JP4934450B2 - Electronic tag system, reader / writer, and electronic tag - Google Patents

Description

  The present invention relates to a technique for authenticating a password transmitted from a reader / writer with an electronic tag.

  In recent years, the introduction of an electronic tag system that attaches an electronic tag having a memory storing information related to products and distribution to products, reads information from the electronic tags with a reader / writer, and performs product management and confirmation of the location of the products is progressing. .

  In such an electronic tag system, there is a concern about the occurrence of user privacy problems. For example, if an electronic tag is attached to a product even after the product has been delivered to the consumer, by acquiring information from within the memory of the electronic tag, the consumer who owns the product is not aware There is a possibility that the price of goods owned by the consumer, information on the store of purchase, etc. may be leaked.

  In addition, in the electronic tag system, there is a concern about the problem of illegally duplicating or falsifying the electronic tag. For example, by acquiring information from an electronic tag for attaching to an expensive product, copying the electronic tag, attaching the copied electronic tag to an inexpensive product for sale, or information on an electronic tag for an inexpensive product, There is a possibility that the information for expensive products is altered and sold.

  To solve these problems, the technique described in Patent Document 1 generates a different password for each electronic tag from unique data such as a unique ID and serial number possessed by each electronic tag (IC card) and writes it in the electronic tag. Leave in. Then, when accessing each electronic tag from the reader / writer, the reader / writer generates a card-specific password from the unique data of the electronic tag, transmits the generated password to the electronic tag, and is stored inside the electronic tag. By checking against existing passwords, illegal data leakage and tampering are prevented.

JP 2002-269529 A

  In the technique described in Patent Document 1, unless the reader / writer can generate a unique password for each electronic tag, the information on the electronic tag cannot be accessed and the security is excellent. It was inconvenient to assign and manage unique data.

  Therefore, an object of the present invention is to provide an electronic tag system with high security without giving and managing unique data for each electronic tag.

  In order to solve the above problems, the present invention generates a password from information stored in a specific area of an electronic tag.

  For example, the present invention includes an electronic tag including a storage unit that stores information divided into a plurality of partial areas, and a reader / writer that communicates with the electronic tag and transmits / receives information, and the reader / writer transmits the electronic tag. An electronic tag system that transmits a password to a tag and authenticates the password with the electronic tag, wherein the reader / writer transmits an acquisition request for information stored in a specific partial area to the electronic tag. Processing, processing for generating a keyword from information stored in the specific partial area transmitted from the electronic tag in response to the acquisition request, and inputting the keyword into a predetermined function And a process for generating a password.

  As described above, according to the present invention, it is not necessary to assign and manage unique data for each electronic tag, but an electronic tag system with high security can be provided.

  FIG. 1 is a schematic diagram of an electronic tag system 100 according to a first embodiment of the present invention.

  As illustrated, the electronic tag system 100 includes a server 110, a reader / writer 120, and an electronic tag 130, and the server 110 and the reader / writer 120 can transmit and receive information via the network 150. The reader / writer 120 and the electronic tag 130 can transmit and receive information via electromagnetic waves.

  The server 110 includes a storage unit 111, a control unit 112, an input unit 113, and an IF unit 114.

  The storage unit 111 includes a tag data storage area 115 and a management information storage area 116.

  The tag data storage area 115 stores information for specifying a partial area provided in a tag memory area 136 of the electronic tag 130 (to be described later) and a data capacity that can be stored for each partial area.

  For example, the tag data storage area 115 stores a tag data table 115a as shown in FIG. 2 (schematic diagram of the tag data table 115a).

  The tag data table 115a includes a partial area column 115b and a bit number column 115c.

  The partial area column 115b stores information for specifying a partial area provided in a tag memory area 136 of the electronic tag 130 to be described later. In this embodiment, the partial area can uniquely identify the partial area. Is stored.

  The bit number column 115c stores information for specifying the capacity of the partial area specified in the partial area column 115b. In the present embodiment, the bit number of the partial area is stored.

  Here, the tag table 115 a specifies a partial area that can be used when generating a password in the tag memory area 136 of the electronic tag 131. The partial area that can be used to generate a keyword is not an area that can be arbitrarily rewritten by a general user, but stores universal data for explaining the properties of the tag itself and the object to be pasted. Thus, an area set in the write disabled state (Write Lock state) may be selected.

  In this respect, in the present embodiment, in order to generate keywords for the UII (Unique Item Identifier) memory area, the TID (Tag IDentifier) memory area, and the User memory area in the tag memory area 136 of the electronic tag 131. It can be used as a partial area.

  Note that the User memory area can be set to a write disabled state (Write Lock state) independently for each block, and therefore a block that can be used to generate a keyword for a block that is in a write disabled state. As an area.

  Returning to FIG. 1, the management information storage area 116 is a part for specifying a partial area used when generating a keyword to be described later, among the partial areas provided in the tag memory area 136 of the electronic tag 130 to be described later. Area information and address information for specifying an address in a partial area of a bit used as a start bit when generating a keyword to be described later are stored.

  Here, in the present embodiment, the partial area information is generated by the management information processing unit 118 described later and stored in the management information storage area 116, and the initial value of the address information is also generated by the management information processing unit 118. And stored in the management information storage area 116. The address information is updated by the management information processing unit 118 every time it is transmitted to the reader / writer 120 in response to a request from the reader / writer 120 described later.

  The control unit 112 includes an overall control unit 117 and a management information processing unit 118.

  The overall control unit 117 controls processing of the entire server 110. In particular, in the present embodiment, when the management information acquisition request is received from the reader / writer 120 described later via the IF unit 114 described later, the partial region information and the address information stored in the management information storage region 116 are received. Are transmitted as management information.

  The management information processing unit 118 determines, based on the necessary number of passwords input from the operator of the server 110 via the input unit 113 described later, a partial area provided in a tag memory area 136 of the electronic tag 130 described later. A partial area used when generating a keyword to be described later is specified, and identification information that can identify the specified partial area is stored in the management information storage area 116 as partial area information.

  Here, for specifying the partial area, the tag data storage area 115 stored in the storage unit 111 is referred to, and an area having a bit number greater than the required number of passwords is selected. When there are a plurality of such areas, for example, the one with the smallest number of bits is selected.

  In addition, the management information processing unit 118 stores, in the management information storage area 116, information specifying an address that is an initial value of a start bit when creating a keyword among the partial areas selected as described above. Remember. For the initial value of the start bit, any bit of the selected partial area can be specified. For example, the address of the first bit of the partial area is selected as the initial value.

  The management information processing unit 118 updates the address information every time the overall control unit 117 transmits management information to the reader / writer 120. For example, every time the general control unit 117 transmits management information to the reader / writer 120, the address information is updated to information specifying the address of the next bit in the partial area every time the management information is transmitted to the reader / writer 120. .

  The input unit 113 receives information input from the operator of the server 110.

  The IF unit 114 is an interface for transmitting and receiving information via the network 150.

  Regarding the server 110 described above, for example, as shown in FIG. 5 (schematic diagram of the computer 160), a CPU 161, a memory 162, an external storage device 163 such as an HDD, a CD-ROM, a DVD-ROM, etc. A reader 165 that reads information from a portable storage medium 164, an input device 166 such as a keyboard and a mouse, an output device 167 such as a display, and a communication such as a NIC (Network Interface Card) for connecting to a communication network This can be realized by a general computer 160 including the device 168 and an external I / O 169 for connecting an external device.

  For example, the storage unit 111 can be realized by the external storage device 163, and the control unit 112 can be realized by loading a predetermined program stored in the external storage device 163 into the memory 162 and executing it by the CPU 161. The input unit 113 can be realized by the input device 166, and the IF unit 114 can be realized by the communication device 168.

  The predetermined program is downloaded from the storage medium 164 via the reading device 165 or from the network via the communication device 168 to the external storage device 163, and then loaded onto the memory 162 and executed by the CPU 161. You may do it. Alternatively, the program may be directly loaded on the memory 162 from the storage medium 164 via the reading device 165 or from the network via the communication device 168 and executed by the CPU 161.

  Returning to FIG. 1, the reader / writer 120 includes a storage unit 121, a control unit 122, an input unit 123, an IF unit 124, and a transmission / reception unit 125.

  The storage unit 121 includes a key information storage area 126.

  The key information storage area 126 stores information for specifying a key used when a password generation unit 128 (to be described later) generates a password.

  The control unit 122 includes an overall control unit 127, a keyword generation unit 128, and a password generation unit 129.

  The overall control unit 127 controls the overall processing of the reader / writer 120.

  For example, the overall control unit 127 performs processing for writing data to the electronic tag 130, processing for reading data from the electronic tag 130, and processing for invalidating the electronic tag 130 via the transmission / reception unit 125.

  Specifically, the overall control unit 127 generates a command (write command) for writing data to the electronic tag 130, and transmits the generated write command to the electronic tag 130 via the transmission / reception unit 125. Further, the overall control unit 127 generates a command (read command) for reading data from the electronic tag 130, and transmits the generated read command to the electronic tag 130 via the transmission / reception unit 125. Furthermore, the overall control unit 127 generates a command (invalidation command) for invalidating the electronic tag 130, and transmits the generated invalidation command to the electronic tag 130 via the transmission / reception unit 125.

  In addition, when the general control unit 127 receives an instruction for initial setting of the electronic tag 130 from the operator of the reader / writer 120 via the input unit 123 described later, the general control unit 127 passes the IF unit 123 described later. The management information acquisition request is transmitted to the server 110, the management information transmitted as a response is received, and the received management information is output to the keyword generation unit 128.

  Furthermore, the overall control unit 127 extracts partial area information included in the received management information, transmits a partial area acquisition request to the electronic tag 130 via the transmission / reception unit 125, and transmits / receives the response as a response. The partial region is received from the electronic tag 130 via the unit 125 and output to the keyword generation unit 128.

  Then, the overall control unit 127 uses the management information received from the server 110 as rule information, and electronically passes through the transmission / reception unit 125 together with the password generated via the keyword generation unit 128 and the password generation unit 129 as described later. It transmits to the tag 130.

  In addition, when there is a command command input to the electronic tag 130 from an operator of the reader / writer 120 or another device via the input unit 123 described later, the overall control unit 127 sets a transmission / reception unit 125 described later. Then, a rule information acquisition request is transmitted to the electronic tag 130, the rule information transmitted as a response is received, and the received rule information is output to the keyword generation unit 128.

  Further, the overall control unit 127 extracts partial area information included in the received rule information, transmits a partial area acquisition request to the electronic tag 130 via the transmission / reception unit 125, and transmits / receives the response as a response. The partial area is received from the electronic tag 130 via the unit 125 and output to the keyword generation unit 128.

  Then, the overall control unit 127 transmits the password and command generated via the keyword generation unit 128 and the password generation unit 129 to the electronic tag 130 via the transmission / reception unit 125 as described later.

  The keyword generation unit 128 generates keywords by receiving input from the management information or rule information from the overall control unit 127.

  Here, the keyword generation unit 128 generates a keyword from the partial area input from the overall control unit 127. Specifically, a bit corresponding to the address specified by the address information of the management information or rule information received from the server 110 is used as a start bit, and the start bit from the first bit of the partial area is set to the last bit of the received partial area. A keyword is generated by generating a bit string connecting up to the previous bit.

  For example, as shown in FIG. 3 (schematic diagram of partial area and keyword), the received partial area is a bit string “10010100101011110101010001010111”, and the address information of the management information is counted from the first bit of the partial area. In the case of indicating the address of the fifth bit (arrow), the keyword is a bit string from the first bit to the fourth bit in the partial area from the fifth bit to the 32nd bit (last bit). Are combined to generate a bit string “01001010111101010100010101111001”, and this bit string is used as a keyword.

  Then, the keyword generation unit 128 outputs the keyword generated in this way to the password generation unit 129.

  The password generation unit 129 generates a password when a keyword is input from the keyword generation unit 128.

  Specifically, a password is generated by calculating the keyword input from the keyword generation unit 128 and the key stored in the key information storage area 126 with an irreversible function H. Although the irreversible function H is not particularly limited, for example, a hash function may be used.

  Then, the password generation unit 128 outputs the password generated in this way to the overall control unit 127.

  The input unit 123 receives input of information from the operator of the reader / writer 120.

  The IF unit 124 is an interface for transmitting and receiving information via the network 150.

  The transmission / reception unit 125 transmits / receives data to / from the electronic tag 130 via electromagnetic waves.

  Also for the reader / writer 120 described above, for example, as shown in FIG. 5, a CPU 161, a memory 162, an external storage device 163 such as an HDD, and a portable storage medium such as a CD-ROM or DVD-ROM. A reading device 165 for reading out information from 164; an input device 166 such as a keyboard and a mouse; an output device 167 such as a display; a communication device 168 such as a NIC (Network Interface Card) for connection to a communication network; and an external device It can be realized by a general computer 160 having an external I / O 169 for connecting to the external I / O 169 and a reader / writer device (not shown) connected to the external I / O 169.

  For example, the storage unit 121 can be realized by the external storage device 163, and the control unit 122 can be realized by loading a predetermined program stored in the external storage device 163 into the memory 162 and executing it by the CPU 161. The input unit 123 can be realized by the input device 166, and the IF unit 124 can be realized by the communication device 168. The transmission / reception unit 125 can be realized by a reader / writer device that is connected to the external I / O 169 and can transmit and receive information to and from the electronic tag 130 via electromagnetic waves.

  The predetermined program is downloaded from the storage medium 164 via the reading device 165 or from the network via the communication device 168 to the external storage device 163, and then loaded onto the memory 162 and executed by the CPU 161. You may do it. Alternatively, the program may be directly loaded on the memory 162 from the storage medium 164 via the reading device 165 or from the network via the communication device 168 and executed by the CPU 161.

  The electronic tag 130 includes a storage unit 131, a control unit 132, and a transmission / reception unit 133.

  The storage unit 131 includes a rule storage area 134, a password storage area 135, and a tag memory area 136.

  The rule storage area 134 stores rule information received from the reader / writer 120 by the initial setting via the reader / writer 120.

  Here, the rule information includes partial area information for specifying a partial area used when generating a keyword, and address information for specifying an address in a partial area of a bit used as a start bit when generating a keyword. And having.

  The password storage area 135 stores a password received from the reader / writer 120 by the initial setting via the reader / writer 120.

  The tag memory area 136 is a data body that stores information held by the electronic tag 130.

  Here, in the present embodiment, the tag memory area 136 includes a reserved memory area for storing various passwords and a protocol control as shown in FIG. 4 (a schematic diagram showing the structure of the tag memory area 136). A UII memory area for storing information such as bits (PC), CRC (CRC-16), and UII (Unique Item Identifier), and a TID memory for storing information such as TID (Tag IDentifier) for specifying the manufacturer of the electronic tag An area 136c and a User memory area 136d for storing arbitrary information by the user of the electronic tag 130 are provided.

  Further, the User memory area 136d is divided into areas from Block 1 to Block 5, and each area can be set in a write disabled state (Write Lock state).

  The structure of the tag memory area 136 is not limited to such a mode.

  Returning to FIG. 1, the control unit 132 includes an overall control unit 137 and an authentication unit 138.

  The overall control unit 137 controls overall processing in the electronic tag 130.

  In particular, in the present embodiment, information transmission / reception processing performed with the reader / writer 120 is controlled, and information processing stored in the storage unit 131 is controlled.

  The authentication unit 138 authenticates the password received from the reader / writer 120. Authentication is performed based on whether or not the password received from the reader / writer 120 matches the password stored in the password storage area 135.

  The transmission / reception unit 133 transmits / receives information to / from the reader / writer 120 via electromagnetic waves.

  The electronic tag 130 configured as described above can be realized by an inlet 170 including an IC chip 172 and an antenna 717 as shown in FIG. 6 (schematic diagram of the inlet 170), for example.

  The IC chip 172 includes an auxiliary storage device 172a such as an EEPROM and a control circuit 172b such as a CPU. The storage unit 131 can be realized by the auxiliary storage device 172a, and the control unit 132 includes the auxiliary storage device 172a. The transmission / reception unit 133 can be realized by performing predetermined processing with the control device 172b via the antenna 171.

  Processing in the electronic tag system 100 configured as described above will be described below.

  FIG. 7 is a flowchart showing management information generation processing in the server 110.

  The management information processing unit 118 of the server 110 receives an input of the required number of passwords from the operator of the server 110 via the input unit 113 (S10).

  Next, the management information processing unit 118 refers to the tag data storage area 115 stored in the storage unit 111 for the smallest number of bits in the quantity area having the number of bits greater than the number of accepted passwords. (S11).

  Next, the management information processing unit 118 uses the identification information that can identify the partial area specified in step S11 as partial area information, and also specifies information that specifies the address of the start bit of the partial area specified in step S11. These pieces of information are stored as management information in the management information storage area 116 as address information (S12).

  FIG. 8 is a sequence diagram when initial setting of the electronic tag 130 is performed.

  The overall control unit 127 of the reader / writer 120 transmits a management information acquisition request to the server 110 via the IF unit 124 (S20).

  In the server 110 that has received the management information acquisition request, the overall control unit 117 transmits the management information stored in the management information storage area 116 to the reader / writer 120 via the IF unit 114 (S21).

  Also, the management information processing unit 118 of the server 110 updates the address information in the management information stored in the management information storage area 116 (S22). In updating the address information, the information specifying the address of the start bit in the partial area is changed to information specifying the address of the next bit.

  Then, the overall control unit 127 of the reader / writer 120 extracts partial region information from the management information received in step S21, and sends a transmission / reception unit to the partial region acquisition request specifying the partial region specified by the extracted partial region information. It transmits to the electronic tag 130 via 125 (S23).

  Upon receiving the partial area acquisition request, the overall control unit 137 of the electronic tag 130 acquires information stored in the partial area specified by the acquisition request from the tag memory area 136 and reads the information via the transmission / reception unit 133. The data is transmitted to the writer 120 (S24).

  Next, the keyword generation unit 128 of the reader / writer 120 generates a keyword from the received partial area (S25). The keyword is generated by using the bit corresponding to the address specified by the address information of the management information received in step S21 as the start bit, and specifying the address information from the start bit of the received partial area as the last bit of the received partial area. This is done by concatenating up to the bit before the bit corresponding to the address to be processed.

  Next, the password generation unit 129 of the reader / writer 120 calculates the keyword generated in step S25 and the key stored in the key information storage area 126 using an irreversible function H to generate a password (S26).

  Next, the overall control unit 127 of the reader / writer 120 uses the management information received in step S21 as rule information, and transmits it to the electronic tag 130 via the transmission / reception unit 125 together with the password generated in step S26 (S27).

  In the electronic tag 130 that has received the rule information and the password, the overall control unit 137 stores them in the rule storage area 134 and the password storage area 135, respectively (S28).

  FIG. 9 is a sequence diagram showing information processing performed between the reader / writer 120 and the electronic tag 130.

  The overall control unit 127 of the reader / writer 120 transmits a rule information acquisition request to the electronic tag 130 via the transmission / reception unit 125 (S30).

  When receiving the rule information acquisition request, the overall control unit 137 transmits the rule information stored in the rule storage area 134 to the reader / writer 120 via the transmission / reception unit 133 (S31).

  In the reader / writer 120 that has received the rule information, the overall control unit 127 extracts the partial region information included in the rule information (S32), and acquires the partial region that specifies the partial region specified by the extracted partial region information. The request is transmitted to the electronic tag 130 via the transmission / reception unit 125 (S33).

  Upon receiving the partial area acquisition request, the overall control unit 137 of the electronic tag 130 acquires information stored in the partial area specified by the acquisition request from the tag memory area 136 and reads the information via the transmission / reception unit 133. The data is transmitted to the writer 120 (S34).

  Next, the keyword generation unit 128 of the reader / writer 120 generates a keyword from the received partial area (S35). The keyword generation is the same as the processing in step S25 described above.

  Next, the password generation unit 129 of the reader / writer 120 calculates the keyword generated in step S35 and the key stored in the key information storage area 126 with an irreversible function H to generate a password (S36).

  Next, the overall control unit 127 of the reader / writer 120 processes the password generated in step S26 and the information stored in the tag memory area 136 of the electronic tag 130 (for example, read / write, change, delete, etc.). The command is transmitted to the electronic tag via the transmission / reception unit 125 (S37).

  Next, the authentication unit 138 of the electronic tag 130 compares the received password with the password stored in the password storage area 135 (S38), and controls the received command if they match. This is executed by the unit 137 (S39), and if they do not match, the fact that the authentication has failed is notified to the overall control unit 137 and the process is terminated.

  For example, in the process executed in step S39, when the received command is a “write command”, the overall control unit 137 stores the information specified in the tag memory area 136. When the received command is a “read command”, the overall control unit 137 reads information stored in the tag memory area 136 and transmits the information to the reader / writer 120 via the transmission / reception unit 133. Furthermore, when the received command is an “invalidation command”, the overall control unit 137 performs processing for invalidating the electronic tag 130.

  As described above, according to the present embodiment, it is not necessary to assign and manage unique data for each electronic tag 130, and the management operation is easy. On the other hand, the electronic tag 130 has successfully authenticated the reader / writer 120. Since only the processing of the information in the electronic tag 130 is permitted, it is possible to prevent the information in the electronic tag 130 from being illegally processed.

  Further, since complicated processing such as encryption and decryption is not performed in the electronic tag 130, a highly secure electronic tag system can be realized with a cheaper system.

  In addition, the electronic tag 130 according to the present embodiment is safer than a magnetic card and can authenticate the reader / writer 120 at a lower cost than an IC card. It can also be used as a gift certificate.

  In the embodiment described above, each time the management information processing unit 118 of the server 110 transmits management information to the reader / writer 120, the management information processing unit 118 updates the address information so that it becomes the next bit in order from the first bit. However, the present invention is not limited to this mode, and it is possible to randomly select bits as address information. In such a case, for example, by storing information specifying bits that are already selected or not yet selected in the storage unit 111, it is possible to prevent a plurality of the same bits from being selected. desirable.

  In the embodiment described above, the management information processing unit 118 of the server 110 selects one partial area according to the required number of passwords. However, the present invention is not limited to this mode. For example, it is possible to select a plurality of partial regions. In such a case, by defining the order of the selected partial areas, the bit strings stored in the partial areas are arranged in that order, and the keyword is generated by specifying the start bit with the address information. It becomes possible to do.

  By making it possible to select a plurality of partial areas in this way, it becomes possible to cope with a case where the required number of passwords is not satisfied in one partial area. The method for selecting a plurality of partial areas is not particularly limited. For example, the selection of the number of bits included in the partial areas may be selected in order from the smallest that satisfies the required number of passwords. .

  In the embodiment described above, the rule information is stored in the rule storage area 134 of the electronic tag 130. However, the present invention is not limited to such a mode. For example, in the initial setting process of the electronic tag 130 When an identification ID for identifying the used management information is stored in the rule storage area 134 and information processing is performed between the reader / writer 120 and the electronic tag 130, the identification ID is read from the electronic tag 130 by the reader. The reader / writer 120 may receive the management information corresponding to the identification ID from the server 110. In such a case, an identification ID is included in the management information transmitted from the server 110 to the reader / writer 120 in the initial setting, and the management information storage area 116 transmits the information to the reader / writer 120 in association with the identification ID. All management information is stored.

  FIG. 10 is a schematic view of an electronic tag system 200 according to the second embodiment of the present invention.

  As illustrated, the electronic tag system 200 includes a server 110, a reader / writer 220, and an electronic tag 230, and the server 110 and the reader / writer 220 can transmit and receive information via the network 150. The reader / writer 220 and the electronic tag 230 can transmit and receive information via electromagnetic waves.

  The server 110 includes a storage unit 111, a control unit 112, an input unit 113, and an IF unit 114. Since the server 110 is the same as that of the first embodiment, the description thereof is omitted.

  The reader / writer 220 includes a storage unit 121, a control unit 222, an input unit 123, an IF unit 124, and a transmission / reception unit 125. Here, the reader / writer 220 according to the present embodiment differs from the reader / writer 120 according to the first embodiment in processing performed by the control unit 222. Will be described.

  The control unit 222 includes an overall control unit 227, a keyword generation unit 228, and a password generation unit 229.

  The overall control unit 227 controls the overall processing of the reader / writer 220, and in this embodiment, controls the communication with the server 110 or the electronic tag 230.

  In the first embodiment, the overall control unit 127 receives from the server 110 when receiving an instruction to perform initial setting of the electronic tag 130 from the operator of the reader / writer 120 via the input unit 123. The management information thus obtained is used as rule information and transmitted to the electronic tag 130 via the transmission / reception unit 125 together with the password generated via the keyword generation unit 128 and the password generation unit 129. Among the management information received from 110, the partial area information is transmitted as rule information to the electronic tag 130 via the transmission / reception unit 125 together with the password generated via the keyword generation unit 228 and the password generation unit 229.

  In addition, the overall control unit 227 according to the present embodiment transmits a command and a password to the electronic tag 230 when performing information processing between the reader / writer 120 and the electronic tag 230. When there is no password or when an authentication error is notified from the electronic tag 230, the keyword generation unit 228 and the password generation unit 229 are instructed to generate a new password, and the generated password and command are transmitted to the electronic tag 230.

  When the management information is input from the overall control unit 227, the keyword generation unit 228 generates a keyword in the same manner as in the first embodiment. When the rule information is input, the keyword generation unit 228 generates a start bit. Since there is no designation, a keyword is generated with an arbitrary bit (for example, a bit at the beginning of a partial area) as a start bit, and when the general control unit 227 instructs again, it is used with the keyword generated last time. A keyword is generated with the bit next to the start bit as the start bit.

  Then, the keyword generation unit 228 outputs the keyword generated in this manner to the password generation unit 229, and the password generation unit 229 receives the keyword from the keyword generation unit 228, so that the same as in the first embodiment. Next, generate a password.

The electronic tag 230 includes a storage unit 231, a control unit 132, and a transmission / reception unit 133, and the storage unit 231 is different from that of the first embodiment. The storage unit 231 includes a rule storage area 234, a password storage area 135, and a tag memory area 136. Compared to the first embodiment, the storage unit 231 stores rule information stored in the rule storage area. Is different.

  The rule storage area 234 stores rule information received from the reader / writer 220 by the initial setting via the reader / writer 220.

  Here, as described above, in the present embodiment, the rule information includes partial area information that specifies a partial area used when generating a keyword, and does not have address information.

  In the electronic tag system 200 according to the second embodiment configured as described above, the management information generation processing in the server 110 is the same as the flowchart shown in FIG. In the initial setting process of the electronic tag 230, in the sequence diagram of FIG. 8, the rule information transmitted in step S27 is composed of partial area information, and in step S28, the rule information transmitted in step S27 is stored. I have to.

  FIG. 11 is a sequence diagram showing information processing performed between the reader / writer 220 and the electronic tag 230.

  The overall control unit 227 of the reader / writer 220 transmits a rule information acquisition request to the electronic tag 230 via the transmission / reception unit 125 (S50).

  In the electronic tag 230 that has received the rule information acquisition request, the overall control unit 137 transmits the rule information stored in the rule storage area 234 to the reader / writer 220 via the transmission / reception unit 133 (S51).

  In the reader / writer 220 that has received the rule information, the overall control unit 227 extracts the partial area information included in the rule information (S52), and acquires the partial area that specifies the partial area specified by the extracted partial area information. The request is transmitted to the electronic tag 230 via the transmission / reception unit 125 (S53).

  Upon receiving the partial area acquisition request, the overall control unit 137 of the electronic tag 230 acquires the information stored in the partial area specified by the acquisition request from the tag memory area 136, and reads the information via the transmission / reception unit 133. The data is transmitted to the writer 220 (S54).

  Next, the keyword generation unit 228 of the reader / writer 220 generates a keyword from the received partial area (S55). Here, the keyword is generated by generating, as a start bit, an arbitrary bit of the received partial area that has not yet been generated as a keyword.

  Next, the password generation unit 229 of the reader / writer 220 calculates the keyword generated in step S55 and the key stored in the key information storage area 126 using an irreversible function H to generate a password (S56).

  Next, the overall control unit 227 of the reader / writer 220 processes the password generated in step S56 and the information stored in the tag memory area 136 of the electronic tag 230 (for example, read / write, change, delete, etc.). The command is transmitted to the electronic tag via the transmission / reception unit 125 (S57).

  Next, the authentication unit 138 of the electronic tag 230 compares the received password with the password stored in the password storage area 135 (S58), and controls the received command if they match. This is executed by the unit 137 (S59), and if they do not match, the overall control unit 137 is notified that the authentication has failed.

  When there is no response from the electronic tag 230 within a predetermined time (S60), the overall control unit 227 of the reader / writer 220 returns to step S55 to generate a new keyword and password and generate the electronic The process of transmitting to the tag 230 is repeated.

  In this sequence, when there is an authentication error, the electronic tag 230 does not notify the reader / writer 220 of the authentication error. However, the overall control unit 137 of the electronic tag 230 transmits such notification. It is also possible for the reader / writer 220 to generate and transmit a password again by receiving such an authentication error.

  In the above embodiment, since only the information specifying the partial area for generating the keyword is stored in the electronic tag 230, the reader / writer 220 can illegally generate the electronic tag 230 unless the password can be generated from the partial area. Can no longer process the information.

  In the embodiment described above, the authentication of the password from the reader / writer 220 is performed by the electronic tag 230 unless the authentication is successful. For example, the number of times the electronic tag 230 is authenticated is factored. If the number of bits of the partial area transmitted from the tag memory area 136 to the reader / writer 220 is the maximum value and the number of authentication errors reaches the maximum value, the overall control unit 137 The process 230 may be locked.

  FIG. 12 is a schematic diagram of an electronic tag system 300 according to the third embodiment of the present invention.

  Here, in the present embodiment, the electronic tag 330 has unique data uniquely assigned to each electronic tag 330, and this unique data is stored at a predetermined address in the tag memory area 136. It shall be.

  As illustrated, the electronic tag system 300 includes a server 310, a reader / writer 320, and an electronic tag 330. The server 310 and the reader / writer 320 can transmit and receive information via the network 150. The reader / writer 320 and the electronic tag 330 can transmit and receive information via electromagnetic waves.

  The server 310 includes a storage unit 311, a control unit 312, an input unit 113, and an IF unit 114. Since the storage unit 311 and the control unit 312 are different from the first embodiment, Hereinafter, matters related to the different points will be described.

  In the present embodiment, the storage unit 311 includes a management information storage area 316 and, unlike the first embodiment, does not include a tag data storage area. This is because in the present embodiment, each electronic tag 330 has unique data that can be uniquely identified.

  In the management information storage area 316 in the present embodiment, as management information, unique data information for specifying the address of unique data in the tag memory area 136 of the electronic tag 330 and a start bit when generating a keyword to be described later are used. Address information for specifying an address in the unique data of the bits to be stored.

  Here, in the present embodiment, it is assumed that the operator of the server 310 has input the initial values of the unique data information and the address information in advance via the input unit 113 based on the setting of the electronic tag 330. The address information is updated by the management information processing unit 318 every time it is transmitted to the reader / writer 320 in response to a request from the reader / writer 320.

  The control unit 312 includes an overall control unit 117 and a management information processing unit 318.

  The overall control unit 117 is the same as in the first embodiment, and a description thereof is omitted.

  The management information processing unit 318 in the present embodiment updates the address information. For example, every time the overall control unit 117 transmits management information to the reader / writer 320, the address information in this embodiment is updated to information for specifying the address of the next bit in the specific data every time the management information is transmitted to the reader / writer 320. To do.

  The reader / writer 320 includes a storage unit 121, a control unit 322, an input unit 123, an IF unit 124, and a transmission / reception unit 125. Since the control unit 322 is different from the first embodiment, Hereinafter, matters related to the different points will be described.

  The control unit 322 includes an overall control unit 327, a keyword generation unit 328, and a password generation unit 329.

  The overall control unit 327 controls the entire processing of the reader / writer 320, and also controls communication with the server 310 or the electronic tag 330 in this embodiment.

  In addition, when the general control unit 327 receives an input of an instruction for initial setting of the electronic tag 330 from the operator of the reader / writer 320 via the input unit 123 described later, the general control unit 327 via the IF unit 123 described later. The management information acquisition request is transmitted to the server 310, the management information transmitted as a response is received, and the received management information is output to the keyword generation unit 328.

  Furthermore, the overall control unit 327 extracts unique data information included in the received management information, transmits a request for acquiring unique data to the electronic tag 330 via the transmission / reception unit 125, and transmits / receives the response as a response. The unique data is received from the electronic tag 330 via the unit 125 and output to the keyword generation unit 328.

  The overall control unit 327 uses the management information received from the server 110 as rule information, and electronically passes through the transmission / reception unit 125 together with the password generated via the keyword generation unit 128 and the password generation unit 129 as described later. It transmits to the tag 130.

  In addition, when there is an input of a command command to the electronic tag 330 from the operator of the reader / writer 320 or another device via the input unit 123, the overall control unit 327 transmits the electronic command via the transmission / reception unit 125. A rule information acquisition request is transmitted to the tag 330, the rule information transmitted as a response is received, and the received rule information is output to the keyword generation unit 328.

  Furthermore, the overall control unit 327 extracts unique data information included in the received management information, transmits a request for acquiring unique data to the electronic tag 330 via the transmission / reception unit 125, and transmits / receives the response as a response. The unique data is received from the electronic tag 330 via the unit 125 and output to the keyword generation unit 328.

  Then, the overall control unit 327 transmits the password and command generated via the keyword generation unit 328 and password generation unit 329 to the electronic tag 330 via the transmission / reception unit 125.

  The keyword generation unit 328 generates a keyword when management information or rule information is input from the overall control unit 327.

  Here, the keyword generation unit 328 generates a keyword from the unique data input from the overall control unit 327. Specifically, the bit corresponding to the address specified by the address information of the management information or rule information received from the server 310 is used as the start bit, and the start bit from the first bit of the specific data is set to the last bit of the received specific data. A keyword is generated by generating a bit string connecting up to the previous bit.

  Then, the keyword generation unit 328 outputs the keyword generated in this way to the password generation unit 129.

  The password generation unit 329 generates a password in the same manner as in the first embodiment when a keyword is input from the keyword generation unit 328.

  The electronic tag 330 includes a storage unit 331, a control unit 132, and a transmission / reception unit 133. Since the storage unit 331 is different from that of the first embodiment, the following description relates to this difference. The items to be described are explained.

  The storage unit 331 includes a rule storage area 334, a password storage area 135, and a tag memory area 136. The rule information stored in the rule storage area 334 is different from that of the first embodiment.

  The rule information stored in the rule storage area 334 includes unique data information that identifies an address of unique data, and address information that identifies an address in unique data of a bit used as a start bit when generating a keyword. Have.

  Processing in the electronic tag system 300 according to this embodiment configured as described above will be described below. In the electronic tag system 300 according to the present embodiment, management information is input by an operator, so that management information generation processing as shown in FIG. 7 is not necessary.

  FIG. 13 is a sequence diagram when initial setting of the electronic tag 330 is performed.

  The overall control unit 227 of the reader / writer 220 transmits a management information acquisition request to the server 310 via the IF unit 124 (S70).

  In the server 310 that has received the management information acquisition request, the overall control unit 117 transmits the management information stored in the management information storage area 316 to the reader / writer 320 via the IF unit 114 (S71).

  Also, the management information processing unit 318 of the server 310 updates the address information in the management information stored in the management information storage area 316 (S72). In updating the address information, information specifying the address of the start bit in the unique data is changed to information specifying the address of the next bit.

  Then, the overall control unit 327 of the reader / writer 320 extracts the unique data information from the management information received in step S71, and sends a transmission / reception unit 125 to the unique data acquisition request specifying the address specified by the extracted unique data information. Is transmitted to the electronic tag 330 via (step S73).

  The overall control unit 137 of the electronic tag 330 that has received the acquisition request for the unique data acquires the information stored at the address specified in the acquisition request from the tag memory area 136, and the reader / writer via the transmission / reception unit 133. It transmits to 320 (S74).

  Next, the keyword generation unit 328 of the reader / writer 320 generates a keyword from the received unique data (S75). The keyword is generated by using the bit corresponding to the address specified by the address information of the management information received in step S71 as a start bit, and adding the start bit from the first bit of the received unique data to the last bit of the received unique data. This is done by concatenating up to the previous bit.

  Next, the password generation unit 329 of the reader / writer 320 calculates the keyword generated in step S75 and the key stored in the key information storage area 126 with an irreversible function H to generate a password (S76).

  Next, the overall control unit 327 of the reader / writer 320 uses the management information received in step S71 as rule information, and transmits it to the electronic tag 330 via the transmission / reception unit 125 together with the password generated in step S76 (S77).

  In the electronic tag 330 that has received the rule information and the password, the overall control unit 137 stores them in the rule storage area 334 and the password storage area 135, respectively (S78).

  FIG. 14 is a sequence diagram showing information processing performed between the reader / writer 320 and the electronic tag 330.

  The overall control unit 327 of the reader / writer 320 transmits a rule information acquisition request to the electronic tag 330 via the transmission / reception unit 125 (S80).

  In the electronic tag 330 that has received the rule information acquisition request, the overall control unit 137 transmits the rule information stored in the rule storage area 334 to the reader / writer 320 via the transmission / reception unit 133 (S81).

  In the reader / writer 320 that has received the rule information, the overall control unit 327 extracts the unique data information included in the rule information (S82), and the unique data acquisition request specifying the address specified by the extracted unique data information Is transmitted to the electronic tag 330 via the transmission / reception unit 125 (S83).

  The overall control unit 137 of the electronic tag 330 that has received the acquisition request for the unique data acquires the information stored at the address specified in the acquisition request from the tag memory area 136, and the reader / writer via the transmission / reception unit 133. It transmits to 320 (S84).

  Next, the keyword generation unit 328 of the reader / writer 320 generates a keyword from the received unique data (S85). The keyword generation is the same as the processing in step S75 described above.

  Next, the password generation unit 329 of the reader / writer 320 calculates the keyword generated in step S85 and the key stored in the key information storage area 126 using the irreversible function H to generate a password (S86).

  Next, the overall control unit 127 of the reader / writer 120 processes the password generated in step S86 and the information stored in the tag memory area 136 of the electronic tag 330 (for example, read / write, change, delete, etc.). The command is transmitted to the electronic tag via the transmission / reception unit 125 (S87).

  Next, the authentication unit 138 of the electronic tag 130 compares the received password with the password stored in the password storage area 135 (S88), and controls the received command if they match. This is executed by the unit 137 (S89), and if they do not match, the fact that the authentication has failed is notified to the overall control unit 137 and the process is terminated.

  As described above, according to the present embodiment, when unique data is given to the electronic tag 330, even if the unique data is leaked, the password generation processing in the reader / writer 320 is specified. Security cannot be improved.

  In the embodiment described above, a keyword is generated by converting the specific data from a specific start bit. However, the present invention is not limited to such a mode, and the specific data is directly used as a keyword. It is also possible to use it. In such a case, the management information stored in the management information storage area 316 of the server 310 and the rule information stored in the rule storage area 334 of the electronic tag 330 may use information specifying the address of the unique data.

  Further, a keyword may be generated by converting a partial area including unique data from a specific start bit. In such a case, in this case, the management information storage of the server 310 is stored. The management information stored in the area 316 and the rule information stored in the rule storage area 334 of the electronic tag 330 may include partial area information and address information specifying the start bit in the partial area instead of the unique data information. That's fine. In addition, when generating a keyword using such a partial area including unique data, a start bit to be updated by the server 310 may be selected at random.

  In the embodiment described above, the bit corresponding to the address specified by the address information of the management information or rule information is used as the start bit, and the last bit of the partial area or specific data is changed from the first bit of the partial area or specific data. A keyword is generated by generating a bit string obtained by concatenating up to the bit immediately before the start bit. However, the present invention is not limited to such a mode, and is specified by address information of management information or rule information, for example. It is also possible to use a bit corresponding to the address as a start bit and a bit string up to the last bit of the partial area or unique data as a keyword.

  In the embodiment described above, the keyword is generated in the reader / writer. However, the present invention is not limited to this mode, and the keyword may be generated in the electronic tag and transmitted to the reader / writer. . In such a case, a keyword is generated based on the rule information stored in the rule storage area in the control unit of the electronic tag.

1 is a schematic diagram of an electronic tag system 100 according to a first embodiment. Schematic diagram of tag data table 115a. Schematic of partial area and keywords. Schematic which shows the structure of the tag memory area | region 136. FIG. FIG. Schematic of the inlet 170. FIG. 6 is a flowchart showing management information generation processing in the server 110; The sequence diagram at the time of performing the initial setting of the electronic tag. FIG. 5 is a sequence diagram showing information processing performed between a reader / writer 120 and an electronic tag. Schematic of the electronic tag system 200 which is 2nd embodiment. 4 is a sequence diagram showing information processing performed between a reader / writer 220 and an electronic tag 230. FIG. Schematic of the electronic tag system 300 which is 3rd embodiment. The sequence diagram at the time of performing the initial setting of the electronic tag 330. FIG. 4 is a sequence diagram showing information processing performed between a reader / writer 320 and an electronic tag 330. FIG.

Explanation of symbols

100, 200, 300 Electronic tag system 110, 310 Server 111, 311 Storage unit 112, 312 Control unit 120, 220, 320 Reader / writer 121 Storage unit 122, 222, 322 Control unit 130, 320, 330 Electronic tag 131, 231, 331 Storage unit 132 Control unit 150 Network

Claims (19)

An electronic tag having a storage unit for storing information divided into a plurality of partial areas, and a reader / writer that communicates with the electronic tag and transmits / receives information, and transmits a password from the reader / writer to the electronic tag , An electronic tag system for authenticating the password with the electronic tag,
The reader / writer is
A process of transmitting an acquisition request for information stored in a specific partial area to the electronic tag;
Processing for generating a keyword from information stored in the specific partial area transmitted from the electronic tag in response to the acquisition request;
Processing to generate the password by inputting the keyword into a predetermined function;
A control unit for performing
An electronic tag system characterized by The electronic tag system according to claim 1,
The storage unit of the electronic tag stores partial area information for identifying the specific partial area,
The control unit of the reader / writer acquires the partial region information from the storage unit of the electronic tag, and transmits an acquisition request for acquiring information stored in the partial region identified by the acquired partial region information To do,
An electronic tag system characterized by The electronic tag system according to claim 2,
The storage unit of the electronic tag stores rule information for specifying a rule for generating the keyword,
The reader / writer control unit acquires the rule information from the storage unit of the electronic tag, and generates a keyword from the information stored in the specific partial area according to the acquired rule information;
An electronic tag system characterized by The electronic tag system according to claim 3,
The rule information specifies one bit position among the information stored in the specific partial area,
The control unit of the reader / writer generates a keyword by setting the information stored in the specific partial area as a bit string starting at a position specified by the one bit position,
An electronic tag system characterized by The electronic tag system according to claim 4,
The one bit position is set to be different depending on each electronic tag,
An electronic tag system characterized by The electronic tag system according to claim 2,
The specific partial area is selected as a partial area having a bit number greater than the required number of passwords,
An electronic tag system characterized by The electronic tag system according to claim 2,
The specific part is selected from an area where data unique to the electronic tag is stored,
An electronic tag system characterized by The electronic tag system according to claim 2,
The control unit of the reader / writer is
Processing for generating the keyword;
Generating the password from the keyword;
Repeatedly until authentication with the electronic tag is successful,
An electronic tag system characterized by The electronic tag system according to claim 1,
The control unit of the reader / writer transmits, to the electronic tag, an acquisition request for specific data unique to the electronic tag stored in a specific partial area;
An electronic tag system characterized by The electronic tag system according to claim 1,
The specific partial area comprises at least two partial areas;
An electronic tag system characterized by A reader / writer that communicates with an electronic tag including a storage unit that stores information divided into a plurality of partial areas, transmits a password to the electronic tag, and receives authentication of the password in the electronic tag,
A process of transmitting an acquisition request for information stored in a specific partial area to the electronic tag;
Processing for generating a keyword from information stored in the specific partial area transmitted from the electronic tag in response to the acquisition request;
Processing to generate the password by inputting the keyword into a predetermined function;
A control unit for performing
Reader / writer. The reader / writer according to claim 11,
In the storage unit of the electronic tag, partial area information for identifying the specific partial area is stored,
The control unit acquires the partial region information from the storage unit of the electronic tag, and transmits an acquisition request for acquiring information stored in the partial region identified by the acquired partial region information;
Reader / writer. The reader / writer according to claim 12,
In the storage unit of the electronic tag, rule information for specifying a rule for generating the keyword is stored,
The control unit acquires the rule information from the storage unit of the electronic tag, and generates a keyword from information stored in the specific partial area according to the acquired rule information;
Reader / writer. The reader / writer according to claim 13,
The rule information specifies one bit position among the information stored in the specific partial area,
The control unit generates a keyword by setting the information stored in the specific partial area as a bit string starting from the one bit position,
Reader / writer. The reader / writer according to claim 12,
The controller is
Processing for generating a keyword from information stored in the specific partial area transmitted from the electronic tag in response to the acquisition request;
Generating the password from the keyword;
Repeatedly until authentication with the electronic tag is successful,
Reader / writer. The reader / writer according to claim 11,
The control unit transmits, to the electronic tag, an acquisition request for specific data unique to the electronic tag stored in a specific partial area;
Reader / writer. An electronic tag comprising a storage unit for storing information divided into a plurality of partial areas, receiving a password transmitted from a reader / writer, and authenticating the received password,
The storage unit stores partial area information for identifying the specific partial area,
A controller that performs a process of transmitting the partial area information to the reader / writer in response to a request of the reader / writer before the authentication;
An electronic tag characterized by The electronic tag according to claim 17,
The storage unit stores rule information for specifying a rule for generating a keyword,
The controller performs a process of transmitting the rule information to the reader / writer in response to a request from the reader / writer before performing the authentication.
An electronic tag characterized by The electronic tag according to claim 18,
The rule information specifies one bit position among the information stored in the specific partial area;
An electronic tag characterized by

Images