KR20090053481A - Off-line authentication system and method of preventing fabrication of genuine products - Google Patents

Abstract

The present invention provides an offline device for preventing forgery of goods, which enables the RFID reader to read data stored securely in the RFID tag and determine the authenticity of the product through simple operation in the reader without access to a central server or database. An RFID authentication system and method are provided. The offline RFID authentication system of the present invention includes an RFID tag having a function of storing data used for authenticity authentication in a secure manner and responding to a query of a reader with a simple operation; And an RFID reader having a function of verifying the integrity of data stored in the tag and checking the legitimacy of the tag's response to a query made by the tag. According to the present invention, since a server that centrally manages information on all tags is not needed, a reader without a network function can easily check the authenticity of a product if only a simple operation can be performed, thereby preventing product counterfeiting and providing reliable A distribution structure can be established.

Description

Off-line authentication system and method of preventing fabrication of genuine products

The present invention is an offline RFID for preventing forgery of goods to allow the RFID reader to read the data securely stored in the RFID tag, to determine the authenticity of the product through a simple operation in the reader without access to a central server or database An authentication system and method thereof are provided.

Damage due to counterfeit goods is occurring worldwide, and the resulting economic losses are increasing year by year. According to the 2004 International Chamber of Commerce statistics, 5-7% of the world trade is counterfeit goods, and its economic damage is estimated at more than US $ 5 billion a year. In addition, the problems that can be caused by counterfeiting are not limited to products, but they can infringe on the right distribution structure, which can lead to the reduction of legitimate jobs and taxes, and have a general negative effect on society such as consumer safety and loss of creative motivation. Can come.

As the industry's recent recognition of these problems is increasing, product authentication technology using RFID technology is attracting attention as one of technical methods for counterfeiting.

Currently, various application fields using RFID are applied in the market. There are various skills in everyday life such as access control, vehicle remote start, electronic payment system, library, inventory management, etc. However, the technology related to product certification is not widely used yet, and problems such as security problems and large-scale infrastructure must be solved.

RFID (Radio Frequency Identification) is an automatic recognition technology that attaches a tag with a unique serial number to an object and automatically recognizes the object by reading the tag's information through a wireless signal. In addition, tags can perform simple cryptographic operations on their own to support secure data communication, which, unlike conventional bar code systems, can be used as a means to prevent product forgery or tampering.

The simple way for readers to read and display the information stored in a tag still suffers from forgery of the tag itself, so cryptographic methods must be added so that the data sent from the tag cannot be reused or duplicated.

Previous patents on RFID authentication systems for counterfeiting of goods include: KR 10-2004-0056651 (July 21, 2004) (Jeong Jae-kyung) proposes a genuine identification device and method using an RFID tag, and mounts the genuine data on the RFID chip and reads it with the identification device to determine the central processing unit. You should be able to confirm the authenticity by communicating with. KR 10-2005-0025257 (Mar. 26, 2005) (Escape Telecom Co., Ltd.) proposes a method and system for preventing product forgery using RFID, and the code number input to the RFID tag and the product of the product It detects the information and sends it to the product management server connected to the mobile communication network to determine whether the product is normally manufactured and normally distributed. In KR 10-2003-0020603 (September 15, 2005) (Park, Mi-Kyung), among the many secret encryption keys held by the tag reader, the secret encryption key corresponding to the secret encryption key stored in the tag is based on a signal received from the tag. It is specified. The tag reader receives the encrypted product information from the tag, decrypts it with this secret encryption key and expresses the result in plain text on the display.

As described above, the RFID authenticity authentication system proposed in the early days simply reads the product-related information stored in the tag and displays it on the screen, which considers security problems such as reuse attacks, eavesdropping, and forgery of the tag itself. I did not. A malicious attacker could simply tamper with the tag by eavesdropping the information the tag sends to the reader and copying that information to another tag.

The proposed RFID authentication system solves the problem of tag forgery using cryptographic method. In this technique, a reader needs a private key that corresponds to a tag in order to perform cryptographic operations, where the private key must be stored in advance by the reader or stored in a central database. Since the reader that authenticates the tag can be any user, the method of storing the secret key in the reader implies the problem of key leakage, and the secret is not exposed to malicious attackers. There is a problem with the secret key distribution, which requires the distribution of the key. The method of storing all the secret keys in a central database secured from external attacks requires the reader to access the central server in real time, so the reader must have network capabilities. It becomes impossible. To solve this problem, complex management of servers and networks must be involved.

The present invention is ultimately to solve the problems caused by the counterfeit goods, a complex central database or reader does not need to store the secret key in advance, anyone based on the information stored in the tag easily and securely An object of the present invention is to provide an offline RFID authentication system and method for verifying authenticity.

In order to solve the above problems, the offline RFID authentication system of the present invention for achieving the above object, stores the data required for product authentication in an unmodifiable memory, and delivers the data to the reader in the authentication process and for the query of the reader An RFID tag that performs a response; And

Based on the information stored in the RFID tag and cryptographic operations, it is possible to determine whether the product is manufactured and normally distributed through a query and response mechanism between the reader and the tag without access to a central server or database, or a pre-shared secret key. It includes an RFID reader.

Offline RFID authentication method of the present invention for achieving the above object,

(a) before the product is shipped, the manufacturer creates a secret key and a digital signature and stores it in a tag and attaches the tag to the product; And

(b) after the product is shipped, the reader reads information from the tag attached to the product and verifies that the tag is actually a tag made from a legitimate manufacturer.

Preferably the authentication step (b) is back to step 5 in detail

(b1) requesting the reader to notify the tag of the start of the authentication process;

(b2) the tag transmitting the digital signature of the manufacturer and its unique number stored by the tag to the reader;

(b3) the leader confirms the validity of the manufacturer's signature and queries the tag using the data obtained therefrom;

(b4) the tag responds to the reader after the operation using its private key in the query received from the reader; And

(b5) After the reader adds the information received from the tag and compares the result value with the tag value extracted from the manufacturer's signature, the reader completes authenticity verification.

The offline RFID authentication system and method used in the present invention do not require the reader's network function, pre-shared secret key, or access to a central database during tag authentication. This eliminates the need for complex network infrastructure and key distribution, and allows anyone to easily verify the authenticity of the product with a reader capable of simple cryptographic operations. In addition, by preventing the duplication of tags due to leakage or eavesdropping of secret keys, it provides a reliable technical device for preventing counterfeiting of products to both producers and consumers to establish a sound distribution structure.

Hereinafter, an offline RFID authentication system and method thereof according to a specific embodiment of the present invention will be described in detail with reference to the accompanying drawings.

1 is a block diagram of an offline RFID authentication system according to the present invention. As shown in FIG. 1, the RFID tag 111 is attached to the product 110 for authentication and the RFID reader 100 reads information of the tag 111 and performs authentication.

Referring to FIG. 1, the RFID reader 100 includes a controller 101 for overall control, a memory 102 for temporarily storing data in an operation performed in an authentication process, and an RF for RF communication with a tag 110. Communication module 103, and antenna 104. The RFID tag 111 includes a read-only memory 112 for storing data used for authentication, a security logic 113 for performing cryptographic operations required during the authentication process, and a reader 100. RF communication module 114 for performing RF communication, and antenna 115 is included.

The controller 101 in the RFID reader 100 generally performs cryptographic operations for RF communication and authentication. A function of verifying the manufacturer's signature received from the tag 111 and restoring data therefrom, and comparing the response of the tag 111 with the recovered data is performed. The memory 102 in the RFID reader 100 stores a public key of a manufacturer required for signature verification as a readable and writable memory, and then temporarily stores the restored data. The RF communication modules 103 and 114 of the reader and the tag are respectively responsible for the transmission and reception of RF signals transmitted to each other through the transmission and reception antennas 104 and 115.

Memory 112 in RFID tag 111 is an unmodifiable memory that stores data used for authentication. The security logic 113 is made in advance to perform a specific cryptographic operation and is configured to perform a hash function in the present invention.

2 and 3 are flowcharts for explaining an offline RFID authentication method according to an embodiment of the present invention, Figure 2 is a registration for storing the information required for authentication by the manufacturer prior to shipping the product in the tag and tag the article 3 is a flowchart illustrating an example of a process in which a reader authenticates a tag when a reader actually checks the authenticity of a product.

1 and 2, the manufacturer generates a random random key different for each tag (200), and generates its own digital signature using the generated random secret key and the unique number of the tag (210). The two generated data are safely stored in the memory 112 of the tag 111 (220) and the stored tag is attached to the product (230). The product 110 and the tag 111 are physically coupled so that when the tag is separated from the product, the tag is destroyed so that the authentication process cannot be performed.

1 and 3, the reader 100 transmits an authentication request signal to the tag 111 within its signal range (300). The tag 111 receiving the authentication request signal from the reader 100 transmits the manufacturer's signature and ID of the tag stored in the tag to the reader 100 (310). The reader 100 verifies the received manufacturer's signature using the manufacturer's public key and recovers data for authentication (320). At this time, if the signature verification fails, the leader judges the product as a counterfeit (370), otherwise proceeds with the authentication process. Thereafter, the reader 100 generates a query using the recovered data and the random number generated by the reader and transmits the query to the tag 111 (330). The tag 111 receives the query, calculates a response using the secret key stored in the tag, and transmits the response to the reader 100 (340). The reader 100 compares the data recovered from the signature with the response using additional cryptographic operations (350). If this is the same, the reader determines the product to be genuine (360), otherwise it is a counterfeit. (370).

4 and 5 are diagrams illustrating the flow of data and cryptographic operations in detail in the processes performed in FIGS. 2 and 3. The main cryptographic operation used here uses the manufacturer's digital signature to prove that the information associated with the tag was actually provided by the legitimate manufacturer. We also use a hash function (H) with special properties to make key information unknown. The hash function used below has the same property that the result value is the same regardless of the application order since the exchange law is established as follows.

H (k2, M)) = H (k2, H (k1, M))

FIG. 4 shows a detailed flowchart of the data including the specific cryptographic operation of the registration process shown in FIG. 2.

Referring to FIG. 4, a manufacturer generates a secret key k with a random number generator PRNG (400). The tag has a unique serial number (ID) assigned during the tag manufacturing process. The manufacturer hashes this value using the tag's secret key k (H (k, ID)). In addition, an ID is added to the result H (k, ID) calculated in the above process to generate a digital signature sig with its own private key sk (410). The generated manufacturer's digital signature (sig) and tag's secret key (k) are securely stored in the tag's memory (420).

FIG. 5 shows a detailed flow chart of the data, including specific cryptographic operations, for the authentication process shown in FIG.

According to FIG. 5, the reader first sends a request message to the tag requesting the start of the authentication process (500). The tag receiving the request message transmits the manufacturer's digital signature (sig) and his own ID (ID) stored by the manufacturer to the reader (510). The reader verifies whether the signature is appropriate using the manufacturer's public key (pk) and the ID of the tag (520), recovers the hash value (H (k, ID)) of the ID from the signature, if appropriate, and stores the value in memory. Temporarily store it, then carry out the process, and if the signature is not appropriate, complete the certification process and judge the product as a counterfeit. The reader creates a nonce (n) with a random number generator (530) and uses this to hash (H (n, ID)) the tag ID (540). When the result value is transmitted to the tag using the query (c) (550), the tag hashes (H (k, c)) again using its private key k (560). This result is sent to the reader in response r (570). The reader receiving the response (r) hashes (H (n, H (k, ID)) the hash value (H (k, ID)) previously stored from the signature using its temporary value. The value r 'is compared with the response r of the tag, so the final value can be compared as follows, depending on the nature of the hash function.

H (n, H (k, ID)) = H (k, H (n, ID))

If the comparison results are the same, the reader will determine that the product is genuine from the legitimate manufacturer, otherwise the product will be considered a counterfeit.

As described above, in the offline RFID authentication system and method of the present invention, the reader does not have a secret key in advance and performs authentication only by communication between the reader and the tag. The manufacturer stores the information necessary for authentication in the tag in advance by using the cryptographic method, and then in the authentication process, the reader executes a query / response mechanism based on the information stored in the tag. It is possible to confirm whether the tag is a valid tag attached from the manufacturer.

In more detail, before a RFID tag is attached to a product, the manufacturer generates a digital signature value using the data related to the tag and stores it in the tag. After the authentication process, the reader extracts information related to the tag from this signature value and sends a query to the reader based on the extracted information. For a specific query, the tag responds after additional operations using its private key, and the reader performs additional cryptographic operations and compares it with the information extracted by the signature to determine whether it is a valid tag or authenticity. .

In particular, the present invention can be easily implemented because there are no problems such as complex network infrastructure or server management, and detailed algorithms required for authentication can be used as well known ones. Applicable to

1 is a block diagram of an RFID system to which the present invention is applied.

FIG. 2 is an exemplary flowchart illustrating a registration process in which a manufacturer stores information necessary for authentication in a tag and attaches a tag to an article before shipping the product.

3 is a flowchart illustrating an example of a process in which a reader authenticates a tag when the reader actually checks the authenticity of the product.

4 is a flow chart of an authentication method showing the flow of data in detail including the cryptographic operation of the registration process shown in FIG.

FIG. 5 is a flow chart of an authentication method showing the flow of data in detail including the cryptographic operation of the authentication process shown in FIG.

<Description of the symbols for the main parts of the drawings>

100: RFID Reader

110: Product

111: RFID Tag

k: tag's secret key

sk, pk: Manufacturer's private key, public key

PRNG: Random Number Generator

ID: Unique number of tag

E (), D (): Encryption and Decryption Functions

H (): Hash function that the exchange law holds

Claims (8)

In the offline RFID authentication system, An RFID tag that stores data necessary for product authentication in an unmodifiable memory and delivers the data to the reader and performs a response to the reader's query during the authentication process; And Based on the information stored in the RFID tag and cryptographic operations, it is possible to determine whether the product is manufactured and normally distributed through the query and response mechanism between the reader and the tag without access to a central server or database or a pre-shared secret key. Offline RFID authentication system for product forgery prevention, characterized in that comprising an RFID reader. The RFID reader of claim 1, wherein the RFID reader includes a controller 101 for overall control, a memory 102 for temporarily storing data in an operation performed during an authentication process, and an RF communication module 103 for RF communication with a tag. , And an offline RFID authentication system for preventing forgery of goods, characterized in that it comprises an antenna (104). The RFID tag of claim 1, wherein the RFID tag comprises a read-only memory 112 for storing data used for authentication, a security logic 113 for performing cryptographic operations required during the authentication process, An offline RFID authentication system for preventing product forgery, comprising an RF communication module 114 for performing RF communication with a reader, and an antenna. [4] The offline RFID authentication system of claim 3, wherein the security logic of the RFID tag only needs to perform a simple hash function to minimize the cost of the tag. In the offline RFID authentication method, (a) before the product is shipped, the manufacturer creates a secret key of the tag, which is information used for product certification, and a digital signature of the manufacturer, and stores the tag in the tag and attaches the tag to the product; (b) after the product is shipped, the reader reads information from the tag attached to the product and authenticates whether the tag is actually a tag made from a legitimate manufacturer. The method of claim 5, wherein step (b) (b1) requesting the reader to notify the tag of the start of the authentication process; (b2) the tag transmitting the digital signature of the manufacturer and its unique number stored by the tag to the reader; (b3) the leader confirms the validity of the manufacturer's signature and queries the tag using a portion of the value; (b4) the tag responds to the reader after the operation using its private key in the query received from the reader; (b5) an offline RFID authentication method for preventing forgery of a product, characterized in that the reader finishes authenticity by comparing the information received from the tag with the result value after the additional operation and the value of the tag extracted from the manufacturer's signature. In the offline RFID tag that stores the information for authentication in the central server or database, or used in the offline RFID authentication system for anti-counterfeiting that does not require the reader to connect to the server during the authentication process, Read-only memory 112 for storing data used for authentication; A security logic 113 for performing cryptographic operations required in the authentication process; An RF communication module 114 for performing RF communication with a reader; And RFID tag for transmitting the data to the reader in the authentication process, or performing an answer to the reader's query, including an antenna (115) for RF communication with the reader. In the offline RFID reader that stores the information for authentication in the central server or database, or used in the offline RFID authentication system to prevent forgery that does not require the reader to access the server during the authentication process, A controller 101 for overall control; A memory 102 for temporarily storing data in an operation performed in the authentication process; RF communication module 103 for RF communication with an RFID tag that stores a digitally signed value of a manufacturer, rather than storing plain text as it is, in order to prevent duplication due to leakage of the information from an attacker when storing information necessary for authentication. ; And Including an antenna 104 for RF communication with the RFID tag, Based on the information stored in the RFID tag and cryptographic operations, it is possible to determine whether the product is manufactured and normally distributed through the query and response mechanism between the reader and the tag without access to a central server or database or a pre-shared secret key. RFID reader.

Images