JP2006246269A - Id management apparatus and method for protecting link disability of id device in other service environment - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide such a high-speed ID identification system that a link capability is allowed only to a second person service in a multi-service enabled ID device and a link disability is guaranteed to other persons including a third person service. <P>SOLUTION: In an identification method comprising only one user ID given to an ID device, a sub ID resulting from extracting a part of the user ID, a service system using the sub ID to identify a user, a sub ID list for a plurality of users that the service system includes, a plurality of other service systems for identifying a user using another sub ID resulting from extracting a part other than the sub ID, another sub ID list for a plurality of users that each of the other service systems includes, and only one service ID given to each of the service systems, a service system identifies a sub ID without exchanging a user ID and a sub ID between an ID device and the service system while keeping a value thereof as it is and the other service system is not permitted to identify the sub ID. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to security of an ID device such as an RFID (Radio Frequency Identification) tag, an IC card, and a mobile phone, personal information protection, link inability, authentication, and identification.

Currently, when a small device such as an IC card, an RFID tag, or a mobile phone is given to an article or a user and the user enjoys various services, the article or the Increasingly, users are identified.

An IC card is a card-shaped device that can communicate with service devices in a contact or non-contact state, and it can continue to memorize a processor with computing power and communication, including an antenna inside. It has a non-volatile memory that can.

An RFID tag is a small device that can communicate with service equipment in a non-contact state, and it is a non-volatile device that can continue to memorize even after the end of communication with a processor with computing power, including an antenna inside. With memory.

These devices retain a unique identifier (ID) in the service so that they can be distinguished from other devices.

Therefore, a device having these IDs is called an ID device.

However, there is a possibility that these IDs may be read by an arbitrary third party without the user's knowledge, and as a result, the position of the ID device and personal information related to the ID will be leaked. Will occur.

In particular, there is a problem of linking possibility that a third party can select and know the history of one ID device from the history of identification of a plurality of ID devices.

The problem of linkability is that the personal information can be found in the third person without knowing the personal information such as the name and address of the user. It is a problem that is threatened.

The linkability problem is more difficult than ordinary personal information protection in that it cannot be solved by simply encrypting the ID and using it for identification.

Based on this, when identifying an ID, a method has been proposed in which a value that changes every time, such as a random number, is added to the ID encryption input, and a different value can be obtained each time for a third party. (Patent Document 1).

On the other hand, as information services become popular in the world, users often hold a large number of IC cards, and the demand for using one IC card as an ID device for a plurality of services has increased.

Also, the RFID tag attached to an article is desired to be used for different purposes in a plurality of scenes in the life cycle of the article, and this case also meets the requirement of using one ID device for a plurality of services.

However, the more an ID device is used for a number of services, the greater the damage when that ID leaks from the service or ID device.

Linkability issues increase as well, increasing the risk of constantly tracking individual behavior.

Therefore, a sub ID given by extracting a part of the ID given to the ID device is used for each service, and another sub ID given by extracting another part of the ID is given to another service. Methods have been proposed to prevent the spread of damage by using them (Non-patent Document 1, Patent Document 2).

Stephen A. Weis et al. Iron ecurity and Privacy Aspects of Low-Cost Radio Frequency Identification Systems ASpringer Verlag, `` Security in Pervasive Computing '', Lecture Notes in Computer Science, Volume 2802, 201-212, 2003 JP 2004-317764 A JP 2004-192487 A

As described above, in an ID device that realizes multiple services, it is guaranteed that a third party cannot select and know the history of one ID device from the history of identification of a plurality of ID devices. It is important to achieve the inability to link.

Non-Patent Document 1 and Patent Document 1 identify the ID by encrypting the ID together with a value that changes every time, so that a different value can be obtained each time for the third party. This is a method for realizing inability to link.

However, in a multi-service environment, the third party includes services other than the second party service (third-party service).

Since Non-Patent Document 1 and Patent Document 1 do not assume such a multi-service, it is not possible to distinguish between a second party service and a third party service.

As a result, inability to link to a person who does not have service qualification can be realized, but inability to link to a third party having service qualification cannot be realized.

Further, although Patent Document 2 is intended for multi-service, there is no description about the identification method of the ID device, so that link inability cannot be realized.

The present invention is an ID identification system that allows linkability only to a second party service in an ID device capable of multiple services, and guarantees unlinkability to others including the third party service. The purpose is to provide.

It is another object of the present invention to provide a method in which an ID device and a service authenticate each other safely when performing identification that allows linkability only to the second party service as described above.

It is another object of the present invention to provide a method for suppressing an increase in processing time and speeding up, which is a problem in identification and authentication that allows linkability only to the second party service as described above.

To achieve this object, according to the identification method of the present invention, the service system identifies the sub-ID without allowing the ID device and the service system to exchange the user ID and the sub-ID with the same values, so that the other service system can recognize the sub-ID. Is characterized in that the sub-ID is not identified, and in order to realize this, a plurality of users, an ID device held by each of the users, a user ID uniquely given to the ID device, and one of the user IDs A sub-ID given by extracting a part, a service system for identifying a user using the sub-ID, a sub-ID list for the plurality of users of the service system, and one of the user IDs other than the sub-ID A plurality of other service systems for identifying the user using other sub-IDs obtained by extracting the parts And other sub ID list for a plurality of said user, each said other service system has, configured to include the service ID given to only the service system.

As a result, users other than the second party service system cannot know the sub ID even if they steal communication that occurs in identification, and achieve the inability to link to the third party service system or the third party. it can.

The identification method of the present invention configured as described above achieves unlinkability in identification of ID devices according to the six configurations described below.

As a first configuration, the service system generates a service random number using the service random number generator, the service system transmits the service ID and the service random number to the ID device, and then the ID device Retrieves the sub-ID corresponding to the previous service system from the service ID, and then the ID device generates a user random number using the user random number generator, and then the ID device performs the user hash A user hash value obtained by hash-converting the user random number, the service random number, and the sub ID using a device is passed to the service system together with the user random number, and then the service system includes the service hash device, the service random number, User random number and sub Processing is performed to identify an ID device by searching for the sub ID corresponding to the user hash value using an ID list.

As a result, users other than the second party service system cannot know the sub ID even if they steal communication that occurs in identification, and achieve the inability to link to the third party service system or the third party. it can.

As a second configuration, the service system generates a service random number using the service random number generator, the service system transmits the service ID and the service random number to the ID device, and then the ID device Retrieves the sub-ID corresponding to the previous service system from the service ID, and then the ID device generates a user random number using the user random number generator, and then the ID device transmits the public key and the public key. An encrypted value obtained by encrypting the user random number, the service random number, and the sub ID using a public key encryption device is passed to the service system, and then the service system uses the secret key and the public key decryption device. Processing to identify the ID device by decrypting the encrypted value into the sub-ID using To do.

As a result, users other than the second party service system cannot know the sub ID even if they steal communication that occurs in identification, and achieve the inability to link to the third party service system or the third party. it can.

As a third configuration, the service system transmits the service ID to the ID device, and then the ID device searches the sub-ID corresponding to the previous service system from the service ID, and then the ID A device generates a user random number using the user random number generator, and then the user ID and the user hash value obtained by hash-converting the user random number and the user ID using the user hash device by the ID device Passed to the service system together with the group ID, and then the service system identifies the group to which the ID device belongs based on the group ID and the group ID list, and then the service system and the service hash device and the previous user random number And the self Processing is performed to identify an ID device by searching the user ID corresponding to the user hash value from the users belonging to the group using a user ID list.

As a result, for users other than the user and the second party service system, the sub-ID cannot be known even if the communication occurring in the identification is stolen, and the inability to link to the third party service system or the third party is constant. At the same time, the sub-ID list search process required on the service system side can be speeded up.

As a fourth configuration, the service system transmits the service ID to the ID device, and then the ID device searches the sub-ID corresponding to the previous service system from the service ID, and then the ID The device generates a user random number using the user random number generator, and then the ID device uses the user hash device to hash the user random number and one partial sub ID into a user hash value. A partial sub-ID disclosure process of passing to the service system together with a random number is executed, and then the service system uses the service hash device, the previous user random number, and the user ID list held by itself to correspond to the user hash value Sub ID to narrow down the user ID of A narrowing-down process is executed, and thereafter, the partial sub-ID disclosure process and the sub-ID narrowing-down process are repeated until the sub ID is narrowed down to one to identify the ID device.

As a result, for users other than users and second party service systems, the sub-ID cannot be known even if the communication that occurs in the identification is stolen, and the inability to link to the third party service system or the third party is maximized. At the same time, the sub-ID list search process required on the service system side can be speeded up.

As a fifth configuration, in addition to the third or fourth configuration, a sub ID is extracted so that the user ID and the sub ID for all the users match, and the service IDs of all the services are empty. It is configured to be a fixed value including a value.

As a result, not only in a multi-service environment, but also in cases where link unavailability is required in a conventional service environment, search processing of the sub ID list required on the service system side while achieving link unavailability is performed. The speed can be increased.

As a sixth configuration, in addition to any one of the first to fifth configurations, the service system and the ID device are configured to authenticate each other.

Accordingly, it is possible to perform mutual authentication between the ID device and the service system while achieving unlinkability simultaneously with identification of the ID device while achieving unlinkability.

The sixth configuration realizes mutual authentication between the ID device and the service system while maintaining the link inability according to the two configurations described below.

As the configuration of 6a, in addition to the configuration of any one of 1 to 5, the service system uses the user hash device to pass the service hash value obtained by hash-converting the user random number and the sub ID to the ID device, Thereafter, the ID device checks whether the service hash value corresponds to the previous user ID by using the user hash device, the service random number, and the sub ID possessed by the ID device, and if the ID device corresponds, the previous ID device makes the service system Is authenticated as a correct service system, so that mutual authentication is realized.

As a result, mutual authentication between the ID device and the service system can be realized while maintaining the link inability.

As a configuration of No. 6a, in addition to the configuration of any one of 1 to 5, the service system encrypts the service random number and the sub ID using the public key and the public key encryption device. The ID device decrypts the service encryption value with the user secret key and the user public key decryption device, and if the ID device matches the sub ID, the previous period ID device corrects the service system. It is processed so as to realize mutual authentication by authenticating it as a service system.

As a result, mutual authentication between the ID device and the service system can be realized while maintaining the link inability.

  According to the identification method of the present invention, the ID device is identified only by the second party service system and is not identified by the third party service system or the third party.

The ID device outputs a value necessary for identification using a value that can be identified only by the second party service system after receiving the service ID from the second party service system. Appearing different values each time, and based on the identification history of a plurality of ID devices, the history of the same ID device cannot be extracted, and link inability can be achieved.

  Further, according to the mutual authentication method of the present invention, mutual authentication can be performed while identifying the ID device only to the second party service system.

  Since mutual authentication is performed between the ID device and the second party service system while encrypting or hashing the values necessary for identification, mutual authentication is performed while ensuring link inability to persons other than the second party service system. It can be carried out.

A || B represents a combination of two pieces of information A and B. As information combination, there are a method of simply connecting two pieces of information and a method of taking an exclusive OR of two pieces of information.

H (A) represents a hash value obtained by converting information A by a one-way hash function.

In general, a one-way hash function is required to correspond to an input having an arbitrary length, but the one-way hash function used in the present invention includes one corresponding only to a fixed-length input.

(Embodiment 1)
Example 1 of the present invention will be described.

In this embodiment, a non-contact IC card is assumed as the ID device.

FIG. 1 illustrates an example of a service system using an ID device.

In FIG. 1, 1a to 1c are users, 2a to 2c are ID devices of each user, 3a to 3c are service systems, 4a to 4c are readers (ID device readers) of each service system, and 5a to 5c are each Information systems 6a to 6c possessed by the service system are database systems possessed by the service systems.

FIG. 2 shows the configuration of the IC card.

In FIG. 2, 14 is an IC card, 15 is a cryptographic calculation unit having a hash device and a random number generation device, 16 is a logical calculation unit that performs calculation, 17 is a wireless communication unit, 19 is a non-volatile memory that stores data, and 18 is A ROM area for storing the user ID, 20 is a power supply unit that changes the waveform from the antenna to power, and 21 is an antenna for communicating with the outside wirelessly.

The IC card according to the present invention includes a function f for extracting the start address and the end address of the corresponding sub ID of the service system from the service ID, a hash device, and a random number generator.

As an example of the function f, a function that outputs “service ID × sub ID length” as the start address of the sub ID and “(service ID + 1) × sub ID length−1” as the end address is considered. It is done.

It is also conceivable to use a lookup table in which the service ID and the address of the sub ID of the service system are recorded in the ROM in advance as the function f.

FIG. 3 shows the arrangement of sub IDs in the user and the service system.

In FIG. 3, 29a to 29c are user IDs respectively held in the IC card, 30a to 30c are sub IDs for the service system 1 of each user ID, 31a to 31b are service systems, and 32a to 32c are services of each user ID. Sub IDs 32d to 32f for the system 1 are sub IDs for the service system 1 of each user ID.

As a hash function implemented in the hash device, SHA (Secure Hash Algorithm) -256, SHA-512, MD5, or the like can be used.

The information system of the service system stores, in a database, sub IDs corresponding to all users who provide services issued by IC card issuing agencies.

Also, a service ID for specifying the service system issued by the IC card issuing organization is stored in the database.

FIG. 4 shows a procedure of an identification method using a hash function between the IC card and the service system.

The reader that senses that the IC card has approached generates a random number Rs by the random number generator (Step 15), and retrieves the service ID stored in the database (Step 16).

The information system transmits the random number Rs and the service ID to the IC card through the reader (Step 17).

The random number Rs is stored in the memory of the information system.

The IC card that has received the service ID from the reader (Step 2) extracts the start address and the end address of the sub ID of the service system corresponding to the service ID by the function f (Step 4).

The IC card takes out the sub ID from the ROM area for storing the user ID by designating the taken out address (Step 5).

The IC card generates a random number Ru by a random number generator (Step 3), and combines the data of the sub ID, the random number Rs, and the random number Ru.

The IC card converts the combined data of the random number Rs, the random number Ru, and the sub ID SID into a hash value by using a hash device (Step 6), and passes the hash value Hu = H (Rs || Ru || SID) and the random number Ru through a reader. The information is sent to the information system (Step 7) (Step 18).

The information system uses the random number Ru sent from the IC card and the random number Rs stored in the memory to calculate H (Rs || Ru || SID) for all sub IDs included in the database. A search is made for a match with the hash value Hu sent from the IC card (Steps 19 to 21).

The sub ID corresponding to H (Rs || Ru || SID) that matches the hash value Hu is the ID of the IC card. If the corresponding sub ID is not found, the information system ends the protocol (Step 25).

The information system transmits the sub ID and Hs = H (SID || Ru) obtained by hashing the random number transmitted from the IC card to the IC card through the reader (Steps 22, 23, 8).

The IC card verifies whether Hs sent from the reader matches H (SID || Ru) (Step 9).

If they match, the IC card notifies the reader of successful authentication (Steps 10, 12, and 23).

If they do not match, the IC card reports an authentication failure to the reader (Steps 11, 12, and 23), and ends the authentication protocol (Step 13).

When the authentication is successful, various services are performed between the IC card and the information system.

Consider point services and marketing systems in retail stores.

By requesting the customer to present an IC card when purchasing a product, the retail store can link the information on the product purchased by the customer based on the sub ID. Therefore, the retail store can analyze the purchase pattern for each customer in the linked product information, and has an advantage that can be utilized for marketing. In addition, since the retail store accumulates points according to the purchase amount of the customer based on the sub ID, there is an advantage that the customer can shop according to the number of accumulated points.

FIG. 4 shows the procedure of an ID identification method using a hash device between the IC card and the service system.

The reader that senses that the IC card has approached generates a random number Rs by the random number generator (Step 15), and retrieves the service ID stored in the database (Step 16).

The information system transmits the random number Rs and the service ID to the IC card through the reader (Step 17).

The random number Rs is stored in the memory of the information system.

The IC card that has received the service ID from the reader (Step 2) extracts the start address and the end address of the sub ID of the service system corresponding to the service ID by the function f (Step 4).

The IC card takes out the sub ID from the ROM area for storing the user ID by designating the taken out address (Step 5).

The IC card generates a random number Ru by a random number generator (Step 3), and combines the data of the sub ID, the random number Rs, and the random number Ru.

The IC card converts the combined data of the random number Rs, the random number Ru, and the sub ID into a hash value by using a hash device (Step 6), and the hash value Hu = H (Rs || Ru || SID) and the random number Ru are passed through the reader. It is sent to the system (Step 7) (Step 18).

The information system uses the random number Ru sent from the IC card and the random number Rs stored in the memory to calculate H (Rs || Ru || SID) for all sub IDs included in the database. A search is made for a match with the hash value Hu sent from the IC card (Steps 19 to 21).

The sub ID corresponding to H (Rs || Ru || SID) that matches the hash value Hu is the ID of the IC card. If the corresponding sub ID is not found, the information system ends the protocol (Step 25).

The information system transmits the sub ID and Hs = H (SID || Ru) obtained by hashing the random number transmitted from the IC card to the IC card through the reader (Steps 22, 23, 8).

The IC card verifies whether Hs sent from the reader matches H (SID || Ru) (Step 9).

If they match, the IC card notifies the reader of successful authentication (Steps 10, 12, and 23).

If they do not match, the IC card reports an authentication failure to the reader (Steps 11, 12, and 23), and ends the authentication protocol (Step 13).

When the authentication is successful, various services are performed between the IC card and the information system.

Consider the case of building access control.

A reader is attached to the door of the building. Whether or not the user has the authority to open and close the door of the room can be determined from the extracted sub ID.

Further, it is assumed that the biometric information of the user who holds the IC card, for example, fingerprint information and eye iris information, is stored in the memory of the IC card.

After successful authentication, access to the biometric information in the memory of the IC card is permitted, and the information system retrieves the biometric information. A biometric information reader, for example, a fingerprint reader or an iris reader, is connected to the information system, and the user causes the biometric information reader to read a fingerprint or an iris.

By comparing the biometric information in the card with the information from the biometric information reader, the information system can confirm that the authenticator is the owner of the authorized IC card.

Since biometric information is stored in the card, there is no need to manage biometric information that is personal information of the user on the information system side.

Also, a method using public key cryptography can be used as the identification method.

FIG. 5 shows the procedure of the identification method using public key cryptography between the IC card and the service system.

The reader that senses that the IC card has approached generates a random number Rs by the random number generator (Step 15), and retrieves the service ID stored in the database (Step 16).

The information system transmits the random number Rs and the service ID to the IC card through the reader (Step 17).

The random number Rs is stored in the memory of the information system.

The IC card that has received the service ID from the reader (Step 2) extracts the start address and the end address of the sub ID of the service system corresponding to the service ID by the function f (Step 4).

The IC card takes out the sub ID from the ROM area for storing the user ID by designating the taken out address (Step 5).

The IC card generates a random number Ru by a random number generator (Step 3), and combines the data of the sub ID, the random number Rs, and the random number Ru.

The IC card converts the combined data of the random number Rs, the random number Ru, and the sub ID SID into an encrypted value by the public key encryption device E (Step 6), and the encrypted value Eu = E (Rs || Ru || SID) and the random number Ru is sent to the information system through the reader (Step 7) (Step 18).

The information system decrypts E (Rs || Ru || SID) using the random number Ru sent from the IC card and the random number Rs stored in the memory to obtain the sub-ID SID, Rs, and Ru (Step 19). .

If the corresponding sub ID is not found in the sub ID list, the information system ends the protocol (Steps 20, 26).

The information system confirms that Rs is the same as the original value (Step 21), and terminates the protocol if not the same (Step 26).

The sub ID and Es = E (SID || Ru) obtained by encrypting the random number transmitted from the IC card are transmitted to the IC card through the reader (Steps 22, 23, 8).

The IC card verifies whether Es sent from the reader matches E (SID || Ru) (Step 9).

If they match, the IC card notifies the reader of successful authentication (Steps 10, 12, and 24).

If they do not match, the IC card notifies the reader of an authentication failure (Steps 11, 12, 24), and ends the authentication protocol (Step 13).

When the authentication is successful, various services are performed between the IC card and the information system.
(Embodiment 2)
A second embodiment of the present invention will be described.

FIG. 6 illustrates an example of a service system using an ID device.

In this embodiment, an RFID tag is assumed as the ID device.

In FIG. 6, 7a to 7b are users, 8a to 8d are articles owned by each user, 9a to 9d are RFID tags attached to the articles, 10a to 10c are service systems, and 11a to 11c are readers ( ID device reader), 12a to 12c are information systems possessed by each service system, and 13a to 13c are database systems possessed by each service system.

FIG. 7 shows the configuration of the RFID tag.

In FIG. 7, 22 is an RFID tag, 23 is a cryptographic calculation unit having a hash device or a random number generation device, 24 is a logical calculation unit that performs calculation, 25 is a wireless communication unit, 26 is a ROM area that stores a user ID, and 27 is A power supply unit 28 that changes the waveform from the antenna into electric power, 28 is an antenna for communicating with the outside by radio.

The information system has a database, and the information system stores sub ID information stored in all RFID tags in the system.

A method of creating a sub ID used in the system is as follows.

Consider a labeled tree of depth K (see FIG. 8).

The tree has N leaves, and each leaf corresponds to each RFID tag i (1 <= i <= N).

Each child with the same parent is given a unique label.

A collection of each label when proceeding from the root toward the leaf is a sub-ID of the leaf, and is assigned to each corresponding RFID tag i.

Further, the k (1 <= k <= s (i))-th label of the RFID tag i is expressed as ID (i) [k].

A label attached to each contact corresponds to a partial sub ID.

FIG. 8 is an arrangement of sub IDs and partial sub IDs in the RFID tag and the information system.

In FIG. 8, 40a to 40c are sub-IDs for one service system in each RFID tag, 33 is sub-ID information in the information system, 34 is ID (i) [1], and 35 is ID (i) [2]. , 36 is ID (i) [3], 37 is ID (i) [4], 38 is ID (i) [5], and 39a to 39g are labels from the root to the leaf. This is the collected sub ID.

However, here, in ID (i) [k], k is a value of 1 to 5, but it may actually be more or less.

However, S (i) is the leaf depth corresponding to the RFID tag i, and 1 <= S (i) <= K.

The information system stores the labeled tree as a tree structure.

FIG. 9 shows a procedure of an ID identification method between the RFID tag and the service system.

When the RFID tag enters the communication range of the reader, the RFID tag generates a random number R (Step 2).

The RFID tag calculates Hu [k] = H (ID_ {i} [k] || R) (1 <= k <= S (i)) for each partial sub ID (Steps 3, 4, and 5). , A set of random values R and hash values (Hu [1], Hu [2],..., Hu [S (i)]) corresponding to the partial sub IDs are transmitted to the information system.

If S (i) <K, instead of (Hu [1], Hu [2],..., Hu [S (i)]), Hu [l] (S (i) +1 <= l <= K) padded random numbers (Hu [1], Hu [2], ..., Hu [S (i)], Hu [S (i) +1], ..., Hu By transmitting [K]) to the information system (Steps 6, 7, and 8), it is possible to prevent the inability to link to a third party from deteriorating due to the difference in the number of Hu.

When the service system receives R and Hu [1], Hu [2],..., Hu [K], the service system processes them in steps 12 to 23.

When the authentication is successful, various services are performed between the IC card and the information system.

If the frequency of variable ID information exchange between any RFID tag and the information system is equally the same, the tree structure is a complete α-branch, that is, the same number of branches from each contact point except leaves By configuring the tree, it is possible to minimize the average amount of hash calculation required on the information system side.

That is, K = N ^ {1 / K}, where α = N ^ {1 / K}.

Service system using ID device IC card configuration Sub-ID placement in users and service systems Procedure of identification method using hash function between IC card and service system Procedure for ID identification method using public key between IC card and service system Service system using RFID tags RFID tag configuration Arrangement of sub ID and partial sub ID in RFID tag and information system Procedure for identification method using hash function between RFID tag and service system

Explanation of symbols

1a to 1c users 2a to 2c ID devices 3a to 3c of each user Service systems 4a to 4c Readers (ID device readers) of each service system
5a-5c Information systems 6a-6c possessed by each service system Database systems 7a-7b possessed by each service system User 8a-8d Articles 9a-9d possessed by each user RFID tags 10a-10c attached to each article Service systems 11a-11c Reader (ID device reader) of each service system
12a-12c Information systems 13a-13c possessed by each service system Database system 14 possessed by each service system IC card
15 Cryptographic calculation unit having hash device and random number generation device 16 Logical calculation unit for performing calculation
17 Wireless communication unit 19 Non-volatile memory for storing data 18 ROM area for storing user ID
20 A power supply unit 21 that converts a waveform from an antenna into electric power 21 An antenna 22 for wirelessly communicating with the outside RFID tag 23 A cryptographic calculation unit 24 having a hash device and a random number generation device 24 A logical calculation unit 25 that performs a calculation, 25 is a wireless communication Unit 26 ROM area 27 for storing user ID Power supply unit 28 for changing a waveform from an antenna into electric power An antenna for communicating with the outside by radio.
29a to 29c User IDs respectively held in the IC card
30a-30c, the sub ID for the service system 1 of each user ID,
31a-31b service system,
32a to 32c Sub ID for the service system 1 of each user ID,
32d to 32f Sub ID for service system 1 of each user ID
33 Sub ID information 34 in the information system ID (i) [1],
35 ID (i) [2]
36 ID (i) [3],
37 ID (i) [4],
38 ID (i) [5],
39a-39g Sub-ID which collected each label when going from the root toward the leaf
40a-40c Sub ID for one service system in each RFID tag

Claims (10)

Service system for identifying an ID device possessed by each user, a user ID uniquely given to the ID device, a sub ID given by extracting a part of the user ID, and a user using the sub ID And a plurality of other service systems for identifying the user using a sub ID list for the plurality of users possessed by the service system and another sub ID obtained by extracting a part of the user ID other than the sub ID. In the identification method, the ID device and the service system include the user ID, and a sub-ID list for the plurality of users possessed by each of the other service systems, and a service ID that is uniquely given to the service system. And the service without exchanging the sub ID as it is. System to identify the sub-ID, said other service system does not identify said sub-ID, the identification method characterized by. The ID device includes a provided user hash device and a user random number generator, and the service system includes a service hash device having the same input and output as the user hash device, and a service random number generator. The service system generates a service random number using the service random number generator, and then the service system transmits the service ID and the service random number to the ID device, and then the ID device The sub ID corresponding to the previous service system is searched from the service ID, and then the ID device generates a user random number using the user random number generator, and then the ID device uses the user hash device. The user random number, the service random number, and the sub ID are The user hash value converted by the user is passed to the service system together with the user random number, and then the service system uses the service hash device, the service random number, the user random number, and the sub ID list possessed by the user hash. The identification method according to claim 1, wherein the sub-ID corresponding to the value is searched. The ID device includes a user random number generation device, a public key encryption device, a public key, and the service system includes a service random number generation device, a secret key, and a public key decryption device. Generates a service random number using the service random number generation device, and then the service system transmits the service ID and the service random number to the ID device. The sub-ID corresponding to the service system is searched, and then the ID device generates a user random number using the user random number generator, and then the ID device uses the public key and the public key encryption device The encrypted value obtained by encrypting the user random number, the service random number, and the sub ID is passed to the service system. Thereafter, the identification method of claim 1, wherein said service system to decrypt the sub-ID of the encryption value using the public key decryption unit and said secret key. The ID device comprises a group ID uniquely given to a group of a plurality of users and a group ID list for the plurality of users, the service system sends the service ID to the ID device; The ID device searches the sub ID corresponding to the previous service system from the service ID, and then the ID device generates a user random number using the user random number generator, and then the ID device is the user. A user hash value obtained by hash-converting the user random number and the user ID using a hash device is passed to the service system together with the user random number and the previous group ID, and then the service system receives the group ID and the group ID list. Originally the ID device Then, the service system uses the service hash device, the previous user random number, and the user ID list held by itself to determine the user ID corresponding to the user hash value among the users belonging to the group. The identification method according to claim 1, wherein search is performed from the above. The first term ID device and the first term service system comprise a plurality of partial sub IDs obtained by extracting a plurality of partial sequences from the sub ID so as not to skip the sub ID, and the service system determines the service ID Transmitted to the ID device, and then the ID device searches the sub-ID corresponding to the previous service system from the service ID, and then the ID device generates a user random number using the user random number generator. After that, the ID device executes a partial sub ID disclosure process in which the user hash value obtained by hash-converting the user random number and one partial sub ID using the user hash device is passed to the service system together with the user random number. After that, the service system performs the service hash. A sub-ID narrowing process of narrowing down a plurality of user IDs corresponding to the user hash value using the device, the previous user random number and the user ID list held by itself is executed, and thereafter, until the sub ID is narrowed down to one The identification method according to claim 1, wherein the partial sub ID disclosure process and the sub ID narrowing process are repeated. The sub-ID is extracted so that the user ID and the sub-ID for all the users match, and the service ID of all the services is a fixed value including a null value. 6. The identification method according to any one of 5. The identification method according to claim 1, wherein the service system and the ID device authenticate each other. The identification method according to claim 1, wherein the system random number is null. The service system passes a service hash value obtained by hash-converting the user random number and the sub ID using the user hash device to the ID device, and then the ID device has the user hash device, the service random number, and itself. The first sub-ID device confirms whether the service hash value corresponds to a previous period user ID, and if it corresponds, the first period ID device authenticates the service system as a correct service system. 8. The identification method listed in any of 8 The ID device includes a user secret key, a user public key decryption device, and the service system includes a public key and a public key encryption device corresponding to the user public key decryption device, the service system Passes the service encryption value obtained by encrypting the service random number and the sub ID using the public key and the public key encryption device to the ID device, and then the ID device transmits the user private key and the user public key. The identification according to claim 1, wherein a decryption device decrypts the service encryption value, and if it matches the sub-ID, the previous period ID device authenticates the service system as a correct service system. Method.

Images