KR101619290B1 - Method and ic tag for prevention of forgery of documents - Google Patents

Method and ic tag for prevention of forgery of documents Download PDF

Info

Publication number
KR101619290B1
KR101619290B1 KR1020150065809A KR20150065809A KR101619290B1 KR 101619290 B1 KR101619290 B1 KR 101619290B1 KR 1020150065809 A KR1020150065809 A KR 1020150065809A KR 20150065809 A KR20150065809 A KR 20150065809A KR 101619290 B1 KR101619290 B1 KR 101619290B1
Authority
KR
South Korea
Prior art keywords
tag
document information
authentication
information
server
Prior art date
Application number
KR1020150065809A
Other languages
Korean (ko)
Inventor
이윤상
한상엽
문찬일
Original Assignee
유비벨록스(주)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 유비벨록스(주) filed Critical 유비벨록스(주)
Priority to KR1020150065809A priority Critical patent/KR101619290B1/en
Application granted granted Critical
Publication of KR101619290B1 publication Critical patent/KR101619290B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B42BOOKBINDING; ALBUMS; FILES; SPECIAL PRINTED MATTER
    • B42DBOOKS; BOOK COVERS; LOOSE LEAVES; PRINTED MATTER CHARACTERISED BY IDENTIFICATION OR SECURITY FEATURES; PRINTED MATTER OF SPECIAL FORMAT OR STYLE NOT OTHERWISE PROVIDED FOR; DEVICES FOR USE THEREWITH AND NOT OTHERWISE PROVIDED FOR; MOVABLE-STRIP WRITING OR READING APPARATUS
    • B42D25/00Information-bearing cards or sheet-like structures characterised by identification or security features; Manufacture thereof
    • B42D25/20Information-bearing cards or sheet-like structures characterised by identification or security features; Manufacture thereof characterised by a particular use or purpose
    • B42D25/22Information-bearing cards or sheet-like structures characterised by identification or security features; Manufacture thereof characterised by a particular use or purpose for use in combination with accessories specially adapted for information-bearing cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K19/00Record carriers for use with machines and with at least a part designed to carry digital markings
    • G06K19/06Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
    • G06K19/067Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
    • G06K19/07Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
    • G06K19/073Special arrangements for circuits, e.g. for protecting identification code in memory
    • G06K19/07309Means for preventing undesired reading or writing from or onto record carriers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/26Government or public services
    • G06Q50/265Personal security, identity or safety

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Tourism & Hospitality (AREA)
  • Toxicology (AREA)
  • General Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Electromagnetism (AREA)
  • Development Economics (AREA)
  • Educational Administration (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Economics (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

A method of querying document information requiring authentication by an authentication server through a tag attached to a document or a wireless tag of a user terminal mounted on the document, the method comprising the steps of: (a) receiving a random number generated in real time from the tag; (b) encrypting the real-time random number with an encryption key of the authentication server; (c) transmitting the result of the encryption to the tag to confirm whether or not the tag matches the result of the encryption, thereby allowing the reader to authenticate the read right; (d) requesting document information for the tag; And (e) receiving document information from the tag.

Description

TECHNICAL FIELD The present invention relates to a method, a server, and a tag for preventing document forgery,

The present invention relates to a method and a tag for preventing document forgery, and more particularly, to a method and tag for preventing document forgery, and more particularly, A method for preventing forgery of a document, a user terminal, and a tag.

In the modern society, copying machines, scanners, printers, and other duplication devices become common, making it easier to counterfeit various documents. In addition, the rapid development of scanners, color printers and graphic tools is accelerating the easy and rapid forgery and alteration of documents requiring certification, such as certified test reports and certificates.

For example, in the case of an official test report of a quality inspection agency that inspects the quality of a product, it is necessary to delete or change the submission purpose, acceptance date, test date, or result value of the test report through forgery or alteration, Unfair delivery and miscellaneous accidents occurred due to normal supply, and the reliability of the product quality was lowered.

Various anti-counterfeiting technologies have been developed to cope with this.

Typically, in order to prevent the risk of document forgery, there is a technique for manufacturing a latent image hidden in the original by using an anti-falsification paper and copying the original paper to documents that need to be proved original, Therefore, when the original document is copied, a latent image indicating a copy may be displayed. In some cases, there is a problem that the anti-counterfeit function can not be guaranteed 100%.

In addition, there are anti-counterfeiting technologies such as watermark, but with the advent of these technologies, anti-counterfeiting technology has gradually evolved as well.

SUMMARY OF THE INVENTION The present invention has been made to solve the above problems of the prior art, and it is an object of the present invention to provide a method and system for storing a content of a document in an NFC tag to prevent forgery or tampering, To improve the transparency and accuracy of the user's trust, and to improve the reliability of the user.

Yet another object of the present invention is to enable efficient management of computerized information management of a wide range of documents by the anti-counterfeiting or authentication system through the NFC tag.

In addition, the present invention relates to a document information inquiry method that requires authentication to improve convenience of a user by allowing the user to immediately determine whether the authentication information matches the paper type document and only the NFC touch.

SUMMARY OF THE INVENTION The present invention has been made in order to solve the above-mentioned problems of the prior art, and it is an object of the present invention to provide an authentication server, A method of querying document information, comprising: (a) receiving a random number generated in real time from the tag; (b) encrypting the real-time random number with an encryption key of the authentication server; (c) transmitting the result of the encryption to the tag to confirm whether or not the tag matches the result of the encryption, thereby allowing the reader to authenticate the read right; (d) requesting document information for the tag; And (e) receiving document information from the tag.

The document information inquiry method requiring authentication may further include generating the encryption key using the read authentication key stored in the authentication server and the ID of the tag received from the tag before the step (a) .

Wherein the confirmation by the tag is performed by checking whether the result of encrypting the random number with the encryption key for reading and the result encrypted by the authentication server in the tag are matched.

The document information inquiry method requiring the authentication may further include decrypting the encrypted document information after step (d).

The method may further include transmitting the received document information to the user terminal.

Wherein the document information inquiry method requires the issuance server issuing the document information and receiving the document information from the server storing the document information and encrypting the document information before the step (a); Authenticating an authority to issue document information to the tag; Requesting storage of encrypted document information in the tag, and storing the encrypted document information in the tag; And recording the document information issuance history to the tag.

The issuing authority authentication step may include transmitting the result of encrypting the document information and the document information with the encryption key of the issuing server to the tag and comparing the result obtained by encrypting the document information with the encryption key for writing stored in the tag And a step of causing the authority authentication to be performed through the determination of coincidence.

According to another embodiment of the present invention, there is provided a document forgery prevention system for performing a document information inquiry function which requires authentication through a tag attached to a document or a wireless communication of a user terminal, A reading authorization unit for transmitting a result obtained by encrypting a random number using an encryption key to the tag and authenticating a reading right by checking whether the result is encrypted with the tag; An encrypted document information requesting unit for requesting document information to the tag; And an encrypted document information receiving unit for receiving document information from the tag.

And a document information decryption unit for decrypting the encrypted document information.

A document information encryption unit for receiving document information from a server storing document information and encrypting the document information; An issuing authority authenticating unit that authenticates an authority to issue document information to the tag; A document information tag storage requesting unit for requesting storage of encrypted document information in the tag and storing the encrypted document information in the tag; And an issuance history storage unit for recording the document information issuance history to the tag.

According to still another embodiment of the present invention, there is provided a wireless communication tag for preventing forgery of an authentication document, the wireless communication tag comprising: a write authorization unit for confirming a write authorization of an issuance server for inputting document information to a writing unit of the tag; A document information storage unit for storing document information received from the issuing server; A read right authentication unit for confirming a read right of an authentication server for inquiring the document information stored in the reading unit of the tag; A document information retrieval unit for retrieving document information by receiving a document information request from the authentication server; And a document information transmitting unit for transmitting the retrieved document information to the authentication server.

According to an embodiment of the present invention, since it is possible to immediately determine whether the authentication information is matched only through the paper type document and the NFC touch, convenience of the user can be improved.

Also, according to an embodiment of the present invention, by storing contents information of a document in an NFC tag, forgery or alteration is fundamentally blocked, thereby making it impossible to capture information through hacking. Therefore, transparency And improve the accuracy and the reliability of the user.

In addition, the computerized information management of a wide range of documents can be efficiently operated by the anti-counterfeiting or authentication system through the NFC tag.

It should be understood that the effects of the present invention are not limited to the above effects and include all effects that can be deduced from the detailed description of the present invention or the configuration of the invention described in the claims.

1 is a block diagram of a system for preventing forgery of a document through NFC touch according to an embodiment of the present invention.
FIG. 2 is a flowchart illustrating a procedure for issuing a test report, which is a method for preventing document forgery through NFC touch according to an embodiment of the present invention.
FIG. 3 is a flowchart illustrating a procedure for inquiring and authenticating a test report, which is a method for preventing document forgery through NFC touch according to an embodiment of the present invention.
4 is a block diagram illustrating a schematic configuration of an issuing server according to an embodiment of the present invention.
5 is a block diagram showing a schematic configuration of an authentication server according to an embodiment of the present invention.
6 is a block diagram showing a schematic configuration of an NFC tag according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, the present invention will be described with reference to the accompanying drawings. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, when a part is referred to as being "connected" to another part, it includes not only "directly connected" but also "indirectly connected" . Also, when an element is referred to as "comprising ", it means that it can include other elements, not excluding other elements unless specifically stated otherwise.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

Hereinafter, the process of issuing, inquiring, and authenticating test reports is described in detail as an embodiment of the present invention. However, the present invention can be applied to all documents requiring certification or certification, in addition to test reports.

1 is a block diagram of a system for preventing forgery of a document through NFC touch according to an embodiment of the present invention.

Referring to FIG. 1, a document counterfeiting prevention system using an NFC tag touch includes a user terminal 100, an issuer terminal 200, a test report server 300, an issuing server 400, an authentication server 500 and an NFC tag 600.

First, the communication network can be configured without regard to its communication mode such as wired and wireless. A local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), and the like. Preferably, the communication network according to one embodiment may be implemented as a WWW (World Wide Web).

The user terminal 100 and the issuer terminal 200 are connected to the issuing server 400 or the authentication server 500 through a network such as a mobile phone, a smart phone, a PDA (Personal Digital Assistant), a PMP (Portable Multimedia Player) And may include any type of handheld based wireless communication device capable of being connected to an external server of the NFC technology and capable of supporting NFC technology. In addition, an IPTV including a desktop PC, a tablet PC, a laptop PC, Likewise, it may include a communication device which can be connected to an external server such as the issuing server 400 or the authentication server 500 through a network, and which can support NFC technology. The NFC technique and the NFC tag touch will be described later. According to another embodiment of the present invention, the NFC function may be added to the user terminal 100 by attaching an external device to the user terminal 100, even if the user terminal 100 is not equipped with the NFC technology.

A user of the user terminal 100 according to an exemplary embodiment of the present invention may be a person or a person who desires to inquire and authenticate a test report and receives a product of a quality proved by the test report. The user can inquire and authenticate whether the test report is a normal document issued by a forged or unauthorized accredited certification authority so that the user can trust the quality certification of the product indicated by the test report. To this end, a test certificate authentication application may be installed in the user terminal 100. [

The test report authentication application may be a program module that can communicate with an external device, and may be included in the user terminal 100 or another device capable of communicating with the user terminal 100 in the form of an operating system, an application program module, and other program modules. And can be stored on a known storage device. Such program modules, on the other hand, encompass but are not limited to routines, subroutines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types as described below in accordance with the present invention.

The user terminal 100 can download the test report authentication application and install it in the memory. An application store provided by an application management server (not shown) can distribute various applications, and an operator server (not shown) that provides a test certificate authentication service to such an application store can register a test certificate authentication application.

The issuer terminal 200 can be attached to the paper document of the test report or by communicating with the NFC tag 600 so that the encrypted test report can be stored in the NFC tag 600 mounted in the document, And transmitting the information of the test report encrypted by the NFC tag 600 from the issuing server 400 to the issuing server 400. [

The test report server 300 can store and retain the result information by the testing or analysis of the certification authority. That is, the test report server 300 can store the contents described or described in the test report that the user terminal 100 wants to receive authentication from the test certificate.

According to an embodiment of the present invention, the result information by the testing or analysis of the certification authority stored in the test certificate server 300 may be information of the test certificate, which is transmitted to the test certificate server 300) to the issuing server (400). Accordingly, when the issuance server 400 attaches to the paper document or requests the storage of the test certificate information in the NFC tag 600 installed in the document, the information of the test certificate corresponding to the information described in the paper document And is stored in the NFC tag 600.

The issuing server 400 is a server that attaches to the paper document of the test report or issues the test report information to the NFC tag 600 mounted in the document. The issuing server 400 receives the test report information from the test report server 300 and issues the test report information to the NFC tag 600. Only when the server is authorized to access the test report server 300, ) To request test report information.

In addition, the issuing server 400 can request the NFC tag 600 to store the test report information only when the issuing server 400 is a server authorized to issue the test report to the NFC tag 600. Accordingly, before issuing the request to store the test report information, the test report issuing authority is authenticated. This may be accomplished through communication between the issuer terminal 200 and the NFC tag 600. It is possible to secure the security of the information described in the NFC tag 600 by imposing a right to write to the NFC tag 600 through the issuing authority authentication process.

The authentication server 500 is a server that performs inquiry and authentication of a test report and requests information of the test report stored in the NFC tag 600 through communication between the user terminal 100 and the NFC tag 600, When the encrypted test report information is received from the control unit 600, it can decode the test report information.

In order to perform the authentication process of the authentication server 500 to inquire and decrypt the test report information stored in the NFC tag 600, the server must be authorized to inquire the test report.

According to an embodiment of the present invention, even when the authentication server 500 having the access right to the specific NFC tag 600 has the access count greater than or equal to the threshold value, the authentication server 500 can block the access.

The NFC tag 600 may be implemented as a product such as a sticker or a card that can be interlocked with the user terminal 100 or the issuer terminal 200 used as a reader in short-range communication in the form of a chip and an antenna . According to one embodiment of the present invention, the NFC tag 600 is attached to the paper document of the test report or is mounted inside the document.

According to an embodiment of the present invention, the NFC tag 600 is preferably implemented as an IC chip. However, the present invention is not limited thereto, and it may be a chip capable of information storage and wireless communication such as a radio frequency identification (RFID).

Here, the IC chip is a chip having a microprocessor and a memory, and can store and process information in the IC chip, thereby minimizing the risk of forgery and providing various services. The microprocessor, memory, OS, and security algorithm are integrated in the IC chip, so information can be stored and processed. It is possible to perform various additional functions requiring storage of additional information because the storage capacity is higher, and the security problem can be improved.

In the case where the NFC tag 600 according to an embodiment of the present invention is implemented as an IC chip, the issuing authority authentication process of the issuing server 400 and the authentication algorithm of the authentication server 500, The security mechanism can be performed. The detailed security mechanism will be described in FIG. 2 and FIG.

When the NFC tag 600 is implemented as an IC chip, the IC chip is provided with a reading unit R (see FIG. 6) and a writing unit W (see FIG. 6). The test report reading unit (R) may store an encryption key for confirming the right to read information stored in the IC chip.

Meanwhile, in order to store the specific test report information in the IC chip, the test report information can be written in the writing unit W. To this end, an encryption key for confirming the access right is stored in the writing unit W .

Detailed functions of the reading unit R and the writing unit W as a specific configuration of the NFC tag 600 will be described later with reference to FIG.

According to the embodiment of the present invention, it is preferable that the NFC tag 600 is implemented as an IC chip, but the NFC tag 600 will be collectively described below for convenience of explanation.

The NFC tag 600 according to an exemplary embodiment of the present invention performs short-range communication with the user terminal 100. It is possible to install or execute the test certificate authentication application in the user terminal 100 through the short distance communication between the NFC tag 600 and the user terminal 100. [ The authentication server 500 and the NFC tag 600 can transmit and receive information through the intermediation of the user terminal 100 through the short distance communication between the NFC tag 600 and the user terminal 100. It is also possible to transmit and receive information between the issuing server 400 and the NFC tag 600 under the intermediation of the issuer terminal 200 through the short distance communication between the NFC tag 600 and the issuer terminal 200.

If the NFC tag 600 is disposed at a proximity of the user terminal 100 or the issuer terminal 200 having the NFC function, the user terminal 100 or the issuer terminal 200 and the NFC tag 600 ). For example, the user terminal 100 or the issuer terminal 200 performs close-range communication with the NFC tag 600 located in a predetermined area. When the NFC tag 600 is transmitted to the user terminal 100 or the issuer terminal 200, Communication between the user terminal 100 or the issuer terminal 200 and the NFC tag 600 can be performed.

Hereinafter, the proximity arrangement between the user terminal 100 or the issuer terminal 200 and the NFC tag 600, specifically, the direct contact and a distance between the issuer terminal 200 and the NFC tag 600 are expressed as "touch ".

2, the issuer terminal 200 and the NFC tag 600 are connected to the issuer terminal 200 and the NFC tag 600, respectively, The test report inquiry and authentication process performed by touching the test report will be described in detail in FIG.

2 is a flowchart illustrating a procedure for issuing a test report according to an embodiment of the present invention. 4 and 6 are block diagrams that functionally describe the internal configuration of the issuing server 400 and the NFC tag 600, respectively, according to an embodiment of the present invention.

Hereinafter, the test report issuing procedure according to the embodiment of the present invention will be described with reference to FIGS. 2, 4, and 6. FIG. .

The issuance procedure of the test report is issued by an organization that performs the quality certification test and transmits the test report information stored in the test report server 300 to the issuing server 400. The issuing server 400 receives the test report information from the test report paper document Or issuing the test report to the NFC tag 600 mounted inside the document so that the NFC tag 600 can store the test report.

The issuing server 400 must have access to the test report server 300 in order to request the test report server 300 to issue the test report information to be issued to the NFC tag 600. Accordingly, first, the issuing server 400 performs a procedure of confirming the access right to the test report server 300 by way of a login or the like (s201).

After the login, if the access right is confirmed, the test report information request unit 410 of the issuing server 400 requests the test report information to the test report server 300 (s202).

Upon receiving the request, the test report server 300 transmits the specific test report information to the issuing server 400, and receives the test report information from the test report information receiver 420 (s203).

In this case, according to one embodiment, the test report information received by the issuing server 400 may be displayed by the issuer terminal 200 associated with the issuing server 400.

Thereafter, the issuing server 400 can encrypt the received test report information (s204). According to one embodiment, the test report information encryption is performed using an encryption key embedded in the test report encrypting unit 430. [ The encryption key may be stored in a space within the test report encrypting unit 430 or the issuing server 400 except for this.

The issuing server 400 can issue the encrypted test report information to the NFC tag 600 by touching the issuer terminal 200 to the NFC tag 600, 400) and the issuance of test report information are sequentially performed.

In order to issue the test report information to the NFC tag 600, the issuing server 400 must first certify that the issuing authority is authorized (s205).

The information input to the NFC tag 600 is performed in the writing unit W of the NFC tag 600. When the information is input to the writing unit W, the input information is stored in the NFC tag. The NFC tag 600 is subjected to the issuing authority authentication process in order to prevent the unauthorized person from falsely inputting information into the NFC tag or altering the stored information to forge the test certificate information. The authentication authority unit 610 and the issuing authority authentication unit 440 of the issuing server 400. According to one embodiment, the issuing server 400 has an issuance authorization key embedded therein, and the issuance authorization authentication process can be performed using the issuance authorization key.

Also, according to an embodiment of the present invention, as a part of the issuing authority authentication process, the issuing server 400 may perform a write security mechanism for matching the encryption result of the test certificate information performed in step s204.

Hereinafter, the issuing authority authentication process of step s205 will be described in detail.

The writing unit W of the NFC tag 600 may be stored with an encryption key for writing in order to confirm whether or not the input information is information input from a person who has an input authority.

The issuing server 400 inputs to the NFC tag 600 an object to be input (hereinafter, referred to as a "write object") and an encryption result of a write object. In this encryption process, an encryption key embedded in the issuing server 400 is used. The encryption key embedded in the issuing server 400 may be the same as the encryption key for writing stored in the NFC tag 600, which may be shared in advance. The NFC tag 600 encrypts the write target input by the issuing server 400 with the encryption key for write that is stored in the NFC tag 600 itself and determines whether or not the encryption result is identical with the encryption result input by the issuing server 400. [

When the encryption result input by the issuing server 400 matches the encryption result by the encryption key for writing of the NFC tag 600, the write object can be input to and stored in the writing unit W in the NFC tag 600 .

According to the above security methods, the integrity of the writing unit W can be ensured such that access or modification can be performed only by the person to whom the information is applied.

After the issuing authority of step s205 is authenticated, the test certificate information tag storage requesting unit 450 of the issuing server 400 requests storage of the encrypted test certificate information in the NFC tag 600 (s206).

In response to the request for storing the test report information, the test report information storage unit 620 of the NFC tag 600 stores the encrypted test report information (s207). In addition, the test report information storage unit 620 transmits information indicating the completion of the storage to the issuing server 400 (s208).

The issuance history storage unit 460 of the issuance server 400 records the issuance details in accordance with receipt of the information in step s208 (s209).

It is possible to confirm whether the test report issued from the issuing server 400 is true or false by recording the issuance history by the issuing server 400. [

When the issuance procedure of the test report information is completed, the test report information stored in the NFC tag 600 can be inquired and authenticated.

3 is a flowchart illustrating an inquiry and authentication procedure of a test report according to an embodiment of the present invention. 5 is a block diagram for functionally describing the configuration of the authentication server 500 according to an embodiment of the present invention.

Hereinafter, a test report inquiry and authentication procedure according to an embodiment will be described with reference to FIGS. 3, 5, and 6. FIG.

A user who wants to inquire and authenticate a test report for confirming the quality of a product may touch the NFC tag 600 with the user terminal 100 to perform the following inquiry and authentication procedure.

First, when a touch occurs between the user terminal 100 and the NFC tag 600, the test report authentication application installed in the user terminal 100 can be automatically executed (s301).

If the test certificate authentication application is not installed in the user terminal 100, the test certificate authentication application may be connected to the application store at the first touch with the NFC tag 600 to download and install the test certificate authentication application. It is needless to say that connection to the application store, downloading and installation of the application may be performed according to the user's command input.

After the test report authentication application is executed, information transmission / reception between the NFC tag 600 and the authentication server 500 through the application of the user terminal 100 can be performed.

According to an embodiment, only the authentication server 500 having authority to inquire information stored in the NFC tag 600 (hereinafter, referred to as 'read authority') can perform inquiry about the test report information.

Therefore, the read right authentication unit 510 of the authentication server 500 and the read right authentication unit 630 of the NFC tag 600 can perform the read right authentication process (s302).

According to one embodiment, the authentication server 500 may have a built-in authentication key for reading. Each of the authentication servers 500 which inquire and authenticate the test report information may store different authentication key for reading. Therefore, only a person or a person having a reading right can perform the inquiry and authentication process of the test report.

For the security of the stored information, the reading part (R) of the NFC tag performs verification of the reading right through the reading encryption key so that only the authorized person can inquire the information stored in the NFC tag .

Specifically, if there is a touch between the user terminal 100 and the NFC tag 600, the ID of the NFC tag is transmitted through the test certificate authentication application to the authentication server 500). Upon receiving the ID, the authentication server 500 performs a specific algorithm using the ID and the authentication key for reading as a base value, and generates an encryption key as a result value.

In the NFC tag 600, a read encryption key used for the read permission can be stored. The read encryption key is generated through the read authentication key of the authentication server 500 having the ID of the NFC tag 600 and the read permission It is possible value. That is, the NFC tag 600 may store the same authentication key for reading as the encryption key generated by the authentication server 500 having the read authority.

The read right authenticator 630 in the read unit R of the NFC tag 600 generates a real time random number in step s302 and encrypts it with the read encryption key for itself to generate a result value. The encryption in this process is performed by the encryption algorithm stored in the NFC tag 600.

Meanwhile, the authentication server 500 encrypts the real-time random number received from the NFC tag 600 with the self-generated encryption key to generate a resultant value, and transmits it to the NFC tag 600 through the user terminal 100 do.

The read right authentication unit 630 of the NFC tag 600 matches the result value generated by itself and the result value received from the authentication server 500 to authenticate the read right for the test report information.

Since the encryption key generated by the authentication server 500 differs from the authentication key for reading stored in the NFC tag 600 in the case of the authentication server 500 having no read authority, Can not produce the same result as Therefore, only the authentication server 500 capable of generating the same encryption key as the read-only authentication server 500, i.e., the read-only authentication key stored in the NFC tag 600, can have read permission for the test report 500 .

If the test report reading right is authenticated, the encryption test report information requesting unit 520 of the authentication server 500 requests the test report information encrypted with the NFC tag 600 (s303).

The NFC tag 600 receiving the request retrieves the encrypted test report information from the encryption test report information searching unit 640 (s304).

The encryption test report information transmitting unit 650 of the NFC tag 600 transmits the retrieved test report information to the authentication server 500 (s305). The test report information can be encrypted during transmission.

The encryption test report receiving unit 530 of the authentication server 500 receives the encrypted test certificate information from the NFC tag 600 and the test report information decoding unit 540 of the authentication server 500 decrypts the received information (S306).

According to one embodiment, the decryption may be performed using a decryption key embedded in the authentication server 500. [

The authentication server 500 can transmit the decrypted test report information to the user terminal 100 (S307). The user terminal 100 receiving the received test certificate information can display the decrypted test report information, It is possible to check whether the forgery or falsification has occurred (s308).

Although the issuing server 400 and the authentication server 500 are described as being separate from each other, the authentication document issuing process of the issuing server 400 and the document inquiry and authentication procedures of the authentication server 500 may be performed by one server It may be all done.

It will be understood by those skilled in the art that the foregoing description of the present invention is for illustrative purposes only and that those of ordinary skill in the art can readily understand that various changes and modifications may be made without departing from the spirit or essential characteristics of the present invention. will be. It is therefore to be understood that the above-described embodiments are illustrative in all aspects and not restrictive. For example, each component described as a single entity may be distributed and implemented, and components described as being distributed may also be implemented in a combined form.

The scope of the present invention is defined by the appended claims, and all changes or modifications derived from the meaning and scope of the claims and their equivalents should be construed as being included within the scope of the present invention.

100: User terminal
200: Issuer terminal
300: Test report server
400: issuing server
410: Test report information request section
420: Test report information receiver
430: Test certificate information encryption unit
440: issuing authority authentication unit
450: Test report information request storage section
460: Issuance history storage unit
500: authentication server
510: Read right authentication unit
520: Encryption test report information request part
530: Encryption test report information receiver
540: Test report information decoding unit
600: NFC tag
610:
620: Encryption test report information storage unit
630:
640: Encryption test report information retrieval unit
650: Encryption test report information transmission unit

Claims (11)

A method for an authentication server to inquire document information requiring authentication through a tag attached to a document or a wireless communication of a user terminal,
(a) receiving a random number generated in real time from the tag;
(b) encrypting the real-time random number with an encryption key of the authentication server;
(c) transmitting the result of the encryption to the tag to confirm whether or not the tag matches the result of the encryption, thereby allowing the reader to authenticate the read right;
(d) requesting document information for the tag; And
(e) receiving document information from the tag.
The method according to claim 1,
Before the step (a)
Further comprising generating the encryption key using the read authentication key stored in the authentication server and the ID of the tag received from the tag.
The method according to claim 1,
Wherein the confirmation by the tag is performed by checking whether or not the result of encrypting the random number with the encryption key for reading in the tag matches the result encrypted by the authentication server.
The method according to claim 1,
After the step (d)
And decrypting the encrypted document information.
The method according to claim 1,
And transmitting the received document information to the user terminal.
The method according to claim 1,
Before the step (a)
An issuing server for issuing document information,
Receiving document information from a server storing document information and encrypting the document information;
Authenticating an authority to issue document information to the tag;
Requesting storage of encrypted document information in the tag, and storing the encrypted document information in the tag; And
And recording the document information issuance history to the tag.
The method according to claim 6,
Wherein the issuing authority authentication step comprises:
And a result obtained by encrypting the document information and the document information with the encryption key of the issuing server is transmitted to the tag to determine whether or not the result information is identical to a result value obtained by encrypting the document information with the encryption key for writing stored in the tag, The method comprising the steps of:
A document falsification prevention system for performing a document information inquiry function requiring authentication through a tag attached to a document or a wireless communication between a user terminal and a tag attached to the document,
A read right authentication unit for transmitting a result obtained by encrypting a random number received from the tag with an encryption key to the tag and authenticating a read right by checking whether the result is encrypted with the tag;
An encrypted document information requesting unit for requesting document information to the tag; And
And an encrypted document information receiving unit for receiving document information from the tag.
9. The method of claim 8,
Further comprising: a document information decryption unit for decrypting the document information received by the encrypted document information receiving unit.
9. The method of claim 8,
A document information encryption unit for receiving document information from a server storing document information and encrypting the document information;
An issuing authority authenticating unit that authenticates an authority to issue document information to the tag;
A document information tag storage requesting unit for requesting storage of encrypted document information in the tag and storing the encrypted document information in the tag; And
Further comprising: an issuance history storage section for storing a history of issuing document information to the tag.
A wireless communication tag for preventing forgery of an authentication document,
A writing authority authentication unit for confirming a writing authority of an issuing server for inputting document information in a writing unit of the tag;
A document information storage unit for storing document information received from the issuing server;
A read right authentication unit for confirming a read right of the authentication server to inquire the document information stored in the reading unit of the tag;
A document information retrieval unit for retrieving document information by receiving a document information request from the authentication server; And
And a document information transmitting unit for transmitting the retrieved document information to the authentication server.
KR1020150065809A 2015-05-12 2015-05-12 Method and ic tag for prevention of forgery of documents KR101619290B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150065809A KR101619290B1 (en) 2015-05-12 2015-05-12 Method and ic tag for prevention of forgery of documents

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150065809A KR101619290B1 (en) 2015-05-12 2015-05-12 Method and ic tag for prevention of forgery of documents

Publications (1)

Publication Number Publication Date
KR101619290B1 true KR101619290B1 (en) 2016-05-10

Family

ID=56021183

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150065809A KR101619290B1 (en) 2015-05-12 2015-05-12 Method and ic tag for prevention of forgery of documents

Country Status (1)

Country Link
KR (1) KR101619290B1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101869431B1 (en) * 2016-08-10 2018-06-20 박삼식 ID card using OID code and System and Method for Preventing forgery the same

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101869431B1 (en) * 2016-08-10 2018-06-20 박삼식 ID card using OID code and System and Method for Preventing forgery the same

Similar Documents

Publication Publication Date Title
CN101958795B (en) Key storage device, biometric authentication device, biometric authentication system, key management method, biometric authentication method
JP4360422B2 (en) Authentication information management system, authentication information management server, authentication information management method and program
US20080195858A1 (en) Method and Apparatus For Accessing an Electronic Device by a Data Terminal
JP2006246015A5 (en)
US20040044625A1 (en) Digital contents issuing system and digital contents issuing method
CN101989982A (en) Information processing apparatus, program, storage medium and information processing system
US20090315686A1 (en) Rfid tag using encrypted value
KR101812638B1 (en) Module, service server, system and method for authenticating genuine goods using secure element
KR102178179B1 (en) apparatus and user terminal for mobile identification
JP2009212731A (en) Card issuing system, card issuing server, and card issuing method, and program
JP2005196412A (en) Data communication device and memory management method for data communication device
JP5073312B2 (en) IC tag system
CN102222195B (en) E-book reading method and system
KR101619290B1 (en) Method and ic tag for prevention of forgery of documents
KR101285362B1 (en) Authentication system for electronic signature
KR100720738B1 (en) A method for providing secrecy, authentication and integrity of information to RFID tag
JP5167826B2 (en) Document management system, program, and medium using position information
KR20200013494A (en) System and Method for Identification Based on Finanace Card Possessed by User
KR20200022194A (en) System and Method for Identification Based on Finanace Card Possessed by User
JP5386860B2 (en) Payment system, payment processing apparatus, validity verification apparatus, validity verification request processing program, validity verification processing program, and validity verification method
JP2020052682A (en) Information processing apparatus, information processing method, program, and secure element
TWI850002B (en) Individual encrypted signature system and signing method thereof
JP2008022189A (en) Electronic application method using virtual storage medium
JP5133743B2 (en) Authentication system, authentication method, reader / writer, and program
EP3678872B1 (en) Document authentication using distributed ledger

Legal Events

Date Code Title Description
E701 Decision to grant or registration of patent right
GRNT Written decision to grant