer 2a erases each code stored in the memory 25 (STEP 54) and disconnects communication with the IC tag 1. Standby state (STEP2
8, STEP 29). When the reader / writer 2a enters the standby state in this way, the operation of the IC tag 1 is stopped (ST
EP30).

As described above, according to this embodiment, as in the first embodiment, every time the tag data reading program for operating the reader / writer is activated, communication with the server is performed and the data is stored in the IC tag. The transmission order of the codes to be set is set. Further, unlike the first embodiment, the code read from the IC tag is temporarily held in the reader / writer and then given to the terminal device, so that the communication timing between the IC tag and the reader / writer, the reader / writer and the terminal Even if the timing of communication with the device is deviated, authentication can be performed.

Further, as in the present embodiment, the reader / writer is provided with a memory so that each code in the IC tag is received and stored in the memory, and communication with the IC tag is performed. May be notified to the terminal device. At this time, when the terminal device recognizes that the reader / writer is communicating with the IC tag, the terminal device communicates with the server to authenticate the terminal device, and then the code in the IC tag set in the server. Get the transmission order of. Then, the acquired transmission order can be given to the reader / writer to request transmission of each code of the IC tag stored in the memory. Therefore, the transmission order can be different every time the communication with the IC tag is performed.

<Fourth Embodiment> A fourth embodiment of the present invention will be described with reference to the drawings. FIG. 8 is a time chart showing an authentication procedure by the authentication system of this embodiment. In the timing chart of FIG. 8, the same operations as those in the timing chart of FIG. 7 are designated by the same reference numerals, and detailed description thereof will be omitted. Further, in the present embodiment, the authentication system having the configuration of FIG. 6 is used as in the third embodiment.

The operation of each block in the authentication system of this embodiment will be described with reference to the timing chart of FIG. In this embodiment, the reader / writer 2a
Also, the terminal device 3 and the server 4 perform the same operations as in the third embodiment. Therefore, the communication operation performed between the IC tag 1 and the reader / writer 2a will be described below.

Similar to the third embodiment, the reader / writer 2
When the IC tag 1 approaches the communicable area of the reader / writer 2a when a is in the standby state, each circuit of the IC tag 1 operates and the IC tag 1 sends a notification signal to the reader / writer. 2a recognizes that the IC tag 1 can communicate (STEP 15 to STEP 18). In the communication state, when the unique code and the authentication code stored in the memory 15 are read out in the order of the stored blocks as in the third embodiment, they are stored in the memory 25 in order (STEP 19, STEP 51).

In this way, when the unique code and the authentication code are all stored in the memory 25, the IC tag 1
The communication with the reader / writer 2a is cut off and the operation of the IC tag 1 is stopped (STEP2
8 to STEP30). In this way, the reader / writer 2a
Performs non-contact wireless communication with the IC tag 1, stores the unique code and the authentication code in the IC tag 1 in the memory 25, and enters a standby state.

As described above, when the reader / writer 2a is in operation, the terminal device 3 transmits the transmission order of the codes and requests the communication connection (STEP1).
4), memory 2 by non-contact wireless communication with a plurality of IC tags 1
The code of each IC tag 1 stored in 5 is stored in the memory 25.
From the reader / writer 2a to the terminal device 3 in the order stored in
Sent to (STEP52, STEP53, STEP
21). At this time, the code of each IC tag 1 stored in the memory 25 is transmitted according to the transmission order of each code set by the server 4 in STEP 10. Then, the instruction of the standby state is given from the terminal device 3 to the reader / writer 2.
When it is given to a, the code of each IC tag 1 stored in the memory 25 is erased and a standby state is set (STEP
54, STEP 60).

Incidentally, also in the third and fourth embodiments,
As in the second embodiment, the tag data reading program may be plugged into the browser in the terminal device, and when the server authenticates the terminal device, the browser can be used without using the browser. The tag data reading program may directly communicate with the server.

Further, in the authentication systems having the configurations as in the first to fourth embodiments, in each of the above-described embodiments, the IC is read every time the tag data reading program in the terminal device is activated.
Although the transmission order of the code in the tag is set, the server may set the transmission order of the code at every predetermined time and transmit the code to the terminal device. By doing so, the terminal device and the reader / writer can be kept in the communication standby state at all times, and the transmission order is different at each predetermined time, so that the communication safety is further enhanced.

Further, in each of the above-described embodiments, the server and the terminal device are communicatively connected on the web using the Internet as the communication network, but a LAN may be used as the communication network. At this time, a browser is not required, and the tag data reading program establishes a communication connection between the terminal device and the server via the LAN.

Further, although the IC tag has been described as an example in each of the above-described embodiments, an IC card or an ID card can be used in the authentication system of each of the above-described embodiments.

[0070]

As described above, according to the present invention,
Of the second code of the personal information stored in the responder, the code transmitted from the interrogator to the terminal device is notified to the terminal device by the server. Therefore, even if the communication between the interrogator and the terminal device is read by a device that is not notified by the server, the code sent to the terminal device differs depending on that time, and it is forged using the read code. It is possible to prevent spoofing by a transponder.

The server notifies the terminal device of the order in which the personal information stored in the responder is transmitted from the interrogator to the terminal device. Therefore, even if the communication between the interrogator and the terminal device is read by a device that is not notified by the server, the code sent to the terminal device differs depending on that time, and it is forged using the read code. It is possible to prevent spoofing by a transponder. As described above, according to the present embodiment, it is possible to improve the security of the authentication system by preventing the code read between the terminal device and the interrogator from being easily forged.

[Brief description of drawings]

FIG. 1 is a block diagram showing a configuration of an authentication system according to first and second embodiments.

FIG. 2 is a diagram showing a recording state of each code in a memory of an IC tag.

FIG. 3 is a timing chart showing the operation of each block in the authentication system of the first embodiment.

FIG. 4 is a timing chart showing the operation of each block in the authentication system of the second embodiment.

FIG. 5 is a diagram showing an example of a transmission order of each code in a memory of an IC tag.

FIG. 6 is a block diagram showing a configuration of an authentication system according to third and fourth embodiments.

FIG. 7 is a timing chart showing the operation of each block in the authentication system of the third exemplary embodiment.

FIG. 8 is a timing chart showing the operation of each block in the authentication system of the fourth exemplary embodiment.

FIG. 9 is a diagram for explaining reading of data in a conventional authentication system.

[Explanation of symbols]

1 IC tag 2 Reader / Writer 3 terminal devices 4 servers 5 Communication network

Claims (7)

[Claims] 1. A transponder having a first memory for storing personal information, an interrogator for communicating with the transponder, a terminal device for controlling the operation of the interrogator, and communication with the terminal device. And an RFID authentication system configured to authenticate the transponder, wherein the personal information is composed of a plurality of codes, and all the constituent codes are read by the interrogator, and a plurality of codes. A second code selected and read by the interrogator from the codes that are configured and configured, and a plurality of codes that configure the first code in the first memory of the responder; A plurality of codes forming a code is stored in each block forming the memory for each code, and the server is configured to A block position in the first memory of a code read out of a plurality of codes forming the two codes, and the terminal device notifies the interrogator of the block position code and the block position code. A first code and a notification to be transmitted to the terminal device, when the interrogator is in a state of being able to communicate with the responder, after reading the personal information from the responder, the code of the block position And the first code are transmitted to the terminal device, and the read code of the block position and the first code are transmitted from the terminal device to the server, whereby the transponder in the server An RFID authentication system characterized by being authenticated. 2. A transponder having a first memory for storing personal information, an interrogator for communicating with the transponder, a terminal device for controlling operation of the interrogator, and communication with the terminal device. And a server for authenticating the transponder together with the personal information, the personal information being composed of a plurality of codes, and a plurality of constituting the personal information in the first memory of the transponder. Is stored in each block that constitutes the memory for each code, and when the server reads out a plurality of codes constituting the personal information from the terminal device, the first code of each of the codes is stored. The read order is randomly set according to the block position in the memory and the notification is performed, and the terminal device notifies the interrogator of the block position notified from the server. When the interrogator is in a state in which it can communicate with the responder, it notifies the personal information from the responder when the interrogator is in a state of being communicable with the responder. After reading, the plurality of codes are transmitted to the terminal device according to the reading order according to the block position, and the plurality of codes forming the read personal information are transmitted from the terminal device to the server, The RFID authentication system, wherein the transponder is authenticated by the server. 3. A transponder having a first memory for storing personal information, an interrogator for communicating with the transponder, a terminal device for controlling the operation of the interrogator, and communication with the terminal device. And an RFID authentication system configured to authenticate the transponder, wherein the personal information is composed of a plurality of codes, and all the constituent codes are read by the interrogator, and a plurality of codes. A second code selected and read by the interrogator from the codes that are configured and configured, and a plurality of codes that configure the first code in the first memory of the responder; A plurality of codes forming a code is stored in each block forming the memory for each code, and the server is configured to Notifying the block position in the first memory of the code read out of the plurality of codes forming the two codes, the code read out from the second code and the first code
When the third code including a plurality of codes forming the code is read, a read order of each code forming the third code according to a block position in the first memory is randomly set and notified, and the terminal The device notifies the interrogator to transmit a plurality of codes forming the third code to the terminal device according to the reading order according to the block position notified from the server, and the interrogator When it becomes possible to communicate with the transponder, after reading the personal information from the transponder, a plurality of codes forming the third code are transmitted to the terminal device according to the reading order according to the block position, and the reading is performed. By transmitting the issued third code from the terminal device to the server, the responder in the server RFID authentication system characterized in that it evidenced. 4. The RFI according to claim 1, wherein the interrogator directly transmits the respective codes read from the responder to the terminal device.
D authentication system. 5. The interrogator comprises a second memory for temporarily holding each of the codes read from the responder, and after temporarily holding each of the codes read from the responder in the second memory, 4. The terminal device transmits a request to transmit the codes to transmit the codes temporarily stored in the second memory to the terminal device. RFID authentication system. 6. The RFID authentication system according to claim 1, wherein the notification from the server to the terminal device is performed at a predetermined timing. 7. The method according to claim 6, wherein the predetermined timing is a timing when the terminal device requests a communication connection to the server and the server authenticates the terminal device. RFID authentication system.