JP2012142003A - Authentication system - Google Patents
Authentication system Download PDFInfo
- Publication number
- JP2012142003A JP2012142003A JP2012036563A JP2012036563A JP2012142003A JP 2012142003 A JP2012142003 A JP 2012142003A JP 2012036563 A JP2012036563 A JP 2012036563A JP 2012036563 A JP2012036563 A JP 2012036563A JP 2012142003 A JP2012142003 A JP 2012142003A
- Authority
- JP
- Japan
- Prior art keywords
- user
- authentication
- readers
- authenticated
- rfid tag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
Description
本発明は、被認証手段内に格納された固有の識別情報に基づき被認証手段を所持するユーザや物体を認証する認証システムに関する。 The present invention relates to an authentication system for authenticating a user or an object possessing an authenticated means based on unique identification information stored in the authenticated means.
従来より、RFID(Radio Frequency IDentification)タグ内に格納されたユーザIDを取得し、取得したユーザIDに基づきRFIDタグを所持するユーザを認証するリーダを備える認証システムが知られている(特許文献1,2参照)。このような認証システムによれば、ユーザはパスワード入力等の作業を自ら行うことなく認証を受けることができる。 Conventionally, an authentication system including a reader that acquires a user ID stored in an RFID (Radio Frequency IDentification) tag and authenticates a user possessing the RFID tag based on the acquired user ID is known (Patent Document 1). , 2). According to such an authentication system, the user can be authenticated without performing a password input or the like.
ところで、上記リーダが独立した場所に複数存在する場合において、ユーザIDを含む認証用パケットをRFIDタグからリーダに1回送信するのみでユーザ認証を行うようにした場合には、換言すれば、認証処理を1シーケンスで行うようにした場合には、たとえ認証用パケットの内容を暗号化したとしても、認証用パケットを盗聴し、同じ認証用パケットをジェネレーションすることにより、悪意ある第三者が正規のユーザに成りすまして認証を受けることができてしまう。なお、ジェネレーションを防ぐために認証用パケット内にシーケンシャルな数値を含める方法も考えられるが、この方法を用いた場合には、複数のリーダとRFIDタグとの間で数値の同期を完全にはとることができないために、やはり成りすましをされる危険性がある。 By the way, when there are a plurality of readers at independent locations, if user authentication is performed by only transmitting an authentication packet including a user ID from the RFID tag to the reader once, in other words, authentication is performed. When the processing is performed in one sequence, even if the contents of the authentication packet are encrypted, the malicious packet is generated by eavesdropping on the authentication packet and generating the same authentication packet. I can be authenticated by impersonating the user. In order to prevent generation, a method of including a sequential numerical value in the authentication packet is also conceivable. However, when this method is used, the numerical values must be completely synchronized between a plurality of readers and the RFID tag. There is a risk of being impersonated because they cannot.
本発明は、上記課題を解決するためになされたものであり、その目的は、認証処理を1シーケンスで行う場合であっても、セキュリティ性を損なうことなく認証処理を行うことが可能な認証システムを提供することにある。 The present invention has been made to solve the above-described problem, and an object of the present invention is to perform an authentication process without degrading security even when the authentication process is performed in one sequence. Is to provide.
上記課題を解決するために、第1の態様に係る認証システムは、固有の識別情報が格納された被認証手段と、被認証手段から送信された識別情報に基づき被認証手段を所持するユーザを認証する認証手段とを備える認証システムであって、前記認証手段は現在時刻情報を格納した所定の周波数の信号を所定時間毎に送出する信号送出手段を備え、前記被認証手段は信号送出手段から送出された信号内に格納されている現在時刻情報と前記識別情報とを暗号化して認証手段に前記所定の周波数とは異なる周波数の信号を送信し、認証手段は被認証手段から送信された現在時刻情報と識別情報とに基づき被認証手段を所持するユーザを認証することを特徴とする。 In order to solve the above problem, an authentication system according to a first aspect includes an authenticated unit storing unique identification information, and a user possessing the authenticated unit based on the identification information transmitted from the authenticated unit. An authentication system comprising authentication means for authenticating, wherein the authentication means comprises signal sending means for sending a signal of a predetermined frequency storing current time information every predetermined time, and the authenticated means is connected to the signal sending means. The current time information stored in the transmitted signal and the identification information are encrypted, and a signal having a frequency different from the predetermined frequency is transmitted to the authentication unit. A user possessing an authenticated means is authenticated based on time information and identification information.
本発明によれば、認証手段と被認証手段との間で同期が取られている現在時刻情報とに基づき被認証手段を所持するユーザを認証するので、認証処理を1シーケンスで行う場合であっても、セキュリティ性を損なうことなく認証処理を行うことができる。 According to the present invention, since the user possessing the authenticated means is authenticated based on the current time information synchronized between the authenticating means and the authenticated means, the authentication process is performed in one sequence. However, the authentication process can be performed without losing security.
本発明に係る認証システムは、例えば図1に示すような、入室エリアと退室エリアに設けられたリーダ1a,1bが入室エリア及び退室エリアに進入したユーザが所持するRFIDタグ内に記憶されたユーザIDを読み取り、読み取られたユーザIDに従って入退判断部2が入室エリアと退室エリアの間に設けられたドア3の開閉状態を制御する入退室管理システムに適用することができる。以下、図面を参照して、本発明の実施形態となる入退室管理システムの構成及び動作について説明する。 The authentication system according to the present invention is a user stored in an RFID tag possessed by a user who has entered the entrance area and the exit area as shown in FIG. 1, for example, readers 1a and 1b provided in the entrance area and the exit area. The present invention can be applied to an entrance / exit management system in which the ID is read and the entrance / exit determination unit 2 controls the open / closed state of the door 3 provided between the entrance area and the exit area according to the read user ID. Hereinafter, the configuration and operation of an entrance / exit management system according to an embodiment of the present invention will be described with reference to the drawings.
〔入退室管理システムの構成〕
始めに、図2を参照して、本発明の実施形態となる入退室管理システムの構成について説明する。
[Configuration of entrance / exit management system]
First, with reference to FIG. 2, the structure of the entrance / exit management system which is embodiment of this invention is demonstrated.
本発明の実施形態となる入退室管理システムは、図2に示すように、入室エリアと退室エリアに設けられたリーダ1a,1bと、入室エリアと退室エリアの間に設けられたドア3の開閉状態を制御する入退判断部2とを主な構成要素として備える。リーダ1a,1bは、入退判断部2との間の情報通信処理を制御するインタフェース部11と、ユーザが所持するRFIDタグ4との間で情報通信を行う第2通信手段送受信部12と、所定時間毎に現在時刻情報を含む時刻信号をエリア内に送出する第1通信手段送信部13とを備える。また図示しないが、リーダ1a,1bは固有のリーダIDを記憶している。 As shown in FIG. 2, an entrance / exit management system according to an embodiment of the present invention includes readers 1a and 1b provided in an entrance area and an exit area, and opening / closing of a door 3 provided between the entrance area and the exit area. An entry / exit determination unit 2 that controls the state is provided as a main component. The readers 1a and 1b include an interface unit 11 that controls information communication processing with the entrance / exit determination unit 2, a second communication means transmission / reception unit 12 that performs information communication with the RFID tag 4 possessed by the user, And a first communication means transmitting unit 13 for transmitting a time signal including current time information to the area every predetermined time. Although not shown, the readers 1a and 1b store unique reader IDs.
入退判断部2は、リーダ1a,1bとの間の情報通信処理を制御するインタフェース部21と、ユーザが所持するRFIDタグ4内に記憶されているユーザID毎にドア3の開閉権限を記憶するユーザIDデータベース22と、ユーザIDデータベース22内に記憶されているユーザIDとリーダ1a,1bから送信されたユーザIDとを比較することによりエリア内に進入したユーザを認証すると共に、ユーザIDに割り当てられているドア3の開閉権限に従ってドア3の開閉状態を制御するドア開閉制御部23とを備える。 The entry / exit determination unit 2 stores the interface unit 21 that controls information communication processing between the readers 1a and 1b, and the opening / closing authority of the door 3 for each user ID stored in the RFID tag 4 possessed by the user. The user ID database 22 to be authenticated, the user ID stored in the user ID database 22 and the user ID transmitted from the readers 1a and 1b are compared to authenticate the user who has entered the area, and to the user ID A door opening / closing control unit 23 that controls the opening / closing state of the door 3 in accordance with the assigned opening / closing authority of the door 3.
なお、本実施形態では、ユーザが所持するRFIDタグ4内には、リーダ1a,1bから送信された時刻信号を受信する第1通信手段受信部31と、リーダ1a,1bとの間で情報通信を行う第2通信手段送受信部32と、ユーザ毎に割り当てられた固有のユーザID33が備えられている。また、第2通信手段送受信部12,32は、リーダ1a,1bとRFIDタグ4間で暗号化通信を行うことを可能にするために、共通の暗号鍵(以下、共通鍵と略記)を記憶している。 In the present embodiment, in the RFID tag 4 possessed by the user, information communication is performed between the first communication means receiving unit 31 that receives the time signal transmitted from the readers 1a and 1b and the readers 1a and 1b. The second communication means transmitting / receiving unit 32 for performing the above and a unique user ID 33 assigned to each user are provided. The second communication means transmitting / receiving units 12 and 32 store a common encryption key (hereinafter abbreviated as a common key) in order to enable encrypted communication between the readers 1a and 1b and the RFID tag 4. is doing.
また、本実施形態では、第1通信手段送受信部13が時刻信号の送信の際に使用する周波数帯は第2通信手段送受信部12,32が情報通信の際に使用する周波数帯とは異なる周波数帯に設定されている。このような構成によれば、時刻信号と第2通信手段送受信部12,32が送信する情報との間でコリジョンが発生することを防止できる。 In the present embodiment, the frequency band used when the first communication means transmitting / receiving unit 13 transmits the time signal is different from the frequency band used by the second communication means transmitting / receiving units 12 and 32 during information communication. It is set to a belt. According to such a structure, it can prevent that a collision generate | occur | produces between the time signal and the information which the 2nd communication means transmission / reception parts 12 and 32 transmit.
〔認証処理〕
上記のような構成を有する入退室管理システムは、以下に示す認証処理を実行することにより、セキュリティ性を損なうことなく1シーケンスでエリア内に進入したユーザを認証することを可能にする。以下、図3に示す認証シーケンス図を参照して、認証処理を実行する際の認証システムの動作について詳しく説明する。
[Authentication processing]
The entrance / exit management system having the above-described configuration makes it possible to authenticate a user who has entered the area in one sequence without impairing security by executing the following authentication process. Hereinafter, the operation of the authentication system when executing the authentication process will be described in detail with reference to the authentication sequence diagram shown in FIG.
図3に示す認証シーケンスは、入退室管理システムの電源がオン状態になるのに応じて開始となり、ステップS1の処理が開始される。 The authentication sequence shown in FIG. 3 is started in response to the power supply of the entrance / exit management system being turned on, and the process of step S1 is started.
ステップS1の処理では、リーダ1a,1bが、リーダIDと現在時刻情報(時刻t)を含むパケット(wake-up PA)を所定時間毎に生成し、生成したパケットをエリア内に送出する。そして、RFIDタグ4を所持するユーザがエリア内に進入した場合、RFIDタグ4内の第1通信手段受信部31はリーダ1a,1bが送出したパケットを受信する。 In the process of step S1, the readers 1a and 1b generate a packet (wake-up PA) including the reader ID and current time information (time t) every predetermined time, and send the generated packet into the area. When the user who owns the RFID tag 4 enters the area, the first communication means receiving unit 31 in the RFID tag 4 receives the packets transmitted by the readers 1a and 1b.
ステップS2の処理では、RFIDタグ4内の第2通信手段送受信部32が、第1通信手段受信部31がリーダ1a,1bから受信したパケットの中から現在時刻情報を抽出し、抽出された現在時刻情報とユーザID33とを共通鍵により暗号化する。そして、第2通信手段送受信部32は、暗号化された情報を含むパケットを認証用パケットとして所定時間毎にリーダ1a,1bに送信する。 In the process of step S2, the second communication means transmitting / receiving unit 32 in the RFID tag 4 extracts the current time information from the packets received by the first communication means receiving unit 31 from the readers 1a and 1b, and the extracted current The time information and the user ID 33 are encrypted with a common key. And the 2nd communication means transmission / reception part 32 transmits the packet containing the encrypted information to the reader | leaders 1a and 1b for every predetermined time as a packet for authentication.
次に、リーダ1a,1bの第2通信手段送受信部12が、RFIDタグ4内の第2通信手段送受信部32が送信した認証用パケットを受信し、共通鍵によって認証用パケット内に格納されている暗号化情報を復号することにより現在時刻情報とユーザID33を取得する。そして、第2通信手段送受信部12は、取得した現在時刻情報と認証用パケットの受信時刻の時間差が所定時間(例えば数秒)内であるか否かを判別する。 Next, the second communication means transmission / reception unit 12 of the readers 1a and 1b receives the authentication packet transmitted by the second communication means transmission / reception unit 32 in the RFID tag 4, and is stored in the authentication packet by the common key. The current time information and the user ID 33 are acquired by decrypting the encrypted information. Then, the second communication means transmitting / receiving unit 12 determines whether or not the time difference between the acquired current time information and the reception time of the authentication packet is within a predetermined time (for example, several seconds).
時間差が所定時間内である場合、第2通信手段送受信部12は、受信した認証用パケットは正規の認証用パケットであると判断し、ユーザID33を入退判断部2に送信する。そして、ドア開閉制御部23は、送信されたユーザIDとユーザIDデータベース22内に記憶されているユーザIDとを照合し、照合結果に基づきドア3の開閉状態を制御する。 When the time difference is within the predetermined time, the second communication means transmission / reception unit 12 determines that the received authentication packet is a normal authentication packet, and transmits the user ID 33 to the entrance / exit determination unit 2. The door opening / closing control unit 23 collates the transmitted user ID with the user ID stored in the user ID database 22, and controls the opening / closing state of the door 3 based on the collation result.
また、第2通信手段送受信部12はRFIDタグ4内の第2通信手段送受信部32にACK信号を送信し、第2通信手段送受信部32はACK信号の受信に伴い認証用パケットの送信を停止する。一方、時間差が所定時間内である場合には、第2通信手段送受信部12は、受信した認証用パケットは正規の認証用パケットではないと判断し、認証処理を中止する。 Further, the second communication means transmission / reception unit 12 transmits an ACK signal to the second communication means transmission / reception unit 32 in the RFID tag 4, and the second communication means transmission / reception unit 32 stops transmitting the authentication packet when receiving the ACK signal. To do. On the other hand, when the time difference is within the predetermined time, the second communication means transmission / reception unit 12 determines that the received authentication packet is not a regular authentication packet, and stops the authentication process.
以上の説明から明らかなように、本発明の実施形態となる入退室管理システムによれば、リーダ1a,1bが現在時刻情報を格納した信号を所定時間毎に送出し、RFIDタグ4はリーダ1a,1bから送出された信号内に格納されている現在時刻情報とユーザID33とを暗号化してリーダ1a,1bに送信し、リーダ1a,1bはRFIDタグ4から送信された現在時刻情報とユーザID33とに基づきRFIDタグ4を所持するユーザを認証する。このような認証方法によれば、リーダ1a,1bとRFIDタグ4との間で同期が取られている現在時刻情報とに基づきRFIDタグ4を所持するユーザを認証することができるので、認証処理を1シーケンスで行う場合であってもセキュリティ性を損なうことなく認証処理を行うことができる。 As is apparent from the above description, according to the entrance / exit management system according to the embodiment of the present invention, the readers 1a and 1b send a signal storing the current time information every predetermined time, and the RFID tag 4 receives the reader 1a. , 1b encrypts the current time information stored in the signal and the user ID 33 and transmits them to the readers 1a, 1b. The readers 1a, 1b transmit the current time information transmitted from the RFID tag 4 and the user ID 33. Based on the above, the user who possesses the RFID tag 4 is authenticated. According to such an authentication method, the user who possesses the RFID tag 4 can be authenticated based on the current time information that is synchronized between the readers 1a and 1b and the RFID tag 4. Can be performed without damaging the security even when the process is performed in one sequence.
以上、本発明者らによってなされた発明を適用した実施の形態について説明したが、この実施の形態による本発明の開示の一部をなす論述及び図面により本発明は限定されることはない。すなわち、上記実施の形態に基づいて当業者等によりなされる他の実施の形態、実施例及び運用技術等は全て本発明の範疇に含まれることは勿論であることを付け加えておく。 As mentioned above, although the embodiment to which the invention made by the present inventors was applied has been described, the present invention is not limited by the description and the drawings that form part of the disclosure of the present invention according to this embodiment. That is, it should be added that other embodiments, examples, operation techniques, and the like made by those skilled in the art based on the above embodiments are all included in the scope of the present invention.
1a,1b:リーダ
2:入退判断部
3:ドア
4:RFIDタグ
11,21:インタフェース部
12,32:第2通信手段送受信部
13:第1通信手段送信部
22:ユーザIDデータベース
23:ドア開閉制御部
31:第1通信手段受信部
33:ユーザID
DESCRIPTION OF SYMBOLS 1a, 1b: Reader 2: Entrance / exit judgment part 3: Door 4: RFID tag 11, 21: Interface part 12, 32: 2nd communication means transmission / reception part 13: 1st communication means transmission part 22: User ID database 23: Door Opening / closing controller 31: first communication means receiver 33: user ID
Claims (1)
前記認証手段は現在時刻情報を格納した所定の周波数の信号を所定時間毎に送出する信号送出手段を備え、前記被認証手段は信号送出手段から送出された信号内に格納されている現在時刻情報と前記識別情報とを暗号化して認証手段に前記所定の周波数とは異なる周波数の信号を送信し、認証手段は被認証手段から送信された現在時刻情報と識別情報とに基づき被認証手段を所持するユーザを認証することを特徴とする認証システム。 An authentication system comprising: an authenticated means in which unique identification information is stored; and an authenticating means for authenticating a user possessing the authenticated means based on the identification information transmitted from the authenticated means,
The authentication means includes signal sending means for sending a signal of a predetermined frequency storing current time information every predetermined time, and the authenticated means is current time information stored in a signal sent from the signal sending means. And the identification information are encrypted and a signal having a frequency different from the predetermined frequency is transmitted to the authentication means, and the authentication means possesses the authenticated means based on the current time information and the identification information transmitted from the authenticated means. An authentication system characterized by authenticating a user to perform.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2012036563A JP2012142003A (en) | 2012-02-22 | 2012-02-22 | Authentication system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2012036563A JP2012142003A (en) | 2012-02-22 | 2012-02-22 | Authentication system |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP2006084180A Division JP2007257548A (en) | 2006-03-24 | 2006-03-24 | Authentication system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| JP2012142003A true JP2012142003A (en) | 2012-07-26 |
Family
ID=46678149
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP2012036563A Pending JP2012142003A (en) | 2012-02-22 | 2012-02-22 | Authentication system |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JP2012142003A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104112306A (en) * | 2014-05-21 | 2014-10-22 | 福建三鑫隆新材料技术开发股份有限公司 | Remote-authorization unlocking method of passive labeled electronic lock |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH04263385A (en) * | 1991-02-18 | 1992-09-18 | Nippon Telegr & Teleph Corp <Ntt> | Radio type card system |
| JP2005148982A (en) * | 2003-11-13 | 2005-06-09 | Nippon Telegr & Teleph Corp <Ntt> | Method for authenticating user, user information acquisition device, authentication server device, program for user information acquisition device, and program for authentication server device |
| JP2005520269A (en) * | 2002-07-09 | 2005-07-07 | アメリカン・エキスプレス・トラベル・リレイテッド・サービシズ・カンパニー・インコーポレーテッド | Systems and methods for motivating payments using radio frequency identification in contact and contactless transactions |
-
2012
- 2012-02-22 JP JP2012036563A patent/JP2012142003A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPH04263385A (en) * | 1991-02-18 | 1992-09-18 | Nippon Telegr & Teleph Corp <Ntt> | Radio type card system |
| JP2005520269A (en) * | 2002-07-09 | 2005-07-07 | アメリカン・エキスプレス・トラベル・リレイテッド・サービシズ・カンパニー・インコーポレーテッド | Systems and methods for motivating payments using radio frequency identification in contact and contactless transactions |
| JP2005148982A (en) * | 2003-11-13 | 2005-06-09 | Nippon Telegr & Teleph Corp <Ntt> | Method for authenticating user, user information acquisition device, authentication server device, program for user information acquisition device, and program for authentication server device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104112306A (en) * | 2014-05-21 | 2014-10-22 | 福建三鑫隆新材料技术开发股份有限公司 | Remote-authorization unlocking method of passive labeled electronic lock |
| CN104112306B (en) * | 2014-05-21 | 2016-04-27 | 福建三鑫隆信息技术开发股份有限公司 | A kind of can the unlock method of passive marker electronic lock of remote authorization |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP2424185B1 (en) | Method and device for challenge-response authentication | |
| US9867042B2 (en) | Radio frequency identification technology incorporating cryptographics | |
| CN108055235A (en) | A kind of control method of smart lock, relevant device and system | |
| CN110462692A (en) | A kind of safety communicating method and its intelligent door lock system based on intelligent door lock system | |
| US20080258864A1 (en) | Communication Apparatus and Communication Method | |
| US11521450B2 (en) | Physical access control system and method | |
| KR20070003205A (en) | Method of mutual authentication and secure data communication in rfid-system | |
| KR101284155B1 (en) | authentication process using of one time password | |
| CN109035515A (en) | The control method and door-locking system of smart lock | |
| CN113205628B (en) | Intelligent door lock control method and system based on biological feature recognition | |
| KR20120072032A (en) | The system and method for performing mutual authentication of mobile terminal | |
| CN103152326A (en) | Distributed authentication method and authentication system | |
| CN105071939B (en) | A kind of user information authentication method and system | |
| CN109451504A (en) | Internet of Things mould group method for authenticating and system | |
| JP7141723B2 (en) | Apparatus, system and method for controlling actuators via wireless communication system | |
| JP5942910B2 (en) | Key authentication system, key authentication method and program | |
| CN106559378A (en) | Automobile door lock tripper, system and method and intelligent terminal | |
| JP2012142003A (en) | Authentication system | |
| US8953804B2 (en) | Method for establishing a secure communication channel | |
| CN104636681B (en) | Safe transmission method and device for banknote storage data | |
| CN114170709A (en) | Money box management method and system based on Internet of things | |
| JP2007257548A (en) | Authentication system | |
| Nasir et al. | Prevention of disclosure attack on a mutual authentication protocol using RFID tag in IoT | |
| Munilla et al. | Enhanced ownership transfer protocol for RFID in an extended communication model | |
| CN107911223B (en) | Cross signature method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| A02 | Decision of refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A02 Effective date: 20131008 |