JP6074035B2 - Authentication determination system, authentication determination method, and IC chip mounting member - Google Patents

Description

  The present invention relates to a technique for determining the authenticity of an article, and in particular, an authenticity determination system for determining an authenticity by reading an IC chip attached to an article, an authenticity determination method, and an IC chip mounting member for attaching an IC chip to an article. It is related to technology effective when applied to.

  There is a case where it is required to make an authenticity determination on an article to be distributed. At present, for example, electronic authentication using an electronic certificate recorded on an IC chip, an RFID (Radio Frequency IDentification) tag or the like (hereinafter may be collectively referred to as “IC chip”), image processing, etc. In addition to electronic and electrical technologies, technologies such as holograms that try to prevent counterfeiting due to the complexity of using the human senses have been developed. The current situation is.

  For example, in Japanese Translation of PCT International Publication No. 2011-529314 (Patent Document 1), a digital authenticity certificate including encrypted information representing at least one characteristic unique to an object is disclosed. Issuing a storage means storing data, using a network computing means to check the validity of the digital authenticity certificate, and correcting the validity status of the digital authenticity certificate. And the network computing means outputs the validity status of the digital authenticity certificate in substantially real time in cooperation with the storage means and the verification authority and / or the certification authority. A technique for digitally verifying the authenticity of an object is described.

  Japanese Patent Laid-Open Publication No. 2000-11114 (Patent Document 2) issues a product tag in which certificate data that proves that the manufacturer has manufactured the product is issued when the product is shipped. At the store, the purchaser reads the certificate from the product tag with the product tag reading terminal, and obtains the certificate decryption information and the product tag obtained in advance from the authentication server via the network, mail, etc. It describes a technique for confirming whether a product is genuine or fake by collating with certificate information.

Special table 2011-529314 gazette JP 2000-11114 A

  Conventionally, several mechanisms for determining the authenticity of an article using electronic authentication processing have been proposed, but none of them has been necessarily suitable for commercialization. For example, in the technique described in Patent Document 1, a terminal authentication mechanism using an electronic certificate in an information processing system is applied to authentication of an object. Therefore, it is necessary to issue an electronic certificate for each article and process related to electronic authentication, for example, for fields that require efficiency and speed in authenticity determination, such as parts of industrial products that are mass-produced. Problems may arise in commercialization.

  Moreover, in the technique described in Patent Document 2, it is possible to improve the efficiency and speed of the authentication process by performing local authentication between a product tag reading terminal mounted on a smartphone or the like and the product. Since local authentication is performed without going through a certificate authority each time, an illegal product may be determined to be authentic, for example, when a product tag (IC chip) clone is created.

  SUMMARY OF THE INVENTION Accordingly, an object of the present invention is to authenticate a user by reading information recorded on an IC chip attached to an article with a reader / writer device and simply, efficiently and safely determining the authenticity of the article based on the information. An object of the present invention is to provide a determination system, an authenticity determination method, and an IC chip mounting member for attaching an IC chip to an article.

  The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  Of the inventions disclosed in this application, the outline of typical ones will be briefly described as follows.

  An authenticity determination system according to a representative embodiment of the present invention is a system that reads information recorded on an IC chip attached to an article by a reader / writer, and determines authenticity based on the read information. A unique code recorded on an IC chip and having a unique value for each IC chip is generated, the generated unique code is registered in a unique code holding unit, and the unique code is transmitted from the reader / writer. A certificate authority having a unique code processing unit for verifying whether there is a match with the registered content of the unique code holding unit, and the reader / writer includes the IC attached to the article. The unique code read from the chip is transmitted to the certificate authority via the network, and a response that the verification is successful is the certificate authority. If et sent, and displays said article is authentic.

  The present invention can also be applied to an IC chip mounting member for attaching an IC chip to an article in the authentication system as described above.

  Among the inventions disclosed in the present application, effects obtained by typical ones will be briefly described as follows.

  That is, according to a typical embodiment of the present invention, information recorded on an IC chip attached to an article is read by a user with a reader / writer device, and simple, efficient and safe based on the information. It is possible to determine the authenticity of the article.

It is the figure which showed the outline | summary about the structural example of the authenticity determination system which is Embodiment 1 of this invention. It is a figure explaining an outline | summary about the example of the environment of the authentication process in Embodiment 1 of this invention. It is the flowchart which showed the outline | summary about the example of the flow of a process at the time of determining the authenticity of the article | item in Embodiment 1 of this invention. It is the figure which showed the outline | summary about the structural example of the authenticity determination system which is Embodiment 2 of this invention. It is the flowchart which showed the outline | summary about the example of the flow of a process when the reader / writer in Embodiment 2 of this invention accesses a certification authority. It is the figure which showed the outline | summary about the example of the flow of a process which avoids the DDoS attack with respect to the web server by the side of a certification authority in Embodiment 2 of this invention. It is the figure which showed the outline | summary about the example of the flow of a process which avoids the DDoS attack with respect to the Web server by the side of the domain update server in Embodiment 2 of this invention. It is the figure shown about the example of a structure of the mounting member of IC chip in Embodiment 3 of this invention, and the outline | summary of the example of mounting to an article | item.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted.

  An authenticity determination system according to an embodiment of the present invention includes an IC at various points in a distribution channel with respect to an article attached with an IC chip in which information on a unique code and encryption key issued by a certificate authority is recorded in advance. Whether the IC chip is authentic by reading the information on the IC chip with a terminal such as a smartphone having a function of reading and writing the chip information, and verifying the unique code and the encryption key at the certificate authority based on this information, that is, This is a system for determining the authenticity of an article to which the IC chip is attached.

  The goods here include, for example, parts and products that are mass-produced in factories, etc., and various goods and goods that are circulated in the market, including the global environment, such as expensive clothing and jewelry. It is. Further, each part of the distribution channel includes, for example, a manufacturer, wholesaler, retailer, consumer, etc. of the article. Parallel importers and customs may also be included.

<Embodiment 1>
The authenticity determination system according to the first embodiment of the present invention has a basic configuration for reading information on an IC chip attached to an article by a terminal such as a smartphone and performing the authenticity determination based on the read information. Is.

[System configuration]
FIG. 1 is a diagram showing an outline of a configuration example of an authenticity determination system according to the first embodiment of the present invention. The authenticity determination system 1 has a configuration in which a certificate authority 10 and a Web server 10 ′ are connected to a network 20 such as the Internet, and the network 20 is a portable reader / writer implemented by a smartphone or the like. 30 is connected. The reader / writer 30 can read information recorded on the IC chip 40 attached to the article 2 and write information.

  The certificate authority (CA) 10 determines the authenticity of the IC chip 40, that is, the authenticity of the article 2 to which the IC chip 40 is attached based on the contents of the IC chip 40 attached to the article 2. Is a server system. The certificate authority 10 is implemented by, for example, a server device or a virtual server on a cloud computing environment, and is implemented as a software program that runs on middleware such as an OS (Operating System) or DBMS (DataBase Management System) (not shown). Each unit includes an encryption key processing unit 11 and a unique code processing unit 12. Each table includes an encryption key table 13 and a unique code table 14 implemented by a database, a file table, or the like.

  The encryption key processing unit 11 generates an encryption key for recording on the IC chip 40 and registers it in the encryption key table 13. The encryption key is also recorded on the IC chip 40 as will be described later. Further, the encryption key is authenticated by collating the encryption key data read and transmitted from the IC chip 40 by the reader / writer 30 with the encryption key registered in the encryption key table 13 according to a predetermined procedure. . The encryption key may be generated using either a common key encryption method or a public key encryption method. The common key is recorded in the encryption key table 13 and the IC chip 40 in the case of the common key encryption method and the secret key in the case of the public key encryption method, respectively. Note that the encryption key authentication method is not particularly limited, and for example, an authentication logic generally used in electronic money, an IC card, or the like can be used as appropriate.

  The unique code processing unit 12 generates a unique code that is a unique code value for each IC chip 40 and registers it in the unique code table 14. The unique code is recorded on each IC chip 40 after being encrypted with the encryption key, as will be described later. Further, when the encrypted unique code recorded in the IC chip 40 is read and transmitted by the reader / writer 30, it is decrypted and collated with the registered contents of the unique code table 14. As a result, the individual IC chip 40 can be authenticated.

  At this time, information on the number of times of successful verification (number of authentications) for the target unique code is recorded in both the IC chip 40 and the unique code table 14, and this value is also verified together with the unique code. Thereby, for example, when the number of authentications does not match, it is possible to determine that the IC chip 40 is unauthenticated, assuming that the IC chip 40 has been illegally copied (clone) or the like.

  In this embodiment, as the authentication target parameter, the unique code value registered for each IC chip 40 and the number of authentications are collated. However, the authentication target parameter is not limited to this. Absent. One is a unique fixed value for each IC chip 40, and the other is associated as a parameter that is updated each time authentication processing is performed. That is, a parameter for confirming that the IC chip 40 can exist (fixing a unique code or the like) Value) and a parameter for confirming that there is no other same IC chip 40 (a variable value that can be rewritten each time, such as the number of authentications for each IC chip 40), can be used as appropriate. .

  For example, considering the operation cost and operability, instead of the unique code generated by the unique code processing unit 12, the serial number uniquely set in each IC chip 40 at the time of manufacturing the IC chip 40 is used as a fixed value. Further, instead of the number of times of authentication, the authenticity of the IC chip 40 can be determined by using a variable such as a random number generated by the unique code processing unit 12 or the like every time authentication processing is performed. These fixed value and variable value parameters can be said to be information similar to the relationship between the ID and the password for the IC chip 40.

  The Web server 10 ′ is a server system that provides a user interface for a user to access the certificate authority 10 via the network 20, and is implemented by, for example, a server device or a virtual server on a cloud computing environment. The It has a web server program (not shown), accepts access from an information processing terminal such as the reader / writer 30, calls and executes the processing of the certificate authority 10 as necessary, and responds to the result.

  The reader / writer 30 has a function of performing reading / writing with respect to the IC chip 40 by NFC (Near Field Communication), and a function of performing authentication by the certificate authority 10 based on information read from the IC chip 40. Is an information processing terminal. The reader / writer 30 can use, for example, an NFC-compatible smartphone or mobile phone, or a dedicated reader / writer device. For example, the reader 31 is implemented as a software program that runs on an OS (not shown). And each unit such as the authentication unit 32. For example, when the reader / writer 30 is implemented by a smartphone, these software programs can be installed as a dedicated application so that the consumer can easily use the authentication system 1. Can do.

  The reading unit 31 reads information on the encryption key and the unique code recorded on the IC chip 40 by NFC based on a user operation, an instruction, or the like, or sends the above-described information on the number of times of authentication of the unique code to the IC chip 40. Has the function of writing. The authentication unit 32 accesses the certificate authority 10 via the Web server 10 ′ based on the encryption key and unique code information read by the reading unit 31, requests authentication processing, receives the authentication result, and reads the reader / writer. 30 has a function of displaying on a display (not shown) or the like of 30.

  The IC chip 40 can use a general passive type IC chip or an RFID tag, and the authenticity determination is performed in a state where the encryption key and the unique code information generated by the certificate authority 10 are recorded on the memory 41. It is attached to the target article 2. Since information on an encryption key and a unique code is recorded, one with high security strength is desirable. The method of attaching the IC chip 40 to the article 2 is not particularly limited, but it is desirable that the IC chip 40 be attached by a tamper-resistant method as will be described later so that it is not easily cloned or altered.

[Overview of authentication environment]
FIG. 2 is a diagram for explaining an overview of an example of an environment for authentication processing in the present embodiment. First, the upper certificate authority generates an encryption key 51 and a unique code 52 to be recorded on the IC chip 40. An encryption key 51 is generated by the encryption key processing unit 11 of the certificate authority 10, and the generated encryption key 51 (a common key for the common key encryption method and a secret key for the public key encryption method) is stored in the encryption key table 13. sign up. At this time, an expiration date is set for the encryption key 51, and this information is also registered in association with the encryption key 51. As a result, it is possible to perform generation management of the encryption key 51 and use the encryption keys 51 of a plurality of generations properly. In this case, information such as an ID for specifying the generation (encryption key 51) may be held and managed in association with the encryption key 51 itself. The encryption key 51 is preferably managed manually or automatically so that a new generation is generated before the expiration date or periodically.

  The certificate authority 10 also generates a unique code 52 that is unique to each IC chip 40 by the unique code processing unit 12 and registers the unique code 52 in the unique code table 14. At this time, the unique code table 14 can also hold a value obtained by counting the number of successful authentications in association with each unique code 52. The unique code 52 is, for example, binary data having a bit length that cannot be easily estimated.

  The generated encryption key 51 (common to a plurality of IC chips 40 of the same generation) and unique code 52 (unique for each IC chip 40) are automatically or automatically stored in the unretrievable area 41 ′ in the memory 41 of the IC chip 40. Record manually. The unique code 52 is recorded in a state encrypted with the encryption key 51. The unretrievable area 41 ′ is an encrypted secure area in which reading and writing of information is managed by the IC chip 40, and cannot be directly accessed by an application or the like. It can be read only via an instruction or the like. If the IC chip 40 is a type that does not have a CPU, a function equivalent to this can be implemented by an application or the like.

  On the other hand, the take-out area 41 ″ of the memory 41 holds an authentication counter 53, which is a value obtained by counting the number of successful authentications for the unique code 52 recorded in the IC chip 40. The take-out area 41 ″ is recorded in the take-out area 41 ″. The information can be read and written directly by an application or the like. In this embodiment, every time the authentication of the unique code 52 by the certificate authority 10 is successful, the reader / writer 30 adds 1 to the value of the authentication counter 53 and updates it. In response to a successful authentication, the certificate authority 10 transmits the value of the number of times of authentication for the unique code 52 held by the certificate authority 10 to the reader / writer 30, and the value received by the reader / writer 30 is the authentication counter. You may make it set to 53.

  The IC chip 40 in which the encryption key 51 and the unique code 52 that is unique for each IC chip 40 are recorded is a product or an article such as a product that should be subject to authentication by a manufacturer or the like, as shown in the middle figure. 2 is attached so as to be readable by the reader / writer 30.

  The article 2 to which the IC chip 40 is attached then circulates between wholesalers, retailers, consumers, etc., for example, by sales, as shown in the lower figure. A user at each stage of distribution downloads and installs an application 33 that implements the reading unit 31, the authentication unit 32, and the like in advance on a terminal such as a smartphone constituting the reader / writer 30. When the user reads information recorded on the IC chip 40 attached to the article 2 using the application 33 (reading unit 31) of the reader / writer 30 such as a smartphone, the application 33 (authentication) is based on the information. The unit 32) accesses the certificate authority 10 to request an authentication process, and notifies the authentication result by displaying it on the screen of the smartphone. The user can easily determine the authenticity of the article 2 by referring to this.

[Flow of authentication processing]
FIG. 3 is a flowchart showing an outline of an example of a processing flow when the user determines the authenticity of the article 2 attached with the IC chip 40 using the reader / writer 30 in each distribution route or the like. First, the user who has acquired the article 2 that is the object of the authenticity determination reads information recorded in the memory 41 of the IC chip 40 attached to the article 2 using a smartphone or the like that constitutes the reader / writer 30 (S01). , S02). For the protocol and the like when the reader / writer 30 establishes communication with the IC chip 40 by NFC and reads information, known means can be appropriately used.

  Information on the IC chip 40 accessed by the reader / writer 30 includes the encryption key 51 and the encrypted unique code 52 recorded in the unretrievable area 41 ′ of the memory 41 shown in FIG. 2, and the retrievable area 41 ″. The reading counter 31 of the reader / writer 30 reads out these pieces of information, and the reading unit 31 of the reader / writer 30 performs predetermined processing such as password authentication and data reading on the IC chip 40 as necessary. (S01) The IC chip 40 extracts information and responds to the reader / writer 30 (S02).

  The reader / writer 30 that has successfully accessed the encryption key 51 and the unique code 52 on the IC chip 40 is then encrypted by the authentication unit 32 with respect to the certificate authority 10 (via the Web server 10 ′ as necessary). An authentication process for the key 51 is requested (S03). In the certificate authority 10 that has received the request for authentication processing, the encryption key processing unit 11 collates the encryption key 51 accessed by the reader / writer 30 with the encryption key 51 registered in the encryption key table 13 by a predetermined method. Thus, the encryption key 51 is authenticated (S04, S05).

  As an authentication method, for example, a challenge / response method can be used. In this case, for example, the certificate authority 10 generates random data (challenge) and transmits it to the reader / writer 30, and in response to this, the authentication unit 32 of the reader / writer 30 stores the encryption key 51 recorded in the memory 41. Is used to generate response data in a predetermined procedure and respond to the certificate authority 10. In the certificate authority 10, data generated by a predetermined procedure between the transmitted challenge data and the encryption key 51 registered in the encryption key table 13 and response data returned from the reader / writer 30 are included. The encryption key 51 (that is, the IC chip 40 that holds it) is authenticated depending on whether or not they match. When there are a plurality of generations of the encryption key 51, the reader / writer 30 also specifies information for specifying the generation of the encryption key 51 held by the reader / writer 30 in the response.

  If the authentication of the encryption key 51 is successful, the encryption key processing unit 11 refers to the encryption key table 13 to check the expiration date set for the target encryption key 51 (S06), and determines whether it is within the expiration date. (S07). When the expiration date has passed, the reader / writer 30 is notified that the authentication is impossible, and the reader / writer 30 displays a screen indicating that the authentication is impossible, that is, the target article 2 is not authentic. The user is notified by displaying it above (S13). Here, for example, the notification is made by displaying a message such as “Could not be authenticated because the expiration date has been exceeded”.

  Thereby, for example, when the IC chip 40 attached to the target article 2 is peeled off and used from the genuine article 2 that has been distributed in the past, the target article 2 is incorrect. It is possible to judge (peeling and diverting case).

  In step S07, if it is within the expiration date, a response to that effect is sent to the reader / writer 30. Thereafter, the authentication unit 32 of the reader / writer 30 transmits the encrypted unique code 52 acquired from the IC chip 40 to the certificate authority 10 to request verification (S08). At this time, the authentication counter 53 acquired from the IC chip 40 is also transmitted to the certificate authority 10 together. In the certificate authority 10 that acquired the unique code 52, the unique code processing unit 12 decrypts the received unique code 52 with the encryption key 51, and then collates it with the unique code 52 registered in the unique code table 14 (S09). ), It is determined whether or not they match (S10).

  If the collation result does not match in step S10, the reader / writer 30 is notified that the authentication is impossible, and the reader / writer 30 displays on the screen that the target article 2 is unauthenticated. (S13). Here, for example, notification is made by displaying a message such as “cannot authenticate”.

  Thereby, for example, the security of the IC chip 40 attached to the target article 2 is broken, the contents of the memory 41 are decrypted, and the unique code 52 recorded in the unretrievable area 41 ′ is set to another value. When the IC chip 40 is created, it is possible to determine that the article 2 attached with the IC chip 40 is not authentic (decoding case).

  If the collation results match in step S10, then the value of the authentication counter 53 acquired from the reader / writer 30 in step S08 is changed to the previous value for the unique code 52 recorded in the unique code table 14. It collates with the value of the number of authentications (S11), and determines whether or not they match (S12). If they do not match, the reader / writer 30 is notified that the authentication is impossible, and the reader / writer 30 notifies the user by displaying on the screen that the target article 2 is not authentic (S13). . Here, for example, notification is made by displaying a message such as “authentication cannot be performed because the number of authentications does not match”.

  Thereby, as described above, when an illegal copy (clone) or the like of the IC chip 40 is created and an authentication request is made for the article 2 to which the IC chip 40 is attached, the IC chip 40 is concerned. Can be determined to be authentic (clone case). For the unique code 52 that has been determined to be inconsistent once in step S12, authentication processing may be automatically prohibited thereafter by setting an invalid flag in the unique code table 14 or the like. Further, it is desirable to control the value of the authentication counter 53 so that it cannot be updated unless the authentication of the encryption key 51 is successful in order to prevent unauthorized rewriting by an electronic device having an unauthorized program.

  If the collation results match in step S12, it is assumed that the authentication is successful, and the value of the number of times of authentication for the unique code 52 recorded in the unique code table 14 is added and updated (S14). Is notified to the reader / writer 30. In the reader / writer 30 that has received the notification, the value of the authentication counter 53 recorded in the removable area 41 ″ of the memory 41 of the IC chip 40 is updated by adding 1 (S15, S16), and the authentication is successful. That is, the user is notified by displaying on the screen that the target article 2 is authentic (S17).

  As described above, according to the authenticity determination system 1 according to the first embodiment of the present invention, the IC chip 40 in which the information on the unique code 52 and the encryption key 51 issued by the certificate authority 10 is recorded in advance is attached. By reading the information on the IC chip 40 by the reader / writer 30 at various points on the distribution channel for the article 2 that has been obtained, and verifying the unique code 52 and the encryption key 51 by the certificate authority 10 based on this information, The authenticity of the article 2 to which the IC chip 40 is attached can be determined simply, efficiently and safely. For example, by making it possible to apply a terminal such as a smartphone that can be easily used by the user as the reader / writer 30, it is possible to easily and efficiently prepare the implementation environment.

  Further, by confirming the expiration date of the encryption key 51 during the authentication process, it is possible to deal with a case in which the IC chip 40 is peeled off from the past article 2 and is diverted. is there. Further, by collating the unique unique code 52 for each IC chip 40, it is possible to deal with a case where the contents of the IC chip 40 are decrypted and another IC chip 40 is created (decoding case). It is. Further, by checking the number of times of authentication of the unique code 52, it is possible to deal with a case (clone case) in which a copy (clone) or the like of the genuine IC chip 40 is illegally created.

<Embodiment 2>
In addition to the configuration in the first embodiment, the authentication system 1 according to the second embodiment of the present invention has a risk that the authentication process cannot be executed when an attack such as DoS (Denial of Service) is received. In order to be distributed, the certificate authority 10 and an update server that manages and updates access information for the certificate authority 10 are separated. Since the contents of the authentication process after the reader / writer 30 accesses the predetermined certificate authority 10 are the same as those in the first embodiment, the description thereof will be omitted.

[System configuration]
FIG. 4 is a diagram showing an outline of a configuration example of the authenticity determination system 1 according to the second embodiment of the present invention. The difference from the configuration shown in FIG. 1 in the first embodiment is that, in addition to the certificate authority 10 and the Web server 10 ′, the domain update server 60 and the Web server 60 ′ having a function of providing a user interface therefor are provided. Having a pair, specifying a router 70 that performs routing to these servers, having a DDNS server 80 that provides a dynamic DNS (Domain Name System) service, and a reader / writer 30 that stores data in the domain list 34 Such as holding it.

  The domain update server 60 is a server system having a function of changing / updating the domain and IP address and port number of the Web server 10 ′ on the certificate authority 10 side. The domain update server 60 is implemented by, for example, a server device, a virtual server on a cloud computing environment, or the like, such as an update information response unit 61 and a domain update unit 62 that are implemented as software programs that run on an OS (not shown). It has each part. Also, it has domain / port information 63 composed of a file or the like for holding setting information such as the current domain and port number.

  The update information response unit 61 receives the domain update information acquisition request from the reader / writer 30 and refers to the domain / port information 63 to refer to the domain name and port number of the Web server 10 ′ on the current certificate authority 10 side. Has a function of responding. The domain update unit 62 has a function of changing setting information of a domain name and a global IP address for accessing the Web server 10 ′ on the certificate authority 10 side. Further, it may have a function of changing the port number of the Web server 10 '. That is, the domain and global IP address registration information is changed for the DDNS server 80 on the assumption that the Web server 10 ′ having the changed IP address and port number settings is prepared and actually exists. Also, the setting is changed so that the changed port number is released to the router 70.

  In the present embodiment, as described above, the certificate authority 10 (and the web server 10 ′) and the domain update server 60 are separated, and the access destinations of the web server 10 ′ and the web server 60 ′ that are accessed from the reader / writer 30. While the (domain) is variable, one or a few domains exist and operate. As a result, when a DoS or DDoS (Distributed DoS) attack is performed, the previous domain can be changed by changing the configuration so that another domain is used when accessed according to the regular procedure. As a dummy, it becomes possible to distribute the load caused by the DDoS attack.

  Specifically, as described above, for example, the IP address of the Web server 10 ′ and the Web server 60 ′ is not fixed, and a DDNS service is used for access. Further, the domain names of the Web server 10 ′ and the Web server 60 ′ are also variable, and the domain update server 60 controls the domain name change based on communication with the DDNS server 80. Further, the port numbers of the Web server 10 ′ and the Web server 60 ′ are also variable, and the domain update server 60 controls the setting change of the Web server 10 ′, the Web server 60 ′, and the router 70.

  In the reader / writer 30, a domain list 34, which is a list of domains that can be used by the Web server 60 'on the domain update server 60 side, is acquired and downloaded in advance. Among these, the Web server 60 ′ that exists and can be accessed is specified by sequentially searching and the domain update server 60 is accessed via the specified Web server 60 ′ before accessing the certificate authority 10. At this time, the domain name and port number information of the Web server 10 ′ on the certificate authority 10 side is acquired as update information from the domain update server 60, and the certificate authority 10 is accessed via the Web server 10 ′ based on the contents. .

  As described above, by adopting the above-described configuration in which the IP addresses and domain names of the Web server 10 ′ and the Web server 60 ′ are variable, it is possible to prevent the authenticity determination service from being disabled due to a DoS or DDoS attack. .

[Flow of processing to access the certificate authority]
FIG. 5 is a flowchart showing an outline of an example of a processing flow when the reader / writer 30 that has read the information of the IC chip 40 attached to the article 2 accesses the certificate authority 10. The reader / writer 30 that has read the information of the IC chip 40 first refers to the domain list 34 held by itself, and starts loop processing for repeating the processing for each listed domain (S21).

  In the loop processing, the DNS server 80 is inquired for name resolution for the domain to be processed, that is, the domain candidate of the Web server 60 'on the domain update server 60 side (S22, S23). Thereafter, it is determined whether or not the name can be resolved (S24). If the name cannot be resolved, the process proceeds to the next domain (S25 and S21). If the name can be resolved, the loop process is terminated, and domain update information is requested from the domain update server 60 via the Web server 60 'of the domain that has been resolved (S26). In the domain update server 60 that has received the request, the update information response unit 61 responds with information on the domain and port number of the current Web server 10 ′ on the certificate authority 10 side set in the domain / port information 63 (S27). ).

  Thereafter, the reader / writer 30 reads the information of the IC chip 40 attached to the target article 2 for authenticity determination by the user's operation (S28). This process is the same as steps S01 and S02 in the example of FIG. 3 of the first embodiment. Thereafter, in order to transmit an authentication request to the certificate authority 10, the domain information acquired in steps S26 and S27 is inquired to the DDNS server 80 for name resolution, and the IP address of the Web server 10 ′ is acquired (S20). , S30). Thus, based on the IP address acquired in steps S29 and S30 and the port number information acquired in steps S26 and S27, the active Web server 10 ′ is accessed and the certificate authority 10 is accessed via this. Authentication processing can be performed (S31, S32). This authentication process is the same as the series of processes after step S03 in FIG. 3 of the first embodiment.

  In such a configuration, for example, an unauthorized third party prepares a PC (Personal Computer) or the like that holds the same data as the reader / writer 30, and performs a large amount of continuous access from the same terminal by program processing. An attack may be made. In this embodiment, in such a case, it is possible to block unauthorized mass access by setting the router 70. For example, it is possible to avoid a DoS attack by setting to block continuous access of the same packet from the same terminal or to block access from other than the mobile phone terminal.

  On the other hand, for example, a large number of smart phones infected with a computer virus make a large amount of continuous access to the certificate authority 10 (Web server 10 ′) and the domain update server 60 (Web server 60 ′) in a distributed manner. When a DDoS attack is performed, it cannot be handled by the block at the router 70 as described above. In the present embodiment, in order to cope with this, access by the DDoS attack is separated by dynamically changing the domain, IP address, port number, etc. of the Web server 10 ′ or the Web server 60 ′ to be accessed. It is possible to continuously provide services to other users.

[Flow of processing to avoid DDoS attack against certificate authority]
FIG. 6 is a diagram showing an outline of an example of a flow of processing for avoiding a DDoS attack on the Web server 10 ′ on the certificate authority 10 side. In response to a DDoS attack (S41) from a large number of infected terminals 30 ′ such as smartphones infected with computer viruses, the certificate authority 10 and the Web server 10 ′ are executing a large amount of processing (S42). In order to avoid this, in the domain update server 60, the Web server 10 on the certificate authority 10 side set in the domain / port information 63 is automatically or manually triggered by the detection of the DDoS attack by the domain update unit 62. The domain and the port number of 'are updated to those of another or changed Web server 10' (S43), and the setting of the DDNS server 80 is changed (S44). Furthermore, the setting is changed so that the changed port number is opened for the router 70 (S45).

  As a result, the attack from the infected terminal 30 ′ that has been performing the DDoS attack until now is not delivered because the domain, IP address, and port number of the certificate authority 10 and the Web server 10 ′ have been changed, and the attack is invalid. Become.

  On the other hand, the reader / writer 30 accesses the Web server 10 ′ (and the certificate authority 10) whose domain, port number, etc. are updated as usual by the same process as the process shown in FIG. Is possible. Here, first, a process of acquiring update information such as a domain and a port number from the domain update server 60 is performed (S47, S48). Here, information such as the domain and port number set in steps S43 to S45 is obtained. This process corresponds to a series of processes in steps S21 to S27 in the example of FIG.

  Thereafter, the information of the IC chip 40 is read (S49), and the name resolution of the Web server 10 'on the certificate authority 10 side is further performed with respect to the DDNS server 80 (S50, S51). Information such as the IP address obtained here is information such as the IP address set in step S44. Thereafter, based on the acquired information, the updated web server 10 '(and the certificate authority 10) is accessed to perform authentication processing (S52, S53). Note that the processing in steps S49 to S53 is the same as the processing in steps S28 to S32 in the example of FIG.

  By such processing, the domain, IP address, port number, etc. of the Web server 10 ′ on the certificate authority 10 side are changed, and the domain / port information 63 is updated in the domain update server 60 according to this, and the DDNS server 80 is further updated. Change your registration. As a result, it is possible to continue providing services to requests from the legitimate reader / writer 30 while avoiding a DDoS attack on the certificate authority 10 and the Web server 10 ′.

[Flow of processing to avoid DDoS attack against domain update server]
Unlike the example of FIG. 6 described above, for example, a large number of smartphones infected with a computer virus make a large amount of continuous access to the Web server 60 ′ and the domain update server 60 on the domain update server 60 side in a distributed manner. If the DDoS attack is performed, it cannot be avoided by the technique as in the example of FIG. In contrast, in the present embodiment, the domain update server 60 and the Web server 60 ′ are primarily enhanced by increasing the processing capabilities of the hardware, but the domain and IP address of the Web server 60 ′ are changed. It can also be changed dynamically.

  FIG. 7 is a diagram showing an outline of an example of a flow of processing for avoiding a DDoS attack on the Web server 60 ′ on the domain update server 60 side. In response to a DDoS attack (S61) from an infected terminal 30 ′ such as a smartphone infected with a computer virus, the domain update server 60 and the Web server 60 ′ are performing a large amount of processing (S62) to avoid this. In order to do this, first, the processing capabilities of the domain update server 60 and the Web server 60 ′ are increased in terms of hardware (S63). Since the processing in the domain update server 60 is a light process of simply responding with a domain name and a port number as information related to the certificate authority 10, it is often considered that it can be handled simply by increasing the processing capacity. Because it is.

  On the other hand, in the case where the high load state is not resolved, for example, the domain and IP address set in the Web server 60 ′ on the domain update server 60 side are changed separately, for example, manually. And the setting of the DDNS server 80 is changed (S64, S65).

  As a result, the attack from the infected terminal 30 ′ that has been performing the DDoS attack until now cannot be received because the domain, IP address, and port number of the domain update server 60 and the Web server 60 ′ have been changed, and the attack is invalid. It becomes. On the other hand, the reader / writer 30 accesses the Web server 60 ′ (and domain update server 60) whose domain and IP address have been updated in the same way as the process shown in FIG. 5 as described above. Update information can be acquired. Note that the series of processing in steps S67 to S73 is the same as the series of processing in steps S21 to S27 in the example of FIG.

  As described above, according to the authenticity determination system 1 according to the second embodiment of the present invention, the access information for the certificate authority 10 (and the Web server 10 ′) and the certificate authority 10 (and the Web server 10 ′) is obtained. The domain update server 60 (and Web server 60 ′) to be managed / updated is separated, and a name resolution is performed using the DDNS server 80 when accessing these Web servers. As a result, when the service is attacked by DoS, DDoS, etc., the domain, IP address, port number, etc. of the Web server 10 ′ or Web server 60 ′ are dynamically changed and registered in the DDNS server 80. By changing, it becomes possible to continue providing services while avoiding DoS and DDoS attacks, and the risk that authentication processing cannot be performed can be distributed.

  In the present embodiment, the domain, IP address, and port number of the Web server 10 'or Web server 60' are changed. However, only one of them may be changed according to the situation.

<Embodiment 3>
The mounting member for the IC chip 40 according to the third embodiment of the present invention is a mounting member for mounting the IC chip 40 to the article 2 in the configuration of the authenticity determination system 1 in the first and second embodiments. A specific example is shown. Basically, the method of attaching the IC chip 40 to the article 2 is not particularly limited, and various techniques such as attaching or embedding to the article 2 as long as communication with the reader / writer 30 is possible. Can be used as appropriate.

  However, the technique of embedding in the article 2 or attaching it integrally or fixedly may affect the design, material, manufacturing process, etc. of the article 2. Further, when the IC chip 40 is attached in a state where it can be easily taken out, the IC chip 40 may be decoded and reused during the distribution process.

  Therefore, the mounting member of the IC chip 40 in the present embodiment is, for example, embedded in the IC chip 40, processed into an elongated tape shape, and wound around and attached to the article 2. As a result, the IC chip 40 can be easily attached to the article 2 and the user of the service by the authenticity determination system 1 can easily grasp the position of the article 2 where the IC chip 40 is attached. It becomes.

  FIG. 8 is a diagram illustrating an outline of a configuration example of the mounting member of the IC chip 40 and a mounting example of the IC chip 40. In the upper diagram, an outline of a configuration example of the mounting member 90 is shown. The mounting member 90 is, for example, a thin tape-shaped member made of an insulating material that can be arbitrarily deformed and can be easily cut, such as paper or a resin film, and the IC chip 40 and the antenna 42 (coil-shaped portion) connected thereto. ) Is attached by a technique such as adhesion or pressure bonding so as to be positioned in the vicinity of both ends, and is configured as a member having an elongated tape, film, or thin film shape as a whole. At this time, so that the user can grasp the position of the antenna 42 necessary for communication with the reader / writer 30, the antenna 42 itself is transparently processed, or a mark or a marker is attached. It is desirable to keep it.

  The back surface of the mounting member 90 is coated with an adhesive or the like, and a release paper 44 is pasted thereon to form a seal, and the release paper 44 is peeled off to easily and stably attach to the article 2. The member 90 may be attached.

  In the lower diagram, an example of attaching the mounting member 90 to the article 2 is shown. As shown in the figure, for example, the attachment member 90 is attached to the articles 2 having various shapes so as to be wound and distributed in this state. In the example of FIG. 8, both ends of the mounting member 90 (the part where the IC chip 40 and the antenna 42 are located) are pasted together as a margin so that the antenna 42 part can be easily grasped, but this is not a limitation. The entire surface of the bonding surface (back surface) of the member 90 may be attached to the surface of the article 2.

  As shown in the drawing, when the mounting member 90 is wrapped around the article 2 and attached with an adhesive, in order for the consumer who purchased the target article 2 to use the article 2 in a normal usage, the tape-shaped It is necessary to break the mounting member 90 by cutting, breaking or the like, and accordingly, the function of the IC chip 40 embedded in the mounting member 90 is also broken. That is, the IC chip 40 and the antenna 42 are disconnected, and communication with the reader / writer 30 cannot be established. Accordingly, there is no fear that the IC chip 40 is reused in the sense that data cannot be read / written or authenticated, and the mounting member 90 has tamper resistance.

  To facilitate the destruction of the mounting member 90 and the IC chip 40 by the user, for example, as shown in the upper drawing of FIG. Two or more perforations 43 may be processed to facilitate cutting. As long as the mounting member 90 can be easily cut, not only perforations but also cuts or the like may be used.

  As described above, according to the mounting member 90 of the IC chip 40 according to the third embodiment of the present invention, the IC chip 40 is embedded and processed into an elongated tape shape, and the back surface is further processed into a seal shape. In addition to being able to be wrapped around the article 2 and easily attached, the user of the service by the authenticity determination system 1 can easily grasp where the IC chip 40 is attached to the article 2. is there. Further, since it is not necessary to embed the IC chip 40 in the article 2 or to attach it integrally or fixedly, the IC chip 40 can be attached without affecting the design, material, manufacturing process and the like of the article 2. Further, in order for a consumer who has purchased the article 2 to use the article 2 in a normal usage, it is necessary to destroy the mounting member 90, and the IC chip 40 is also destroyed accordingly. There is no fear that 40 will be reused.

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiments. However, the present invention is not limited to the above-described embodiments, and various modifications can be made without departing from the scope of the invention. Needless to say. For example, the above-described embodiment has been described in detail for easy understanding of the present invention, and is not necessarily limited to the one having all the configurations described. Further, a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment. . In addition, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment.

  Each of the above-described configurations, functions, processing units, processing means, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit. Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor. Information such as programs, tables, and files for realizing each function can be stored in a recording device such as a memory, a hard disk, or an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.

  Moreover, in each said figure, the control line and the information line have shown what is considered necessary for description, and do not necessarily show all the control lines and information lines on mounting. Actually, it may be considered that almost all the components are connected to each other.

  INDUSTRIAL APPLICABILITY The present invention can be used for an authentication system, an authentication method, and an IC chip mounting member for attaching an IC chip to an article by reading an IC chip attached to the article and determining the authenticity.

1 ... Authenticity determination system, 2 ... Goods,
DESCRIPTION OF SYMBOLS 10 ... Certification authority, 10 '... Web server, 11 ... Encryption key processing part, 12 ... Unique code processing part, 13 ... Encryption key table, 14 ... Unique code table,
20 ... Network,
30 ... Reader / writer, 30 '... Infected terminal, 31 ... Reading unit, 32 ... Authentication unit, 33 ... Application, 34 ... Domain list,
40 ... IC chip, 41 ... Memory, 41 '... Unremovable area, 41 "... Removable area, 42 ... Antenna, 43 ... Perforation, 44 ... Release paper,
51 ... Encryption key, 52 ... Unique code, 53 ... Authentication counter,
60 ... Domain update server, 60 '... Web server, 61 ... Update information response unit, 62 ... Domain update unit, 63 ... Domain / port information,
70 ... Router,
80 ... DDNS server,
90: A mounting member.

Claims (17)

An authenticity determination system that reads information recorded on an IC chip attached to an article by a reader / writer and determines authenticity based on the read information,
A unique code recorded on the IC chip and having a unique value for each IC chip is registered in a unique code holding unit, and the unique code holding unit is transmitted when the unique code is transmitted from the reader / writer. A certificate authority having a unique code processing unit for checking whether there is a match with the registered content of
The unique code holding unit of the certificate authority further holds a first variable value that is updated each time the collation is successful for each unique code,
The IC chip holds a second variable value that is updated each time the certificate authority succeeds in collating the unique code held by the IC chip.
The reader / writer reads the second variable value when reading the unique code from the IC chip, and transmits the read unique code and the second variable value together to the certificate authority,
The unique code processing unit of the certificate authority collates whether or not the unique code transmitted from the reader / writer has a match with the registered content of the unique code holding unit, and further, the reader / writer When the second variable value transmitted from the writer is collated with the first variable value corresponding to the unique code transmitted from the reader / writer held in the unique code holding unit and all match. And the first variable value is updated by a predetermined calculation, assuming that the verification for the unique code is successful only in
The reader / writer updates the second variable value held in the IC chip by the predetermined calculation when a response that the verification of the unique code is successful is transmitted from the certificate authority. , Authenticity judgment system. The authenticity determination system according to claim 1,
The certificate authority further generates an encryption key that is recorded on the IC chip and encrypts the unique code, registers the generated encryption key in an encryption key holding unit, and the reader / writer An encryption key processing unit that authenticates the encryption key read from the IC chip by a predetermined procedure based on the information of the encryption key registered in the encryption key holding unit;
The reader / writer authenticates the encryption key read from the IC chip attached to the article by the certificate authority via the network, and when a response indicating that the authentication is successful is transmitted from the certificate authority. Requesting the certificate authority to verify the unique code encrypted with the authenticated encryption key,
The authenticity determination system, wherein the unique code processing unit of the certificate authority decrypts and collates the unique code transmitted from the reader / writer with the authenticated encryption key registered in the encryption key holding unit. The authenticity determination system according to claim 1,
The authenticity determination system, wherein the unique code held by the IC chip is generated by the unique code processing unit of the certificate authority. The authenticity determination system according to claim 1,
The authenticity determination system, wherein the unique code held by the IC chip is a serial number set when the IC chip is manufactured. The authenticity determination system according to claim 1,
The unique code processing unit of the certificate authority corresponds to the second variable value transmitted from the reader / writer and the unique code transmitted from the reader / writer held in the unique code holding unit. An authenticity determination system that prohibits subsequent verification of the unique code transmitted from the reader / writer when the first variable value does not match. The authenticity determination system according to claim 1,
The first variable value is the number of successful verifications for each unique code by the unique code processing unit of the certificate authority, and the second variable value is the unique code held by the IC chip. The number of successful verifications at the certificate authority,
It said predetermined calculation is for adding 1 to the input value, authentication system. The authenticity determination system according to claim 2,
The encryption key processing unit of the certificate authority registers the expiration date information about the generated encryption key in the encryption key holding unit in association with the encryption key, and the reader / writer reads it from the IC chip An authenticity determination system that disables authentication of the encryption key when the expiration date of the encryption key has elapsed. The authenticity determination system according to claim 1,
Any one of the network devices provided between the reader / writer and the certificate authority blocks continuous access of the same packet from the same terminal and / or access from other than the mobile phone terminal to the certificate authority side An authentication system having a setting to perform. The authenticity determination system according to claim 1,
Further, it holds information on a first domain and a first port number for accessing a first Web server that provides an interface for accessing the certificate authority, and responds to a request from the reader / writer A domain update server having an update information response unit for responding to the information of the first domain and the first port number;
A dynamic DNS that manages the correspondence between domains and port numbers;
Have
The reader / writer acquires information on the first domain and the first port number from the domain update server in order to access the first Web server, and acquires the acquired first domain. , Performing name resolution by the dynamic DNS, obtaining information of a first IP address for accessing the first Web server, and obtaining the obtained first IP address and the first port number. An authenticity determination system that accesses the first Web server based on information. In the authenticity determination system according to claim 9 ,
The domain update server further changes the information of the first domain and / or the first port number held in a predetermined case, and registers the contents of the change with the dynamic DNS. An authenticity determination system having an update unit. In the authenticity determination system according to claim 9 ,
The reader / writer has a domain list composed of a second domain for accessing a second Web server that provides an interface for accessing the domain update server and a list of things that can be used as a second port number. An authentication system for accessing the second Web server by using a second domain candidate that has been stored and registered in the list and whose name has been resolved by the dynamic DNS. The authenticity determination system according to claim 1,
The authentication / determination system, wherein the reader / writer is a smartphone capable of reading and writing the IC chip by a short-range wireless communication function. The authenticity determination system according to claim 2,
The authenticity determination system in which the unique code and the encryption key recorded in the IC chip are recorded in an encryption area in a memory of the IC chip. An IC chip mounting member for attaching the IC chip to the article in the authenticity determination system according to claim 1,
An IC chip mounting member in which the IC chip and an antenna portion connected to the IC chip are arranged in the vicinity of both ends of a member made of an insulating material processed into a tape shape that can be arbitrarily deformed. In the IC chip mounting member according to claim 14 ,
An IC chip mounting member, wherein one or more perforations or cuts are made at predetermined intervals in the width direction in the member processed into a tape shape. In the IC chip mounting member according to claim 14 ,
An IC chip mounting member, wherein a pressure-sensitive adhesive is applied to one surface of the member processed into a tape shape, and a release paper is attached so as to cover the applied pressure-sensitive adhesive. An authentication method for reading information recorded on an IC chip attached to an article by a reader / writer and determining authenticity based on the read information,
The certificate authority generates a unique code that is recorded on the IC chip and is a unique value for each IC chip, and the generated unique code and the corresponding first variable value are stored in the unique code holding unit. A process to register;
The reader / writer transmitting the unique code read from the IC chip attached to the article and a second variable value corresponding to the unique code to the certification authority via a network;
When the certificate authority transmits the unique code and the second variable value from the reader / writer, the registered content of the unique code holding unit matches the unique code transmitted from the reader / writer. The second variable value transmitted from the reader / writer is held in the unique code holding unit, and the unique code transmitted from the reader / writer is stored in the unique code holding unit. Collating with the corresponding first variable value, and updating the first variable value by a predetermined calculation, assuming that the collation for the unique code is successful only when all match,
The reader / writer updates the second variable value held in the IC chip by the predetermined calculation when a response indicating that the verification of the unique code is successful is transmitted from the certificate authority. A method for determining authenticity.