KR20070006525A - System and method for assigning dynamic id to rfid tag, rfid tag, rfid terminal and recording medium - Google Patents

Abstract

A system and a method for assigning a dynamic ID to an RFID(Radio Frequency IDentification) tag, and the RFID tag, an RFID terminal, and a recording medium for the same are provided to safely assign/record ID information to the RFID tag with interconnection between the RFID tag and the RFID terminal through an encoding protocol using an encoding key and a key index. The RFID tag(100) generates a random number, encodes the random number by selecting the encoding key, and transmits the random number, the encoded random number, and the key index to the RFID terminal. The RFID terminal(300) encodes the received random number by extracting a security key matched with the received key index, and compares the encoded random number with the encoded random number received from the RFID tag. If both encoded random numbers are matched with each other, the RFID terminal extracts the ID information assigned to the RFID tag from storage media(330-335) and transmits the extracted ID information to the RFID tag. The RFID tag decodes the encoded ID information received from the RFID reader and stores the decoded ID information to a memory.

Description

System and Method for Assigning Dynamic ID to RFID Tag, RFID Tag, RFID Terminal and Recording Medium}

1 is a diagram illustrating a preferred functional configuration of an RFID tag for dynamic ID information allocation according to an embodiment of the present invention.

2 is a diagram illustrating a preferred memory structure of an RFID tag for dynamic ID information allocation according to an embodiment of the present invention.

3 is a diagram illustrating an RFID terminal structure for allocating dynamic ID information to an RFID tag according to an exemplary embodiment of the present invention.

4 illustrates a preferred embodiment of a storage medium 1 according to an embodiment of the present invention.

5 shows a preferred embodiment of a storage medium 2 according to one embodiment of the invention.

6 shows a preferred embodiment of a storage medium 3 according to an embodiment of the invention.

7 is a diagram illustrating a process of transferring a security key to the RFID terminal through a predetermined random number R in an RFID tag for dynamic ID information allocation according to an embodiment of the present invention.

8A and 8B illustrate a process of receiving a predetermined security key from an RFID terminal for dynamic ID information allocation according to an embodiment of the present invention.

9A and 9B illustrate a process of encrypting dynamic ID information through a predetermined security key and transmitting the same to an RFID tag in an RFID terminal according to an exemplary embodiment of the present invention.

10A and 10B illustrate a process of recording dynamic ID information received from an RFID terminal into a memory in an RFID tag according to an embodiment of the present invention.

11 is a diagram illustrating a process of storing and managing dynamic ID information stored in an RFID tag according to an embodiment of the present invention.

<Description of main parts of drawing>

100: RFID tag 110: memory unit

115: receiver 120: transmitter

135: random number generation unit 140: encryption unit

145: data generation unit 150: authentication unit

155: recording unit 200: dynamic ID information storage area

205: security key set 300: RFID terminal

330: storage medium (1) 335: storage medium (2)

340: storage medium (3) 345: receiving unit

350: encryption unit 355: transmission unit

360: authentication unit 365: storage unit

370: extraction (generation) 400: RFID reader

500: air interface

The present invention provides a RFID () tag having a storage area for storing predetermined dynamic ID information, having at least one security key and a key index associated with the memory, and having a memory for storing predetermined security protocol information. Based on the security key and the key index and / or security protocol through the mutual authentication process between the RFID tag and the RFID terminal, the predetermined ID information is dynamically allocated to the dynamic ID information storage area of the memory and recorded. The present invention provides a method and system for assigning a dynamic ID to an RFID tag, an RFID tag, an RFID terminal, and a recording medium therefor.

In general, RFID (Radio Frequency Identification) is composed of a radio chip capable of wireless transmission and reception and an antenna for radio frequency transmission and reception, RFID tag corresponding to a transponder (Transponder) for storing the ID information fixed to the radio chip as RFID tag information And an RFID reader having a power supply to the RFID tag through a predetermined radio frequency and receiving a predetermined signal transmitted from the RFID tag and a predetermined signal receiving module and / or RFID received from the RFID tag. At least one server (for example, an object name server (ONS)) including an RFID terminal for reading tag information and providing an information processing function corresponding to the RFID tag information in association with the RFID terminal through a predetermined network. / OIS (Object Information Server).

However, in the case of a conventional RFID tag that stores fixed ID information as RFID tag information, at least one or more unspecified multiple RFID terminals sharing a predetermined air interface with the RFID tag may be used for tracking the location of the RFID tag. Problems such as compromised security and / or invasion of personal privacy, such as to identify movement paths, are included.

When the RFID tag is produced (or attaches an RFID tag to a predetermined product), the RFID tag is given a unique ID as RFID tag information and used for its lifetime, and / or write once read many RFID tag having a memory of type) and at least one writeable memory (WROM and / or Write Many (WM) type of memory), which records predetermined ID information as RFID tag information and reuses the RFID tag. It is made to include.

However, in a conventional RFID tag having a WORM / WM memory, all kinds of RFID terminals capable of transmitting and receiving radio frequency with the RFID tag can record predetermined tag information in the memory, thereby unspecified multiple RFIDs. The terminal includes a serious security problem of deleting / damaging / changing ID information recorded in the RFID tag.

The present invention has been made to solve the above problems, and has a storage area for storing predetermined dynamic ID information, stores at least one security key and key index in association with each other, and stores predetermined security protocol information. In a RFID tag having a memory, when a broadcast signal is received from a predetermined RFID terminal, a predetermined random number (R) is generated from the RFID tag to select a predetermined security key from at least one security key stored in the RFID tag. When the random number is encrypted and transmitted to the RFID terminal, the RFID terminal extracts a security key corresponding to the received key index from the predetermined storage medium to encrypt the received random number R to encrypt the RFID tag. By comparing the received random number (ER) encrypted and received in the, to the random number (ER) encrypted and received in the RFID tag After authenticating the validity, the RFID terminal extracts (or generates) predetermined ID information to be assigned to the RFID tag from a predetermined storage medium in response to the authentication result, and generates a predetermined authentication value M1 '. When the ID information is encrypted and transmitted to the RFID tag, an authentication value M1 corresponding to the encrypted ID information is generated in the RFID tag, and the validity of the encrypted ID information is authenticated. A method and system for assigning a dynamic ID to an RFID tag, an RFID tag, an RFID terminal, and a recording medium for decoding the ID information from the RFID tag and recording the ID information in the dynamic ID information storage area. .

In the present invention, the method for allocating a dynamic ID includes: generating a predetermined random number R from an RFID tag; Encrypting the random number by selecting a predetermined security key from at least one security key previously stored in a memory unit in the RFID tag; Transmitting the random number (R), an encrypted random number (ER), and a key index from the RFID tag to an RFID terminal; Encrypting the received random number R by extracting a security key corresponding to the received key index from a predetermined storage medium in the RFID terminal; Comparing the encrypted random number (ER) and the encrypted random number (ER) received from the RFID tag at the RFID terminal; Extracting (or generating) predetermined ID information to be assigned to the RFID tag from a predetermined storage medium in the RFID terminal when the comparison result is matched; Generating a predetermined authentication value (M1 ') from the extracted (or generated) ID information in the RFID terminal, and encrypting the ID information; the encrypted ID information and the authentication value (M1') in the RFID terminal. Transmitting to the RFID tag, generating an authentication value M1 corresponding to the encrypted ID information in the RFID tag, comparing the received authentication value with M1 ', and if the comparison result is identical, Storing the decrypted ID information in the RFID tag in the memory unit.

According to an embodiment of the present invention, the dynamic ID allocation method may include generating an authentication value M2 corresponding to ID information stored in the memory unit in the RFID tag; Transmitting the generated authentication value (M2) in the RFID tag to the RFID terminal; Generating, at the RFID terminal, a predetermined authentication value M2 'corresponding to the ID information, and authenticating the validity of the ID information by comparing with the authentication value M2 received from the RFID tag; And if the validity of the ID information is verified, storing the ID information assigned to the RFID tag in a predetermined storage medium by the RFID terminal.

According to the present invention, the recording medium provided in the RFID tag and / or the RFID terminal records a predetermined program for executing the dynamic ID allocation method as described above.

In the present invention, the dynamic ID allocation system generates a predetermined random number (R), selects a predetermined security key to encrypt the random number, and converts the random number (R), the encrypted random number (ER), and the key index to an RFID terminal. Transmitting an RFID tag; Extracts a security key corresponding to the received key index from a storage medium to encrypt the received random number R, and encrypts the encrypted random number ER and the random number ER encrypted from the RFID tag. An RFID terminal which compares (or generates) predetermined ID information to be assigned to the RFID tag from a predetermined storage medium and transmits the extracted (or generated) ID information to the RFID tag if the comparison result is matched. And the RFID tag decrypts the encrypted ID information transmitted from the RFID terminal and stores the decrypted ID information in a predetermined memory.

According to an embodiment of the present invention, it is preferable that the RFID terminal generates a predetermined authentication value M1 'from the extracted (or generated) ID information, and further transmits the authentication value M1' to the RFID tag. Preferably, the RFID tag generates an authentication value M1 corresponding to the encrypted ID information, and authenticates the validity of the ID information in comparison with the authentication value M1 'transmitted by the RFID terminal. According to another exemplary embodiment, the RFID tag may generate an authentication value M2 corresponding to ID information stored in the memory, and transmit the generated authentication value M2 to the RFID terminal. The terminal preferably generates a predetermined authentication value M2 'corresponding to the ID information, and compares the authentication value M2 received from the RFID tag to authenticate the validity of the ID information.

According to the exemplary embodiment of the present invention, the RFID terminal preferably stores ID information provided to the RFID tag in a predetermined storage medium.

According to an embodiment of the present invention, an RFID tag to which dynamic ID information is assigned includes a memory unit having a storage area for storing dynamic ID information and storing at least one security key in association with a key index; A random number generator for generating a predetermined random number (R) when a broadcast signal is received from the RFID terminal; An encryption unit for encrypting the generated random number by selecting a predetermined security key from at least one security key stored in the memory unit; A transmitter for transmitting a key index corresponding to the random number (R), an encrypted random number (ER), and a security key to the RFID terminal; The RFID terminal checks the validity of the encrypted random number using a key that matches the key index, encrypts an ID to be assigned to the RFID tag (EID), and generates and transmits an authentication value M1 'accordingly. If, the receiving unit for receiving it; And a recording unit for decrypting the received encrypted ID, verifying the authentication value M1, and recording the encrypted ID in the memory unit.

According to an embodiment of the present invention, the RFID tag generates a predetermined authentication value M1 corresponding to the ID information, and compares the received authentication value M1 'with the generated authentication value M1. It is preferable to further comprise an authentication unit for authenticating the validity of the ID information.

According to an embodiment of the present invention, the authentication value M1 and / or the authentication value M1 may be a data block generated by reading upper N (1 <N <dynamic tag information length) bytes of the encrypted ID information; Or a data block generated by reading the lower N (1 <N <dynamic tag information length) bytes of the encrypted ID information, or N after offsetting M (1 <M <dynamic tag information length) bytes of the encrypted ID information. (1 <N <(dynamic tag information length-M)) of a data block generated by reading a byte, or a data block generated by applying a predetermined one-way hash function to the encrypted ID information, or of the decrypted ID information. A data block generated by reading an upper N (1 <N <dynamic tag information length) byte, or a data block generated by reading a lower N (1 <N <dynamic tag information length) byte of the decoded ID information; M (1 <M <dynamic tag) of the decoded ID information Information block) A data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes after byte offset, or a data block generated by applying a predetermined one-way hash function to the decoded ID information. It is preferable to comprise at least one or more.

According to the exemplary embodiment of the present invention, the RFID tag may further include a data generation unit for generating a predetermined authentication value M2 from ID information recorded in the memory unit, wherein the transmission unit generates the authentication value. It is preferable to transmit M2 to the RFID terminal.

According to an embodiment of the present invention, the authentication value M2 is a data block generated by reading the upper N (1 <N <dynamic tag information length) bytes of the encrypted ID information, or the lower N of the encrypted ID information. (1 <N <dynamic tag information length) A data block generated by reading bytes, or N (1 <N <(dynamic tag information) after M (1 <M <dynamic tag information length) bytes offset of the encrypted ID information Length-M)) a data block generated by reading a byte, or a data block generated by applying a predetermined one-way hash function to the encrypted ID information, or upper N (1 <N <dynamic tag) of the decrypted ID information. Information length) a data block generated by reading a byte, or a data block generated by reading a lower N (1 <N <dynamic tag information length) byte of the decoded ID information, or M (1) of the decoded ID information. <M <Dynamic tag information length) byte offset At least one data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes or at least one data block generated by applying a predetermined one-way hash function to the decoded ID information. It is preferable to make it.

According to an embodiment of the present invention, the memory unit preferably further stores predetermined security protocol information, wherein the security protocol information includes encryption logic and / or encryption parameters for encrypting the generated random number through the security key. And / or at least one predetermined decryption logic and / or decryption parameter for decrypting the encrypted ID information.

According to the invention, the recording medium provided in the RFID tag is characterized in that for recording a program for executing the function of the RFID tag configuration unit.

In the present invention, the RFID terminal includes a storage medium (1) for storing at least one security key and key index in association with; A receiving unit for receiving a random index (R), an encrypted random number (ER), and a key index corresponding to a security key from an RFID tag; From the storage medium 1, check whether there is a security key that matches the key index, extract the matching security key, encrypt the received random number R, and compare it with the encrypted received random number ER. Authentication unit for authenticating the validity of the random number (R); An extraction (generation) unit for extracting (or generating) predetermined ID information to be assigned to the RFID tag from a predetermined storage medium 2 when the validity of the random number R is authenticated; An encryption unit which generates a predetermined authentication value M1 'corresponding to the ID information and encrypts the ID information; And a transmission unit for transmitting the encrypted ID information and the authentication value M1 to the RFID tag.

According to an embodiment of the present invention, the authentication value M1 'is a data block generated by reading upper N (1 <N <ID information length) bytes of the encrypted ID information, or lower N ( Data block generated by reading 1 <N <ID information length) bytes, or M (1 <M <ID information length byte offset after N <1 <N <(ID information length-M)) of the encrypted ID information A data block generated by reading a byte, or a data block generated by applying a predetermined one-way hash function to the encrypted ID information, or upper N (1 <N <ID information length) bytes of the unencrypted ID information. A data block generated by reading, or a data block generated by reading lower N (1 <N <ID information length) bytes of the unencrypted ID information, or M (1 <M <ID) of the unencrypted ID information. Read N (1 <N <(ID information length-M)) bytes after offset of information length bytes It comprises more than generated data block, or at least one data block that is generated by applying a predetermined one-way hash function to the non-encrypted ID information is preferred.

According to an embodiment of the present invention, it is preferable that the receiving unit further receives a predetermined authentication value M2 from the RFID tag.

In addition, when the authentication value M2 is generated from the encrypted ID information, the authentication unit may generate the authentication value M2 'from the encrypted ID information and compare it with the authentication value M2. When the authentication value M2 is generated from the decrypted ID information, the authentication value M2 'may be generated from the unencrypted ID information and compared with the authentication value M2. The value M2 and / or the authentication value M2 'are data blocks generated by reading the upper N (1 <N <ID information length) bytes of the encrypted ID information, or the lower N ( Data block generated by reading 1 <N <ID information length) bytes, or M (1 <M <ID information length byte offset after N <1 <N <(ID information length-M)) of the encrypted ID information A data block generated by reading a byte, or a predetermined one-way hash on the encrypted ID information. A data block generated by applying a number, or a data block generated by reading upper N (1 <N <ID information length) bytes of the decoded ID information, or lower N (1 <N <<) of the decoded ID information. A data block generated by reading an ID information length byte, or N (1 <N <(ID information length-M)) bytes of the decoded ID information after M (1 <M <ID information length byte offset). Preferably, the data block includes at least one data block generated or at least one data block generated by applying a predetermined one-way hash function to the decoded ID information.

According to the embodiment of the present invention, it is preferable that the RFID terminal further comprises a storage unit for storing the ID information provided to the RFID tag in a predetermined storage medium (3).

According to the method of the present invention, the storage medium 1 and / or the storage medium 2 and / or the storage medium 3 may be made of the same storage medium, or may be made of storage mediums which are separately divided. All are possible and can be provided in the RFID terminal and / or on the network.

According to the invention, the recording medium provided in the RFID terminal is characterized in that for recording a program for executing the function of the RFID terminal component.

Hereinafter, with reference to the accompanying drawings and description will be described in detail the operating principle of the preferred embodiment of the present invention. However, the drawings and the following description shown below are for the preferred method among various methods for effectively explaining the features of the present invention, the present invention is not limited only to the drawings and description below. In addition, in the following description of the present invention, if it is determined that a detailed description of a related known function or configuration may unnecessarily obscure the subject matter of the present invention, the detailed description thereof will be omitted. Terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to intentions or customs of users or operators. Therefore, the definition should be based on the contents throughout the present title.

In addition, preferred embodiments of the present invention to be carried out below are provided in each system functional configuration to efficiently describe the technical components constituting the present invention, or system functions that are commonly provided in the technical field to which the present invention belongs. The configuration will be omitted, and described mainly on the functional configuration to be additionally provided for the present invention. If those skilled in the art to which the present invention pertains, it will be able to easily understand the function of the components that are conventionally used among the omitted functional configuration not shown below, and also the configuration omitted as described above The relationship between the elements and the components added for the present invention will also be clearly understood.

In addition, the preferred embodiment of the present invention carried out below to the RFID (1) and / or storage medium (2) and / or storage medium (3) to effectively describe the technical components constituting the present invention the RFID Although described as being provided in the terminal, those skilled in the art to which the present invention pertains, the functional configuration and / or storage medium (1) and / or storage medium (2) and / / provided in the RFID terminal Alternatively, it will be apparent that the storage medium 3 may be separately provided in at least two or more devices (or servers) interworking through a predetermined network and / or communication means according to the intention of the person skilled in the art to carry out the present invention. .

As a result, the technical spirit of the present invention is determined by the claims, and the following examples are one means for efficiently explaining the technical spirit of the present invention to those skilled in the art to which the present invention pertains. It is only.

1 is a view showing a preferred functional configuration of the RFID tag 100 for dynamic ID information allocation according to an embodiment of the present invention.

In general, the RFID tag 100 includes an MCU (MicroController Unit) block including a predetermined logic element (and / or arithmetic element) and a memory element, and an AFE (Analog Front End) block having a predetermined RF function. An IC chip including an RF chip-based RFID tag 100 and an IC chip and an antenna circuit in the form of a large scale integrated circuit (LSI) and / or a medium scale integrated circuit (MSI) and / or a small scale integrated circuit (SSI). A RFID tag 100 including the base RFID tag 100 and the like, and the functional configuration of the RFID tag 100 shown in FIG. 1 illustrates a preferred RFID structure including the RFID tag 100, and assigns the present dynamic ID information. It will be appreciated that the functional configuration of the tag 100 is not limited to the case of FIG.

Referring to FIG. 1 according to a preferred embodiment of the present invention, the RFID tag 100 which allocates dynamic ID information transmits and receives (or an energy source (power source)) a radio frequency signal of a predetermined frequency band with the RFID reader 400. The antenna unit 130 serving to receive the signal, a receiver 115 converting the radio frequency signal received from the antenna unit 130 into a digital signal, and providing the converted signal to the controller 105; and the controller 105 And a transmitter 120 for converting a digital signal provided from the receiver into a predetermined radio frequency signal, and controlling the overall function of the RFID tag 100, and reading and corresponding digital signals received through the receiver 115. The control unit 105 controls a unique function of the RFID tag 100 by generating a signal or extracting predetermined information from the memory unit 110, and includes a predetermined tag structure including a predefined memory structure. And a memory unit 110 having a storage area for storing the data and / or a storage area for storing tag information transmitted and received from the RFID reader 400, and in the case of the passive RFID tag 100, The power supply unit 125 generates a predetermined power having a predetermined voltage value from the radio frequency signal received through the antenna unit 130, or, in the case of the active RFID tag 100, includes a power supply unit 125 that charges and stores the predetermined power.

The antenna unit 130 when the RFID tag 100 enters (or close to the radio frequency field) the radio frequency field of the predetermined RFID reader 400 provided in the RFID terminal 300. Receiving a signal including a predetermined activation signal and / or information (or data) through a radio frequency signal transmitted from the RFID reader 400 and providing (or applying) the signal to the receiver 115, or the wireless Characterized in that it transmits a signal containing a predetermined response signal and / or information (or data) to the RFID reader 400 via a frequency signal.

According to the exemplary embodiment of the present invention, when the RFID reader 400 is a passive type, the antenna unit 130 may include energy (eg, analog of radio frequency) included in a radio frequency signal transmitted from the RFID reader 400. Signal) to the power supply unit 125 to supply a predetermined energy source (or power source) required for the RFID tag 100 to operate.

In the case of the passive RFID tag 100, the power supply unit 125 corresponds to an energy field around the RFID reader 400 using an analog signal of a radio frequency provided (or applied) through the antenna unit 130. Generating a predetermined power supply to the receiver 115, the transmitter 120, and the controller 105 provided in the RFID tag 100, wherein the power supply 125 generates the power. Magnetic Coupling using magnetic field of alternating current flowing through the coil of the RFID reader 400 and / or Electrostatic Coupling using electrostatic energy and / or Inductive Coupling using inductive energy Power energy is generated through at least one of the methods.

The receiver 115 is a demodulator for converting a radio frequency signal provided (or applied) through the antenna unit 130 into a predetermined digital signal, and provided (or applied) through the antenna unit 130. Demodulating the radio frequency signal to generate a digital signal corresponding to the information or data transmitted from the RFID reader 400 to the RFID tag 100 to provide to the control unit 105.

According to an exemplary embodiment of the present invention, when a checksum is included in the information or data received from the RFID reader 400, the receiver 115 is configured to receive the received information or data through the checksum. It is possible to further comprise checking the data reception validity.

The transmitter 120 may transmit a response signal of a digital signal received through the receiver 115 and / or a digital signal generated or extracted (eg, extracted from the memory unit 110) in the RFID tag 100. Modulator for converting into a predetermined radio frequency signal for transmission to the RFID reader 400 through the antenna unit 130, when a predetermined digital signal is received through the receiver 115 is predefined Generating a predetermined response signal to generate a radio frequency signal for transmitting to the RFID reader 400 through the antenna unit 130, or generated by the controller 105, or from the memory unit 110 It generates a radio frequency signal for transmitting a predetermined information or data to the RFID reader 400 through the antenna unit 130, the generated radio frequency signal is Through the antenna unit 130 is provided to the RFID reader 400.

According to the exemplary embodiment of the present invention, in order to secure the validity of the transmitted information or data, it is possible to add a predetermined checksum to the information or data transmitted to the RFID reader 400 and transmit it.

The memory unit 110 may read the RFID reader 400 in response to information or data for reading a predetermined digital signal received from the RFID reader 400 through the receiver 115, and / or the received digital signal. Predetermined information or data to be provided), and / or predetermined information or data required to define the function and role of the RFID tag 100, and / or information or data stored in the memory unit 110 And a memory structure for storing at least one predetermined information or data for determining validity, wherein the predetermined dynamic ID information storage area 200 and the dynamic ID information are stored. And at least one security key set 205 (at least one security key and a key index) required in the ID information allocation process. And a gong.

According to the exemplary embodiment of the present invention, the memory unit 110 may further include predetermined security protocol information 215 corresponding to the security key set 205.

According to the exemplary embodiment of the present invention, the predetermined dynamic ID information storage area 200 in which the dynamic ID information is stored in the memory unit 110 may provide a nonvolatile memory characteristic that provides a read / write function. The remaining stored information may be stored in a read-only memory, and a preferred embodiment of the structure of the memory unit 110 will be described with reference to FIG. 2.

The control unit 105 includes a predetermined physical (hardware) and / or logical (software) control logic (Control Logic), based on the control logic, the receiving unit 115, the transmitting unit ( 120 and the memory unit 110 in conjunction with (or control) to control the overall function of the RFID tag 100 (e.g., transponder function), and / or to control the dynamic ID information allocation function according to the present invention Characterized in that. For example, when the RFID tag 100 is an RF chip-based RFID tag 100 including a predetermined MCU block, the control unit 105 physically realizes a function to be performed in the RFID tag 100. And control logic including at least one logic element (and / or arithmetic element) for the purpose, and / or the IC chip based on which the RFID tag 100 includes a predetermined LSI / MSI / SSI. In the case of the RFID tag 100, the control unit 105 includes control logic including a processor that logically executes a program to be executed in the RFID tag 100 and a processor including an execution memory. Preferably, it is possible to physically configure the control logic in the IC chip-based RFID tag 100 according to the intention of those skilled in the art.

According to an embodiment of the present invention, the control unit 105 for dynamic ID information allocation may include at least one logic element (and / or arithmetic element) according to the intention of a person skilled in the art and / or technical characteristics of the RFID tag 100. It can be both physically made and / or logically made by a predetermined program that is driven in the RFID tag 100, it is easily described to those skilled in the art to which the present invention belongs. For convenience, in FIG. 1, a functional configuration for dynamic ID information allocation is shown in the controller 105 for convenience. However, the functional configuration of the RFID tag 100 is not limited to the case of FIG.

According to an exemplary embodiment of the present invention, the control unit 105 basically reads a digital signal received in response to a request of the RFID reader 400 through the receiving unit 115 to realize a transponder function. Perform a control function corresponding to a digital signal, and / or read a predetermined response signal corresponding to the received digital signal, or predetermined information or data corresponding to the received digital signal from the memory unit 110 Extract and control the generation of a predetermined digital signal to be transmitted to the RFID reader 400 through the transmitter 120.

Referring to FIG. 1, the RFID tag 100 generates a predetermined random number R when a broadcast signal and / or a dynamic ID information allocation signal are received from a predetermined RFID terminal 300 for dynamic ID information allocation. A random number generation unit 135, an encryption unit 140 for selecting and encrypting a predetermined security key among at least one or more security keys stored in the memory unit 110, and dynamic ID information allocation And a recording unit 155 for decrypting the encrypted ID received from the predetermined RFID terminal 300, verifying the authentication value M1, and then recording it in the memory unit 110. .

According to the embodiment of the present invention, the RFID tag 100 generates a predetermined authentication value M1 corresponding to the ID information, and receives the received authentication value M1 'and the generated authentication value M1. It is preferable to further comprise an authentication unit 150 for authenticating the validity of the ID information by comparing the and / or generates a predetermined authentication value (M2) from the ID information recorded in the memory unit 110 It is preferable that the data generating unit 145 is further provided.

The random number generation unit 135 receives a predetermined broadcast signal from the RFID terminal 300 and / or receives a predetermined dynamic ID information allocation signal from the RFID terminal 300. And a predetermined random number R for key exchange and / or key delivery and / or key distribution between the RFID tag 100 and the random number R, which includes a predefined fixed length. It is preferable to make it. Those skilled in the art to which the present invention pertains will clearly understand the random number generation algorithm, so a detailed description thereof will be omitted.

The encryption unit 140 randomly selects a predetermined security key from at least one or more security keys stored in the memory unit 110 by using the random number R (eg, a fixed length random number) generated by the random number generation unit 135. Selects and encrypts based on predetermined security protocol information 215 stored in the memory unit 110 (eg, encryption logic and / or encryption parameter for encrypting the generated random number through the security key). Characterized in that, the security key and / or security protocol preferably comprises a block encryption function, such as 3-DES or SEED.

The transmitter 120 generates the random number R generated by the random number generator 135, the random number ER encrypted by the encryption unit 140, and a predetermined key index corresponding to the security key. The tag 100 is transmitted to the RFID terminal 300 through an air interface 500 between the RFID reader 400, and the RFID terminal 300 is based on a predetermined security key corresponding to the key index. The encrypted random number ER is decrypted and compared with the received random number R, or the encrypted random number ER is encrypted by encrypting the received random number R based on a predetermined security key corresponding to the key index. By comparing the key index, and then extracting (or generating) and encrypting predetermined ID information to be allocated to the RFID tag 100, and encrypting the encrypted ID information (EID) and the ID information. Predetermined authentication value corresponding to (or encrypted ID information) The Ml 'is generated and transmitted to the RFID tag 100, and the receiver 115 receives the encrypted ID information EID and the authentication value M1' through the air interface 500.

When the received authentication value M1 ′ is generated from the ID information, the authentication unit 150 decrypts the encrypted and received ID information EID, and a predetermined authentication value ( After generating M1), by comparing the generated authentication value (M1) and the received authentication value (M1 '), the validity of the received ID information is authenticated, the received authentication value When M1 is generated from the encrypted ID information in the RFID terminal 300, after generating a predetermined authentication value M1 from the encrypted and received ID information EID, the generated authentication value M1 ) And the received authentication value M1 ′, thereby validating the validity of the received ID information.

According to an embodiment of the present invention, the authentication value M1 'and / or authentication value M1 is data generated by reading the upper N (1 <N <dynamic tag information length) bytes of the encrypted ID information. Block, or data block generated by reading the lower N (1 <N <dynamic tag information length) bytes of the encrypted ID information, or M (1 <M <dynamic tag information length) byte offsets of the encrypted ID information A data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes, or a data block generated by applying a predetermined one-way hash function to the encrypted ID information, or the decrypted ID Data block generated by reading the upper N (1 <N <dynamic tag information length) bytes of information, or data block generated by reading the lower N (1 <N <dynamic tag information length) bytes of the decoded ID information. Or M (1 <M <dynamic state of the decoded ID information). Information block) A data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes after byte offset, or a data block generated by applying a predetermined one-way hash function to the decoded ID information. It is preferable to comprise at least one or more.

The recording unit 155 records ID information validated by the authentication unit 150 in the dynamic ID information storage area 200 on the memory unit 110, and the encrypted ID information ( When the EID is decrypted, it is preferable to record the ID information as it is in the dynamic ID information storage area 200 on the memory unit 110, or when the ID information is not decrypted, the encrypted ID information (EID). It is preferable to decode and record the information in the dynamic ID information storage area 200 on the memory unit 110.

When the ID information is normally recorded in the dynamic ID information storage area 200, the data generator 145 notifies the RFID terminal 300 that the ID information is normally assigned to the RFID tag 100. To be described later, a predetermined authentication value M2 is generated from the ID information recorded in the dynamic ID information storage area 200.

According to a preferred embodiment of the present invention, the data generation unit 145 preferably generates a predetermined authentication value M2 from the ID information stored in the dynamic ID information storage area 200. In addition, the predetermined authentication value M2 may be generated from the encrypted ID information EID (or the authentication value M1 'received from the RFID terminal 300 may be replaced with the authentication value M2).

According to the exemplary embodiment of the present invention, the authentication value M2 is a data block generated by reading the upper N (1 <N <dynamic tag information length) bytes of the ID information recorded in the RFID tag 100, or the RFID. Data block generated by reading the lower N (1 <N <dynamic tag information length) bytes of the ID information recorded in the tag 100, or M (1 <M <) of the ID information recorded in the RFID tag 100. Dynamic tag information length) A one-way hash function in a data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes after byte offset, or ID information recorded in the RFID tag 100. A data block generated by applying a data block, or a data block generated by reading an upper N (1 <N <dynamic tag information length) byte of the encrypted ID information, or a lower N (1 <N <<) of the encrypted ID information. Dynamic tag information length) data block generated by reading a byte, or the encryption A data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes after M (1 <M <dynamic tag information length) byte offset of the generated ID information, or in the encrypted ID information. At least one data block generated by applying a predetermined one-way hash function is preferably included.

The transmitter 120 transmits the authentication value M2 generated by the data generator 145 through the air interface 500 between the RFID tag 100 and the RFID reader 400. And the RFID terminal 300 generates a predetermined authentication value M2 'corresponding to the authentication value M2 and compares it with the authentication value M2, thereby validating the validity of the allocation of the dynamic ID information. After authentication, the dynamic ID information assigned to the RFID tag 100 is stored in a predetermined storage medium and managed.

2 illustrates a preferred memory structure of the RFID tag 100 for dynamic ID information allocation according to an embodiment of the present invention.

In more detail, FIG. 2 illustrates a security key set 205 for storing a predetermined fixed ID information storage area 210 and a dynamic ID information storage area 200 in association with at least one security key and a key index, and a predetermined security. Regarding the memory structure having the protocol information 215, those skilled in the art to which the present invention pertains, the memory structure shown in FIG. 2 consists of a single memory capable of reading / writing, Or it will be apparent that both can be made, including read-only memory and one or more read / write memory.

The fixed ID information storage area 210 is unique ID information allocated to the RFID tag 100 in the process of manufacturing the RFID tag 100 or attaching the RFID tag 100 to a predetermined product. Or at least one ID information standard (e.g., the UPC (Electronic Product Code) standard of the U.S. EPC Global, the UID (ubiquitous ID) standard of the Ubiquitous ID Center of Japan, or a predetermined ID information standard designed by those skilled in the art , Structure and length of ID information), and the fixed ID information storage area 210 may be provided in a read-only memory or may be omitted according to the intention of a person skilled in the art.

According to the exemplary embodiment of the present invention, when the fixed ID information storage area 210 is provided in the RFID tag 100, those skilled in the art use the fixed ID information using the RFID terminal 300 corresponding to the fixed ID information. Provide a dual ID information service which simultaneously provides a service and a dynamic ID information service using the RFID terminal 300 corresponding to the dynamic ID information, and / or predetermined dynamic ID information in the dynamic ID information storage area 200. Is assigned to deactivate the fixed ID information, and if the predetermined dynamic ID information is not allocated or deleted in the dynamic ID information storage area 200, the selective ID information service for activating the fixed ID information is provided. It is possible.

The dynamic ID information storage area 200 is a storage area for storing ID information dynamically assigned by the predetermined RFID terminal 300 after the RFID tag 100 is manufactured and / or attached to a predetermined product. At least one ID information standard (e.g., the structure and length of the ID information), such as a predetermined ID information standard designed by a person skilled in the art, ISO / IEC 15963 standard, US EPC Global EPC standard, or Japanese Ubiquitous ID Center uID standard. ), And is provided in a memory which can be written at least once.

The security key set 205 stores at least one security key and a key index in a one-to-one manner, and when a predetermined security key is selected from the RFID tag 100, the security key set 205 corresponds to the security key. Preferably, a predetermined key index is also automatically selected, and / or when a predetermined key index is selected in the RFID tag 100, it is preferable that a predetermined security key corresponding to the key index is also automatically selected.

According to the embodiment of the present invention, the security key set 205 provided in the RFID tag 100 is matched one-to-one with the security key set 205 provided in the RFID terminal 300 or at least the RFID. It is preferable to correspond to a subset of the security key set 205 provided on the terminal 300 side.

The security protocol information 215 may include predetermined encryption logic and parameters for encrypting the random number R generated by the RFID tag 100 through a predetermined security key included in the security key set 205, and And / or predetermined decryption logic and parameters for decrypting the encrypted ID information (EID) encrypted by the RFID terminal 300 and received by the RFID tag 100. If the encryption unit 140 includes the encryption logic and parameters according to the intention, the encryption unit 140 may not be stored in the memory unit 110.

3 is a diagram illustrating a structure of an RFID terminal 300 for allocating dynamic ID information to an RFID tag 100 according to an exemplary embodiment of the present invention.

In more detail, Figure 3 illustrates a preferred structure for the RFID terminal 300 forming the air interface 500 and the RFID tag 100 through a predetermined RFID reader 400, in the technical field to which the present invention pertains. Those of ordinary skill in the art may refer to FIG. 3 to designate certain wired terminals (e.g., desktop computers, notebook computers, etc.) and / or wireless terminals (e.g., Personal Communication System (PCS) and / or GSM (e.g., Global System for Mobile communications terminal and / or Personal Digital Cellular (PDC) and / or Personal Handyphone System (PHS) terminal and / or Personal Digital Assistant (PDA) and / or smartphone ( Smart phone) and / or telematics and / or portable internet terminal, etc.) can easily infer the structure of the RFID terminal 300 formed with a predetermined RFID reader 400. Will.

Referring to FIG. 3, the RFID terminal 300 basically includes a control unit 305, a screen output unit 310, a key input unit 315, a communication unit 320, a memory unit 325, and the RFID tag 100. It comprises an RFID reader 400 for connecting a predetermined air interface 500, and may further comprise at least one or more functional components according to the type and / or technical characteristics of the RFID terminal 300, In FIG. 3, since the gist of the present invention may be obscured, it is omitted for convenience.

The control unit 305 includes a processor and an execution memory that includes a CPU / MPU in hardware, and predetermined program routines and / or programs for providing functions specific to the RFID terminal 300 from the predetermined memory. And a predetermined electronic circuit (or integrated circuit) for inputting and outputting data, and are loaded into the execution memory from a predetermined memory device and / or chipset by software. A general term of program routines and / or program data that are arithmetic through the processor to perform a function of the program data (hence, in the present invention, a predetermined program routine that is recorded on a recording medium of the RFID terminal 300 for dynamic ID information allocation) For the sake of convenience, the control unit 305 is illustrated and illustrated as being provided in the control unit 305. As a result, various functions to be implemented in the RFID terminal 300 are realized, and in order to realize the above functions, the overall operation of the RFID terminal 300 is controlled and managed.

The screen output unit 310 is a liquid crystal display (LCD) driver for screen output, and is a key input unit 315 by the control unit 305 (for example, a program routine for outputting predetermined information or data to the LCD). Key data generated through the &lt; RTI ID = 0.0 &gt;), various information, signals, and / or content (e. G., Text content, image content, and / or &lt; / RTI &gt; Or outputting a multimedia content) to a predetermined screen output device (eg, an LCD panel).

The key input unit 315 may be provided with at least one key button including a predetermined number key and / or a character key and / or a function key. Detects information (or signals) input from a keypad or a keyboard and is provided on the keypad in a specific input mode and / or operation mode of the RFID terminal 300 controlled by the controller 305. When predetermined information (or signal) is inputted from the predetermined predetermined key button, a key event corresponding to the input information (or signal) is generated, and the generated key event is provided to the controller 305. The controller 305 reads predetermined key data corresponding to the key event in the current input mode and / or operation mode of the RFID terminal 300 (for example, each of the RFID terminal 300 input modes and And / or actions Reading key data from the key table from a key table that stores (manages) at least one key data corresponding to a specific key event in a mode), and / or executes a predetermined function defined in accordance with the key event. It is characterized by reading the.

The communication unit 320 may be a wired network including a transmission control protocol (TCP) / IP (Internet Protocol) based network and / or a wired communication network based on No. 7, and / or a mobile communication network based on a CDMA stack and / or A predetermined communication channel for RFID-based information processing is connected to the RFID terminal 300 and a server (or device) on the network through a predetermined wireless network including a portable Internet network.

According to an exemplary embodiment of the present invention, the communication unit 320 may be configured with an object name server (ONS) (not shown) and / or an object information server (OIS) (not shown) and / or PML on the network with the RFID terminal 300. (Physical Markup Language) It is preferable to connect a communication channel between a server (not shown) and / or a predetermined server (not shown) providing a dynamic ID information service in conjunction with the RFID terminal (300).

The memory unit 325 is used when an operation by a predetermined program routine (or code) and / or program data (eg, a program routine (or code)) for controlling the overall operation of the RFID terminal 300 is performed. 메모리 A generic term for memory devices that store information and / or data, including read only memory (ROM), read / write flash memory (FM), and electrically erasable and programmable read (EPPROM). Only Memory), Hard Disk, and the like. In general, the ROM stores system information that should not be deleted, and the flash memory includes an operating system routine, a call processing program routine, and / or an application program routine provided through the RFID terminal 300 and information or data therefor. The EEPROM and / or the hard disk store at least one or more information and / or data extracted and / or generated during the execution of the terminal registration related parameter or the application provided in the RFID terminal 300.

According to an exemplary embodiment of the present invention, the memory unit 325 may dynamically store at least one storage medium (1) 330 and / or the RFID tag 100 in association with at least one security key and a key index. Storage medium (2) (335) for storing at least one dynamic ID information to be allocated, and / or storage medium (3) (340) for storing at least one dynamic ID information dynamically allocated to the RFID tag (100) It is preferable that the storage medium (1) 330 and / or storage medium (2) 335 and / or storage medium in accordance with the intention of those skilled in the art and / or storage capacity of the memory unit 325 (3) 340 may be provided in a server (for example, an ONS / OIS / PML server, a dynamic ID information management server (not shown) implemented by a person skilled in the art) and / or a DBMS (Database Management System) on the network.

The RFID reader 400 emits and / or accepts radio waves of a specific frequency to the RFID tag 100 in association with the electronic circuit and an electronic circuit that emits or receives a predetermined radio wave toward the RFID tag 100. In general, the antenna and a microcontroller 410 for extracting and checking a predetermined data by reading the signal (Signal) received from the RFID tag 100, the RFID tag 100 A functional configuration for storing the data according to a functional configuration and / or an application field of an RFID system (eg, logistics / distribution field, manufacturing industry, medical / animal management field, etc.), or a predetermined information processing terminal. (Or a server) may be made to include a functional configuration for transmitting further.

Referring to FIG. 3, the RFID reader 400 includes an oscillator 405 and an antenna for radio frequency signals to be emitted (transmitted) through the antenna unit 440 (shown as an external type for convenience in FIG. 3). A microcontroller 410 for controlling the radio frequency signal transmission through the unit 440, a power amplification unit 430 for amplifying power to emit (transmit) the radio frequency signal through the antenna unit 440; And a peak detector 435 for detecting a peak from a radio frequency signal received from the RFID tag 100 through the antenna unit 440, and shaping the detected peak. And a shaping section 425 and / or an amplifying section 420 for amplifying the peaks and / or a filter section 415 for filtering the peaks. In particular, the microcontroller 410 preferably further includes a function of reading and reading (decoding) predetermined data from the peak (for example, a stylized and / or amplified and / or filtered peak). Is stored in the RFID reader 400 or provided to a predetermined information processing terminal (or server) that performs information processing on the data.

According to a preferred embodiment of the present invention, the radio frequency signal transmission and reception between the RFID reader 400 and the RFID tag 100 is performed by amplitude shift keying (ASK), frequency shift keying (FSK), and phase modulation (FSK). Preferably, the present invention is performed through at least one modulation scheme including Phase Shift Keying (PSK), and the technical concept of the present invention is not limited by the radio frequency signal transmission / reception scheme between the RFID reader 400 and the RFID tag 100. .

Referring to FIG. 3, the RFID terminal 300 obtains a key index corresponding to a predetermined random number R, an encrypted random number ER, and a security key from the RFID tag 100 through the RFID reader 400. From the receiving unit 345 and the storage medium (1) 330 to check whether there is a security key that matches the key index, and extracts the matching security key to encrypt the received random number (R) When the validity of the random number (R) and the authentication unit 360 for authenticating the validity of the security key corresponding to the key index compared to the encrypted and received random number (ER), the predetermined storage medium ( 2) an extraction (generation) unit 370 for extracting (or generating) predetermined ID information to be assigned to the RFID tag 100 from 335, and a predetermined authentication value M1 'corresponding to the ID information. An encryption unit 350 for encrypting the ID information and the encrypted ID information (EID). And a transmitter 355 for transmitting a value M1 'to the RFID tag 100, wherein the dynamic ID information provided to the RFID tag 100 is stored in a predetermined storage medium (3) (340). It is preferable to further comprise a storage unit 365 to be stored in).

The receiver 345 obtains a random number ER encrypted with a predetermined random number R, a predetermined security key, and a predetermined key index corresponding to the security key from the RFID tag 100 through the RFID reader 400. And when the random number R, the encrypted random number ER, and the key index are included in a predetermined data block, the data block is received to receive the random number R and the encrypted random number. (ER) and the key index, or when the random number (R), the encrypted random number (ER) and the key index are received separately, the random number (R) and the encrypted random number (ER) and key index It is desirable to receive.

According to the exemplary embodiment of the present invention, when a predetermined checksum is included in the random number R, the encrypted random number ER, and the key index received from the RFID tag 100, the receiver 345 performs the checksum. Preferably, the method further includes verifying data reception validity of the received random number R, the encrypted random number ER, and a key index.

In addition, the receiver 345 records predetermined ID information from the RFID tag 100 after the predetermined ID information is recorded in the dynamic ID information storage area 200 of the memory unit 110 included in the RFID tag 100. Characterized in that it receives the authentication value (M2), and if the received authentication value (M2) includes a predetermined checksum, to check the validity of data reception for the received authentication value (M2) through the checksum It is preferable that it further comprises.

When the authentication unit 360 receives the random number R, the encrypted random number ER, and the key index from the RFID tag 100 through the receiving unit 345, a predetermined storage medium (1) 330 Check whether a predetermined security key corresponding to the key index exists, extract the predetermined security key corresponding to the key index from the storage medium (1) 330 when the security key exists, Characterizing the validity of the security key corresponding to the key index received from the RFID tag 100 by using the extracted security key.

According to an exemplary embodiment of the present invention, the authentication unit 360 encrypts the received random number R using the extracted security key to generate a predetermined encrypted random number ER, and the encrypted random number. It is preferable to authenticate the validity of the security key corresponding to the key index by comparing an ER encrypted with the RFID tag 100 and the received random number ER, and / or using the extracted security key. Decrypts the random number ER encrypted and received by the RFID tag 100, and compares the decrypted random number R with the random number R received from the RFID tag 100 to correspond to the key index. It is desirable to authenticate the validity of the security key.

When the validity of the random number R is authenticated by the authenticator 360, the extractor 370 may assign the RFID tag 100 from a predetermined storage medium 2 or 335. And extracting predetermined dynamic ID information and / or generating predetermined dynamic ID information.

According to a preferred embodiment of the present invention, the dynamic ID information is preferably allocated so as not to overlap each RFID tag 100. For this purpose, the extraction (generation) unit 370 stores the dynamic ID information. When extracting from the medium (2) 335, the ID information for dynamic allocation stored in the storage medium (2) (335) is extracted (created) by the ID information previously assigned to a predetermined RFID tag (100). It is preferable to manage so as not to be duplicated by the unit 370. In addition, when the extraction (generation) unit 370 generates the dynamic ID information, the extraction (generation) unit 370 is a predetermined unique code (eg, serial number of the RFID terminal 300) that is not duplicated. It is preferable that the ID information is generated based on the time information generated to generate the dynamic ID information conforming to a predetermined ID information standard so as not to be duplicated. Of course, the dynamic ID information may be duplicated according to the intention and / or implementation method of those skilled in the art.

The encryption unit 350 encrypts the dynamic ID information extracted and / or generated by the extraction (generation) unit 370, and generates a predetermined authentication value M1 'corresponding to the ID information. It is done.

According to an exemplary embodiment of the present invention, the encryption unit 350 encrypts the extracted and / or generated dynamic ID information through a predetermined security key corresponding to the key index received from the RFID tag 100. Preferably, the RFID tag 100 decrypts the ID information (EID) received as encrypted in the RFID terminal 300 through a security key corresponding to the key index.

According to another exemplary embodiment of the present invention, the encryption unit 350 encrypts the extracted and / or generated dynamic ID information through a predetermined secret key (not shown) promised with the RFID tag 100. The RFID tag 100 decrypts ID information (EID) received as encrypted in the RFID terminal 300 through a predetermined secret key (not shown) promised with the RFID terminal 300. It is possible to do

According to another exemplary embodiment of the present invention, the encryption unit 350 may store the extracted and / or generated dynamic ID information in addition to the security key corresponding to the key index, and predetermined security promised with the RFID tag 100. It is possible to encrypt through a key, the RFID tag 100 is encrypted as described above in the RFID terminal 300 by using the ID information (EID) received with the RFID terminal 300 the security key previously promised It is possible to decrypt through. For example, the key index received from the RFID tag 100 is a key index 3, and the dynamic ID information is a key index before or after the key index (e.g., key index 2 or key index 4). In the case where the data is promised to be encrypted, the encryption unit 350 based on the appointment, a key index other than the key index received from the RFID tag 100 (eg, the key index 2 or the key index 4). Encrypt with a security key corresponding to.

According to the exemplary embodiment of the present invention, the encryption unit 350 generates a predetermined authentication value M1 'from the dynamic ID information extracted and / or generated by the extraction (generation) unit 370, or It is preferable to generate a predetermined authentication value M1 ′ from the dynamic ID information EID encrypted by the encryption unit 350. However, when a predetermined authentication value M1 ′ is generated from the dynamic ID information in the encryption unit 350, the RFID tag 100 is encrypted by the RFID terminal 300 and received dynamic ID information (EID). ) And generates an authentication value (M1) for comparison with the authentication value (M1 '), and a predetermined authentication value (M1) is obtained from the encrypted dynamic ID information (EID) by the encryption unit (350). When generated, the RFID tag 100 generates an authentication value M1 for comparing with the authentication value M1 'from the dynamic ID information EID encrypted and received by the RFID terminal 300.

The transmitter 355 transmits the encrypted ID information EID and the authentication value M1 ′ to the RFID tag 100 through the RFID reader 400, and the RFID tag 100. ) Receives the encrypted ID information (EID) and the authentication value (M1 '), and confirms the validity of the encrypted ID information (EID) through the authentication value (M1'), the validity is confirmed The dynamic ID information is stored in the dynamic ID information storage area 200 of the memory unit 110.

According to the exemplary embodiment of the present invention, the transmitting unit 355 transmits the information or data transmitted to the RFID tag 100 to secure validity of the transmitted encrypted ID information EID and the authentication value M1 ′. It is possible to transmit by adding a predetermined checksum.

After the dynamic ID information is stored in the dynamic ID information storage area 200 of the memory unit 110 as described above, the RFID tag 100 performs predetermined authentication corresponding to the dynamic ID information stored in the memory unit 110. When the received authentication value M2 is generated and received from the ID information stored in the dynamic ID information storage area 200, the authentication unit 360 extracts (creates) the value M2. By generating a predetermined authentication value M2 'from the ID information extracted and / or generated by the unit 370, and comparing the received authentication value (M2) and the generated authentication value (M2'), Preferably, the validity of the dynamic ID information allocated to the RFID tag 100 is authenticated, or the received authentication value M2 is encrypted (or not decrypted) ID information (or not decrypted) in the RFID tag 100. When generated and received from the EID, the authentication unit 360 is encrypted by the encryption unit 350 Dynamic ID information assigned to the RFID tag 100 by generating a predetermined authentication value M2 'from the received ID information and comparing the received authentication value M2 with the generated authentication value M2'. It is desirable to authenticate the validity of the.

When the validity of the authentication value M2 received from the RFID tag 100 is authenticated through the authentication unit 360, the storage unit 365 receives the dynamic ID information provided to the RFID tag 100. It is characterized in that the storage in the predetermined storage medium (3) (340).

According to one embodiment of the invention, when the allocation and operation of the dynamic ID information is made only in a fixed area (or space), the storage medium (3) 340 is the memory unit 110 in the RFID terminal 300 ) And / or a predetermined PML server and / or a local management server (not shown). When the allocation and operation of the dynamic ID information is performed while moving an area (or space), The storage medium (3) 340 is preferably provided in an ONS / OIS / PML server on the network and / or a predetermined dynamic ID information management server (not shown) interoperating with the RFID terminal 300.

4 is a view showing a preferred embodiment of the storage medium (1) 330 according to an embodiment of the present invention.

4 illustrates a plurality of key indexes and security keys corresponding to an encrypted set of the memory unit 110 included in the RFID tag 100 according to a predetermined key transfer procedure and / or key distribution procedure and / or key exchange procedure. And a security key set 205 stored in the storage medium (1) 330 in a one-to-one correspondence with the security key set 205 provided in the RFID tag (100). And / or a collection of security key sets 205 provided in the RFID tag 100, whereby a predetermined key index is received from the RFID tag 100. The terminal 300 may extract a predetermined security key matching the received key index from the storage medium (1) 330. For example, when two different RFID tags 100 are provided with different security key sets 205, the storage medium 1 and 330 are secure key sets 205 provided in the RFID tag 100. It is made including all.

Figure 5 illustrates a preferred embodiment of a storage medium (2) 335 according to one embodiment of the present invention.

In more detail, FIG. 5 illustrates a storage medium storing ID information for granting the dynamic ID information not to be duplicated in the dynamic ID information storage area 200 of the memory unit 110 included in the RFID tag 100. 2 shows a preferred structure for 335.

Referring to FIG. 5, the storage medium 2 or 335 determines whether the predetermined dynamic ID information and the dynamic ID information to be applied to the predetermined RFID tag 100 are used (for example, the predetermined RFID tag 100 is used). Is stored in the dynamic ID information storage area 200 of the provided memory unit 110, or is not in use (for example, the dynamic ID information storage area of the memory unit 110 provided in the predetermined RFID tag 100 ( 200) or a " used / unused " flag for checking whether the information is stored in the dynamic ID information storage area 200). As a result, the extraction (generation) unit 370 provided in the RFID terminal 300 may give the RFID tag 100 such that the dynamic ID information does not overlap.

Figure 6 illustrates a preferred embodiment of a storage medium (3) 340 according to an embodiment of the present invention.

In more detail, FIG. 6 illustrates a preferred structure of a storage medium (3) 340 for storing dynamic ID information stored in the dynamic ID information storage area 200 of the memory unit 110 included in the RFID tag 100. It is shown.

Referring to FIG. 6, the storage medium 3 and 340 include dynamic ID information stored in the dynamic ID information storage area 200 of the memory unit 110 included in a predetermined RFID tag 100. According to an embodiment, the dynamic ID information allocation date and time information including the date and time the dynamic ID information is recorded in the dynamic ID information storage area 200, and the dynamic ID information in the RFID tag 100 Preferably, the terminal further includes identification information of the RFID terminal 300 including the RFID terminal number recorded therein, and object information location information including a URL for storing predetermined object information corresponding to the dynamic ID information. If predetermined fixed ID information is stored in the RFID tag 100 in which the dynamic ID information is stored, the storage medium 3 and 340 may further store the fixed ID information.

7 is a diagram illustrating a process of transferring a security key to the RFID terminal 300 through a predetermined random number R in the RFID tag 100 for dynamic ID information allocation according to an exemplary embodiment of the present invention.

In more detail, in FIG. 7, a predetermined random number R is generated from the RFID tag 100, and the random number R is selected from among security key sets 205 provided in the RFID tag 100. By encrypting through and transmitting a key index corresponding to the security key to the RFID terminal 300, the predetermined security key required for the dynamic ID information allocation to the RFID terminal 300. .

Referring to FIG. 7, when a predetermined broadcast signal and / or a dynamic ID information allocation signal are received from a predetermined RFID reader 400, the random number generation unit 135 of the RFID tag 100 generates a predetermined random number generation algorithm. In accordance with the present invention generates a predetermined random number (R) for delivering a predetermined security key for validating the dynamic ID information allocation process (700), the random number (R) preferably comprises a fixed length.

According to an embodiment of the present invention, the random number generation unit 135 may include a predefined fixed length generation algorithm, or generate random numbers of arbitrary length and generate the random number to generate a fixed random number. It is desirable to include a function of processing a fixed length by applying a predetermined hash function.

When the predetermined random number R is generated as described above, the encryption unit 140 of the RFID tag 100 includes at least one key index and security key included in the security key set 205 of the memory unit 110. A predetermined key index and a security key are selected from the list (705), and the generated random number is encrypted using the selected security key (710).

When the random number (R) is encrypted as described above, the transmitting unit 120 of the RFID tag 100 is used to encrypt the generated random number (R) and the encrypted random number (ER) and the random number (R) The predetermined key index corresponding to the key is transmitted through the air interface 500 between the RFID tag 100 and the RFID reader 400 (715).

8A and 8B illustrate a process of receiving a predetermined security key from the RFID terminal 300 for dynamic ID information allocation according to an embodiment of the present invention.

In more detail, FIGS. 8A and 8B illustrate a random number ER encrypted with a predetermined random number R and a predetermined security key from the RFID tag 100 through a process similar to that of FIG. 7 in the RFID terminal 300; Receiving a predetermined key index corresponding to the security key and identifying a predetermined security key for allocating the dynamic ID information based on the key index, whereby the RFID tag 100 receives the RFID. The predetermined security key is transmitted to the terminal 300.

Referring to FIG. 8A, the receiver 345 of the RFID terminal 300 receives the random number R, the encrypted random number ER, and the random number from the RFID tag 100 through a predetermined air interface 500. (R) receives a predetermined key index corresponding to the used security key for encrypting, and the authentication unit 360 searches for the storage medium (1) 330 based on the received key index. It is checked whether a predetermined security key corresponding to the index exists (805).

If a predetermined security key corresponding to the key index exists in the storage medium (1) 330, the authentication unit 150 is a security key corresponding to the key index from the storage medium (1) 330 Extract (810), encrypt the random number (R) received from the RFID tag (100) using the extracted security key (815), and encrypt the random number (ER) and the RFID tag (100) By comparing 820 the encrypted random number ER, the validity of the key index received from the RFID tag 100 is authenticated. If the encrypted random number (ER) and the random number (ER) encrypted and received by the RFID tag 100 match (825), the validity of the key index received from the RFID tag 100 is authenticated. As a result, the RFID terminal 300 encrypts predetermined dynamic ID information through a security key corresponding to the key index and safely transmits the dynamic ID information to the RFID tag 100.

Referring to FIG. 8B, the receiver 345 of the RFID terminal 300 receives the random number R, the encrypted random number ER, and the random number from the RFID tag 100 through a predetermined air interface 500. (R) receives a predetermined key index corresponding to the used security key for encrypting, and the authentication unit 360 searches for the storage medium (1) 330 based on the received key index. It is checked whether a predetermined security key corresponding to the index exists (805).

If a predetermined security key corresponding to the key index exists in the storage medium (1) 330, the authentication unit 150 is a security key corresponding to the key index from the storage medium (1) 330 Extract (810), decrypt the received random number (ER) encrypted and received from the RFID tag (100) using the extracted security key (830), and decrypt the random number (R) and the RFID tag (100) By comparing the random number (R) received in the (835), the validity of the key index received from the RFID tag 100 is authenticated. If the decrypted random number R and the random number R received from the RFID tag 100 coincide (840), the validity of the key index received from the RFID tag 100 is authenticated. The RFID terminal 300 encrypts predetermined dynamic ID information through a security key corresponding to the key index and safely transmits the dynamic ID information to the RFID tag 100.

9A and 9B illustrate a process of encrypting dynamic ID information through a predetermined security key in the RFID terminal 300 and transmitting the encrypted ID information to the RFID tag 100 according to an exemplary embodiment of the present invention.

9a and 9b are described in more detail through a predetermined security key transmitted from the RFID tag 100 to the RFID terminal 300 through the same process as in FIGS. 7 and 8 in the RFID terminal 300. The present invention relates to a preferred process of encrypting predetermined dynamic ID information and transmitting it to the RFID tag 100.

9A, the extraction (generation) unit 370 of the RFID terminal 300 extracts (900a) and / or assigns predetermined dynamic ID information from the storage medium (2) (335). Generating predetermined dynamic ID information (900b), the encryption unit 350 checks the generated dynamic ID information through the process of Figures 7 and 8 (or from the storage medium (1) 330) (905) encrypts the extracted security key, generates a predetermined authentication value (M1 ') from the encrypted dynamic ID information (EID) (910), and the transmitter 355 generates the encrypted dynamic ID information. The EID and the authentication value M1 ′ are transmitted through the air interface 500 between the RFID reader 400 and the RFID tag 100 (915).

Referring to FIG. 9B, the extraction (generation) unit 370 of the RFID terminal 300 extracts (900a) predetermined dynamic ID information from the storage medium (2) (335) and / or assigns the RFID to the RFID. Generating predetermined dynamic ID information (900b), the encryption unit 350 generates a predetermined authentication value (M1 ') from the generated dynamic ID information (920), the dynamic ID information to the Figure 7 And encrypted through a security key identified through the process of FIG. 8 (or extracted from the storage medium (1) 330) (925), and the transmitting unit (355) uses the encrypted dynamic ID information (EID) and the The authentication value M1 ′ is transmitted through the air interface 500 between the RFID reader 400 and the RFID tag 100 (915).

According to another embodiment of the present invention, the process of encrypting the dynamic ID information in the encryption unit 350 (905,925), a predetermined secret key (shown between the RFID tag 100 and the RFID terminal 300) Or a predetermined security key promised with the RFID tag 100 in addition to the security key corresponding to the key index.

10A and 10B illustrate a process of recording dynamic ID information received from the RFID terminal 300 in a memory in the RFID tag 100 according to an exemplary embodiment of the present invention.

In more detail, FIGS. 10A and 10B show validity of dynamic ID information received from the RFID terminal 300 to the RFID tag 100 through the same process as that of FIG. 9A or 9B in the RFID tag 100. And a process of recording the received dynamic ID information in the dynamic ID information storage area 200 on the memory unit 110. FIG. 10A illustrates an authentication value generated through the process as shown in FIG. 9A. (M1 ') to check the validity of the dynamic ID information, this figure 10b is to use the authentication value (M1') generated through the same process as in Figure 9b for the dynamic ID information This includes checking the validity.

Referring to FIG. 10A, the receiver 115 of the RFID tag 100 transmits encrypted dynamic ID information EID and a predetermined authentication value M1 ′ transmitted from the RFID terminal 300 through the same process as that of FIG. 9A. ), And provides the authentication unit 150 with the dynamic ID information (EID) and the predetermined authentication value (M1 ') encrypted and received by the RFID terminal 300 (1005).

The authenticator 150 of the RFID tag 100 generates a predetermined authentication value M1 from the dynamic ID information EID encrypted and received from the RFID terminal 300 through the process as shown in FIG. 1010, by comparing the generated authentication value M1 with the authentication value M1 ′ received from the RFID terminal 300 (1015), the validity of the encrypted dynamic ID information EID is authenticated.

If the validity of the encrypted dynamic ID information EID is authenticated through comparing the authentication value M1 and the authentication value M1 '(1020), the recording unit 155 corresponds to the key index. The encrypted dynamic ID information is decrypted through a predetermined security key (1025), and the decrypted dynamic ID information is recorded in the dynamic ID information storage area 200 of the memory unit (1030).

After the decoded dynamic ID information is recorded in the dynamic ID information storage area 200, the data generating unit 145 generates a predetermined authentication value M2 from the recorded dynamic ID information (1035). In operation 1040, the transmitter 120 transmits the generated authentication value M2 through the air interface 500 between the RFID tag 100 and the RFID reader 400.

Referring to FIG. 10B, the receiving unit 115 of the RFID tag 100 transmits encrypted dynamic ID information EID and a predetermined authentication value M1 ′ transmitted from the RFID terminal 300 through the same process as that of FIG. 9B. ), And provides the authentication unit 150 with the dynamic ID information (EID) and the predetermined authentication value (M1 ') encrypted and received by the RFID terminal 300 (1005).

The authentication unit 150 of the RFID tag 100 uses the predetermined security key corresponding to the key index to the dynamic ID information (EID) encrypted and received from the RFID terminal 300 through the process as shown in FIG. 9B. Decryption (1045), and generates a predetermined authentication value (M1) from the decrypted dynamic ID information (1050), the authentication value (M1) and the authentication value received from the RFID terminal 300 ( M1 ') to verify the validity of the encrypted dynamic ID information (EID) (1055).

If the validity of the encrypted dynamic ID information EID is authenticated through the comparison process of the authentication value M1 and the authentication value M1 '(1060), the recording unit 155 stores the decrypted dynamic ID information. The dynamic ID information storage area 200 of the memory unit 110 is recorded (1030).

After the decoded dynamic ID information is recorded in the dynamic ID information storage area 200, the data generating unit 145 generates a predetermined authentication value M2 from the recorded dynamic ID information (1035). In operation 1040, the transmitter 120 transmits the generated authentication value M2 through the air interface 500 between the RFID tag 100 and the RFID reader 400.

10A and 10B, the dynamic ID information in FIG. 9A or 9B is encrypted through a predetermined secret key (not shown) promised between the RFID tag 100 and the RFID terminal 300, or Alternatively, when the encryption is performed using a predetermined security key promised with the RFID tag 100 in addition to the security key corresponding to the key index, the decryption processes 1010 and 1045 may include a secret key corresponding to FIG. 9A or 9B. (Not shown) or through a security key promised in advance.

10A and 10B, the authentication value M2 is preferably generated directly from the dynamic ID information stored in the dynamic ID information storage area 200. According to another exemplary embodiment, the stored dynamic ID The information may be generated by encrypting the information or may be generated from the dynamic ID information before the decryption. However, the RFID terminal 300 undergoes the same encryption / decryption procedure in the process of authenticating the validity of the authentication value M2. do.

11 is a diagram illustrating a process of storing and managing dynamic ID information stored in an RFID tag 100 according to an exemplary embodiment of the present invention.

In more detail, FIG. 11 shows the RFID tag 100 using the authentication value M2 generated in the RFID tag 100 and received by the RFID terminal 300 through the same process as in FIGS. 10A and 10B. The present invention relates to a process of authenticating validity of stored dynamic ID information and storing and managing dynamic ID information of which the validity is authenticated in the storage medium (3) (340).

Referring to FIG. 11, when a predetermined authentication value M2 is received at the receiving unit 345 of the RFID terminal 300 through the air interface 500 between the RFID tag 100 and the RFID reader 400 ( 1100, the authenticator 360 of the RFID terminal 300 corresponds to a predetermined value corresponding to the authentication value M2 from the dynamic ID information transmitted to the RFID tag 100 through the process of FIG. 9A or 9B. By generating an authentication value M2 '(1105) and comparing the generated authentication value M2' with the authentication value M2 received from the RFID tag 100 (1110), the RFID tag 100 Validate the dynamic ID information stored in

According to the exemplary embodiment of the present invention, when the authentication value M2 is generated from the dynamic ID information stored in the dynamic ID information storage area 200 in the RFID tag 100, the authentication unit 360 extracts the authentication. The generation unit 370 extracts from the storage medium 2 or 335 or generates a predetermined authentication value M2 'from the generated dynamic ID information. In the case where the authentication value M2 is generated by encrypting the dynamic ID information or generated from the undecrypted dynamic ID information (EID), the authentication unit 360 is encrypted by the encryption unit 350. It is preferable to generate a predetermined authentication value M2 'from the dynamic ID information EID.

If the validity of the dynamic ID information stored in the FID tag is authenticated (1115), the storage unit 365 of the RFID terminal 300 stores the dynamic ID information in the storage medium (3) 340 ( 1120, the dynamic ID information dynamically allocated to the RFID tag 100 through the same process as in FIG. 7, 8a or 8b, 9a or 9b, and 10a or 10b. Manage it.

According to the present invention, in an RFID tag having at least one write once read many (WORM) and / or write many (WM) memory, at least one encryption key and a key index are stored in the memory in association with each other. By providing an encryption protocol of the RFID tag, the RFID tag and the RFID terminal can be mutually linked (or authenticated) through a predetermined encryption protocol using the encryption key and the key index to securely assign and record ID information to the RFID tag. There is an advantage.

According to the present invention, a system in which the ID information securely recorded in the memory through the mutual authentication procedure between the RFID tag and the RFID terminal based on the encryption key and the key index and / or encryption protocol is assigned the dynamic tag information (or Since only the RFID terminal knows the ID information, there is an advantage in that the unspecified RFID terminal tracks the location of the RFID tag or grasps the movement path.

Claims (24)

Generating a predetermined random number R from the RFID tag; Encrypting the random number by selecting a predetermined security key from at least one security key previously stored in a memory unit in the RFID tag; Transmitting the random number (R), an encrypted random number (ER), and a key index from the RFID tag to an RFID terminal; Encrypting the received random number R by extracting a security key corresponding to the received key index from a predetermined storage medium in the RFID terminal; Comparing the encrypted random number (ER) and the encrypted random number (ER) received from the RFID tag at the RFID terminal; Extracting (or generating) predetermined ID information to be assigned to the RFID tag from a predetermined storage medium in the RFID terminal when the comparison result is matched; Generating a predetermined authentication value (M1) from the extracted (or generated) ID information in the RFID terminal and encrypting the ID information; Transmitting, by the RFID terminal, the encrypted ID information and the authentication value M1 to the RFID tag; Generating an authentication value (M1) corresponding to the encrypted ID information in the RFID tag and comparing the received authentication value (M1); And And storing the decrypted ID information from the RFID tag in the memory unit if the comparison result is matched. The method of claim 1, Generating an authentication value (M2) corresponding to ID information stored in the memory unit in the RFID tag; Transmitting the generated authentication value (M2) in the RFID tag to the RFID terminal; Generating, at the RFID terminal, a predetermined authentication value M2 corresponding to the ID information, and authenticating the validity of the ID information by comparing the authentication value M2 received from the RFID tag; And if the validity of the ID information is verified, storing the ID information assigned to the RFID tag in a predetermined storage medium by the RFID terminal. . A recording medium comprising a program for executing the method of claim 1 or 2. An RFID tag generating a predetermined random number (R), selecting a predetermined security key to encrypt the random number, and transmitting the random number (R), the encrypted random number (ER), and a key index to an RFID terminal; Extracts a security key corresponding to the received key index from a storage medium to encrypt the received random number R, and encrypts the encrypted random number ER and the random number ER encrypted from the RFID tag. An RFID terminal which compares (or generates) predetermined ID information to be assigned to the RFID tag from a predetermined storage medium and transmits the extracted (or generated) ID information to the RFID tag if the comparison result is matched. It characterized by comprising; The RFID tag, And decrypting the encrypted ID information transmitted from the RFID terminal, and storing the decrypted ID information in a predetermined memory. The method of claim 4, wherein The RFID terminal, Generate a predetermined authentication value M1 from the extracted (or generated) ID information, and further transmit the authentication value M1 to the RFID tag, The RFID tag, The system generates an authentication value M1 corresponding to the encrypted ID information, and compares the authentication value M1 transmitted by the RFID terminal to authenticate validity of the ID information. . The method of claim 4, wherein The RFID tag, Generating an authentication value M2 corresponding to ID information stored in the memory, and transmitting the generated authentication value M2 to the RFID terminal, The RFID terminal, Dynamic ID allocation to the RFID tag, characterized in that for generating a predetermined authentication value (M2) corresponding to the ID information, and to validate the validity of the ID information compared to the authentication value (M2) received from the RFID tag system. The RFID terminal of claim 4 or 5 or 6, wherein the RFID terminal comprises: And ID information assigned to the RFID tag in a predetermined storage medium. RFID tag, A memory unit having a storage area for storing dynamic ID information, the memory unit storing at least one security key and a key index in association with each other; Random number generation unit for generating a predetermined random number (R); An encryption unit for encrypting the generated random number by selecting a predetermined security key from at least one security key stored in the memory unit; A transmitter for transmitting a key index corresponding to the random number R, an encrypted random number ER, and a security key to the RFID terminal; When the RFID terminal confirms the validity of the encrypted random number by using a key matching the key index, encrypts an ID to be assigned to the RFID tag (EID), and generates and transmits an authentication value M1 accordingly. Receiving unit for receiving it; And a recording unit which decrypts the received encrypted ID, verifies the authentication value (M1), and writes it to the memory unit. The method of claim 8, An authentication unit for generating a predetermined authentication value M1 corresponding to the ID information, and comparing the received authentication value M1 and the generated authentication value M1 to authenticate the validity of the ID information. RFID tag, characterized in that made by. The method according to claim 9, wherein the authentication value (M1) and / or authentication value (M1), A data block generated by reading upper N (1 <N <dynamic tag information length) bytes of the encrypted ID information, or A data block generated by reading the lower N (1 <N <dynamic tag information length) bytes of the encrypted ID information, or A data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes after offsetting M (1 <M <dynamic tag information length) bytes of the encrypted ID information, or A data block generated by applying a predetermined one-way hash function to the encrypted ID information, or A data block generated by reading the upper N (1 <N <dynamic tag information length) bytes of the decoded ID information, or A data block generated by reading the lower N (1 <N <dynamic tag information length) bytes of the decoded ID information, or A data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes after M (1 <M <dynamic tag information length) byte offset of the decoded ID information, or And at least one data block generated by applying a predetermined one-way hash function to the decrypted ID information. The method of claim 8, wherein the RFID tag, And a data generation unit for generating a predetermined authentication value M2 from the ID information recorded in the memory unit. The transmitting unit, RFID tag, characterized in that for transmitting the generated authentication value (M2) to the RFID terminal. The method according to claim 11, wherein the authentication value M2, A data block generated by reading upper N (1 <N <dynamic tag information length) bytes of the encrypted ID information, or A data block generated by reading the lower N (1 <N <dynamic tag information length) bytes of the encrypted ID information, or A data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes after offsetting M (1 <M <dynamic tag information length) bytes of the encrypted ID information, or A data block generated by applying a predetermined one-way hash function to the encrypted ID information, or A data block generated by reading the upper N (1 <N <dynamic tag information length) bytes of the decoded ID information, or A data block generated by reading the lower N (1 <N <dynamic tag information length) bytes of the decoded ID information, or A data block generated by reading N (1 <N <(dynamic tag information length-M)) bytes after M (1 <M <dynamic tag information length) byte offset of the decoded ID information, or And at least one data block generated by applying a predetermined one-way hash function to the decrypted ID information. The method of claim 8, wherein the memory unit, And further storing predetermined security protocol information. The method of claim 13, wherein the security protocol information, Encryption logic and / or encryption parameters for encrypting the generated random number with the security key, and / or And at least one predetermined decryption logic and / or decryption parameter for decrypting the encrypted ID information. 12. The recording medium of claim 8, 9 or 11, wherein a program for executing the function of the RFID tag configuration unit is recorded. In an RFID terminal, A storage medium (1) storing at least one security key in association with a key index; A receiving unit for receiving a random index (R), an encrypted random number (ER), and a key index corresponding to a security key from an RFID tag; Check whether there is a security key that matches the key index from the storage medium 1, extract the matching security key, encrypt the received random number R, and compare it with the encrypted received random number ER. An authentication unit for authenticating a validity of the security key corresponding to the key index; An extraction (generation) unit for extracting (or generating) predetermined ID information to be assigned to the RFID tag from a storage medium 2 when the validity of the encryption key corresponding to the key index is authenticated; An encryption unit which generates a predetermined authentication value M1 corresponding to the ID information and encrypts the ID information; And a transmitter for transmitting the encrypted ID information and the authentication value (M1) to the RFID tag. The method according to claim 16, wherein the authentication value M1, A data block generated by reading upper N (1 <N <ID information length) bytes of the encrypted ID information, or A data block generated by reading the lower N (1 <N <ID information length) bytes of the encrypted ID information, or A data block generated by reading M (1 <N <(ID information length-M)) bytes of M (1 <M <ID information length byte offset) of the encrypted ID information, or A data block generated by applying a predetermined one-way hash function to the encrypted ID information, or A data block generated by reading upper N (1 <N <ID information length) bytes of the unencrypted ID information, or A data block generated by reading the lower N (1 <N <ID information length) bytes of the unencrypted ID information, or A data block generated by reading M (1 <N <(ID information length-M)) bytes of M (1 <M <ID information length byte offset) of the unencrypted ID information, or And at least one data block generated by applying a predetermined one-way hash function to the unencrypted ID information. The method of claim 16, wherein the receiving unit, And a predetermined authentication value (M2) is further received from the RFID tag. The method of claim 16, wherein the authentication unit, When the authentication value (M2) is generated from the encrypted ID information, characterized in that for generating the authentication value (M2) from the encrypted ID information and comparing with the authentication value (M2), And when the authentication value (M2) is generated from the decrypted ID information, generating the authentication value (M2) from the unencrypted ID information and comparing it with the authentication value (M2). The method according to claim 18 or 19, wherein the authentication value (M2) and / or authentication value (M2), A data block generated by reading upper N (1 <N <ID information length) bytes of the encrypted ID information, or A data block generated by reading the lower N (1 <N <ID information length) bytes of the encrypted ID information, or A data block generated by reading M (1 <N <(ID information length-M)) bytes of M (1 <M <ID information length byte offset) of the encrypted ID information, or A data block generated by applying a predetermined one-way hash function to the encrypted ID information, or A data block generated by reading upper N (1 <N <ID information length) bytes of the decoded ID information, or A data block generated by reading the lower N (1 <N <ID information length) bytes of the decoded ID information, or A data block generated by reading M (1 <N <(ID information length-M)) bytes of M (1 <M <ID information length byte offset) of the decoded ID information, or And at least one data block generated by applying a predetermined one-way hash function to the decrypted ID information. The method of claim 16, And a storage unit which stores ID information provided to the RFID tag in a predetermined storage medium (3). The method of claim 16 or 21, wherein the storage medium (1) and / or storage medium (2) and / or storage medium (3), Made of the same storage medium, or RFID terminal, characterized in that each consisting of a storage medium. The method of claim 16 or 21, wherein the storage medium (1) and / or storage medium (2) and / or storage medium (3), Is provided in the RFID terminal, and / or RFID terminal, characterized in that provided on the network. A recording medium comprising a program for executing a function of the RFID terminal component of claim 16, 18 or 21.

Images