KR20170047077A - Method and apparatus for confirmation of rfid - Google Patents

Method and apparatus for confirmation of rfid Download PDF

Info

Publication number
KR20170047077A
KR20170047077A KR1020150147503A KR20150147503A KR20170047077A KR 20170047077 A KR20170047077 A KR 20170047077A KR 1020150147503 A KR1020150147503 A KR 1020150147503A KR 20150147503 A KR20150147503 A KR 20150147503A KR 20170047077 A KR20170047077 A KR 20170047077A
Authority
KR
South Korea
Prior art keywords
electronic tag
payload data
user terminal
information
encryption
Prior art date
Application number
KR1020150147503A
Other languages
Korean (ko)
Inventor
손병희
Original Assignee
에릭슨엘지엔터프라이즈 주식회사
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 에릭슨엘지엔터프라이즈 주식회사 filed Critical 에릭슨엘지엔터프라이즈 주식회사
Priority to KR1020150147503A priority Critical patent/KR20170047077A/en
Publication of KR20170047077A publication Critical patent/KR20170047077A/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10237Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves the reader and the record carrier being capable of selectively switching between reader and record carrier appearance, e.g. in near field communication [NFC] devices where the NFC device may function as an RFID reader or as an RFID tag
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W4/008

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Toxicology (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • General Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention relates to authentication method and apparatus, capable of preventing illegal usage of a radio frequency identification (RFID) tag by using unique information of a user terminal. According to the present invention, an apparatus for authenticating an RFID tag encodes payload data by using a first encoding key and a second encoding key wherein the first encoding key includes information on a unique number of the user terminal and the second encoding key includes a second encoding key including information for encoding, and stores the encoded payload data in the RFID tag of the user terminal.

Description

[0001] METHOD AND APPARATUS FOR CONFIRMATION OF RFID [

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a field of electronic tags, and more particularly, to an authentication method and apparatus capable of preventing unauthorized use of an electronic tag by using unique information of a user terminal.

With the recent development of information and communication technology, the information and communication environment is rapidly changing. The popularization of cellular phones has caused many changes in everyday life as well as changes in the communication environment. Particularly, as the use of smart phones has become commonplace, various functions are added to cellular phones and the development of technologies related to information communication using cellular phones And applications are being actively pursued.

An RFID (Radio Frequency Identification) technology is widely used in which personal information such as a credit card is stored in a user terminal such as a PDA (Personal Data Assistance) and a cellular phone, and payment processing can be easily performed.

Conventionally, when a user terminal including an electronic tag does not perform a separate authentication procedure or performs an authentication procedure in the case of using an electronic tag, since it proceeds from the server side instead of the user terminal side, When replicating in the terminal, the replicated electronic tag could be used illegally.

Korean Patent Laid-Open Publication No. 10-2015-0039236 (published on April 10, 2015)

The present invention provides an authentication method and apparatus that can prevent unauthorized use of an electronic tag by using unique information of a user terminal.

The electronic tag authentication method of the present invention includes the steps of: performing encryption of payload data using a first cryptographic key including information on a unique number of a user terminal and a second cryptographic key including information for encryption; And storing the encrypted payload data in an electronic tag of the user terminal.

The RFID tag authentication apparatus of the present invention further includes a storage unit for storing a first cryptographic key including information on a unique number of the user terminal and a second cryptographic key including information for encryption; A processor for performing encryption of payload data using the second cipher key, and an electronic tag for storing the encrypted payload data.

According to the present invention, it is possible to enhance the complement of the electronic tag by using the unique information of the user terminal, and to supplement and reinforce it easily because it uses the unique information of the user terminal.

1 is a diagram illustrating an authentication process performed by a service providing server according to the related art.
BACKGROUND OF THE INVENTION 1. Field of the Invention [0001]
3 is an exemplary view illustrating an encrypted payload data forming process according to an embodiment of the present invention.
4 is a diagram illustrating an example of a payload data decoding process according to an embodiment of the present invention.
5 is a flowchart illustrating a procedure of an electronic tag authentication method according to an embodiment of the present invention.

Hereinafter, some embodiments of the present invention will be described in detail with reference to exemplary drawings. It should be noted that, in adding reference numerals to the constituent elements of the drawings, the same constituent elements are denoted by the same reference symbols as possible even if they are shown in different drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

RFID (Radio Frequency Identification) is a technology that integrates all the processes from production to sales into a microchip and tracks it on radio frequency. It is called "smart tag", "electronic label" "And" NFC (Near Field Communication) tag ".

Electronic tags are the next generation recognition technology to replace barcodes that are generally used for merchandise management in the distribution field. An electronic tag is composed of a reader that reads and decodes data and a tag that provides information, and allows a reader to read information of a tag through an antenna. In addition, it can be integrated with information system in connection with satellite or mobile communication network.

In Korea, electronic tags are being established as a system for collecting public transportation charges. The scope of utilization is not only in the field of distribution but also in animal tracking devices, automobile safety devices, personal access and access permission devices, electronic fare collection devices, It is expected to spread to various fields.

1 is a diagram illustrating an authentication process performed by a service providing server according to the related art. 1, a plurality of user terminals 110 and 130 are communicably connected to a service providing server 120 and a specific user terminal 110 is connected to an electronic tag 111 And transmits the ID and the password stored in the electronic tag 111 of the specific user terminal 110 to the service providing server 120 and the service providing server 120 performs authentication of the user terminal 110 May be limited to being used in the other user terminal 130.

In one embodiment, when receiving a call from a third party using a call forwarding function using information recorded in the electronic tag 111 of the user terminal 110, the user terminal 130 of the other user The service providing server 120 may perform authentication for the electronic tags 111 and 131 for the purpose of preventing the same call from being intercepted. That is, an ID and a password to be provided to the service providing server 120 are stored in each of the electronic tags 111 and 131 of the user terminals 110 and 130, and the service providing server 120 stores the ID and the password for providing the user terminals 110 and 130 The user terminal 110 or 130 can be authenticated and the call forwarding service can be provided only when the user terminal 110 or 130 has passed the authentication. However, since the authentication method is performed only by the service providing server 120, for example, a service to be used by the user terminal 110 may be transmitted to the user terminal 110 by using or copying the electronic tag 111 of the user terminal 110 130 to the service providing server 120, it is difficult to restrict the service.

2 is an exemplary diagram showing an electronic tag authentication apparatus according to an embodiment of the present invention.

2, the electronic tag authentication apparatus 200 may include a storage unit 210, a processing unit 220, an electronic tag 230, a communication unit 240, and a system bus 250. In one embodiment, the electronic tag authentication apparatus 200 may be included in the specific user terminal 110 and may be provided separately from the user terminal 110. The storage unit 210, the processing unit 220, the electronic tag 230, and the communication unit 240 may be connected to each other through the system bus 150.

The storage unit 210 may store a first cryptographic key including information on the unique number of the user terminal and a second cryptographic key including information for encryption. As an example, the storage unit 210 may include a media access control (MAC) address, an International Mobile Subscriber Identity (IMSI), an Integrated Circuit Card ID (ICCID), an International Mobile Equipment Identity (IMEI) And the like, but is not limited to such information. In an embodiment, the second cryptographic key may include a random number for dividing the encryption target information into units of bits and changing the arrangement order of the divided bits. In addition, the storage unit 210 may include information on an encryption program for performing encryption of payload data. The storage unit 210 may be a ROM (Read Only Memory), a RAM (Random Access Memory), a CD (Compact Disc) -ROM, a magnetic tape, a floppy disk, Or being implemented in the form of a carrier wave (e.g., transmission over the Internet), but is not limited to such an implementation.

When storing payload data which is information for using a specific service in the user terminal 110 in the electronic tag 230, the processing unit 220 generates a first password including information on the unique number of the corresponding user terminal 110, And store the encrypted payload data in the electronic tag 230 by encrypting the payload data using the second cryptographic key including information for the key and the encryption. The electronic tag 111 of the specific user terminal 110 can not be used in the other user terminal 130 because the unique number of the specific user terminal 110 is used for encryption.

FIG. 3 is a view illustrating an encrypted payload data forming process according to an embodiment of the present invention. As an example, when a mobile credit card is issued from a specific user terminal 110 and the information about the mobile credit card (payload data, 310) is stored in the electronic tag 230, Using the encryption program stored in the storage unit 210 using the MAC address 320 as the first encryption key and the authentication key 330 as the encryption information as the second encryption key, Encrypt the payload data, and store the encrypted payload data 340 in the electronic tag 230.

In another embodiment, when a mobile credit card is issued from a specific user terminal 110 and the information about the mobile credit card (payload data, 310) is stored in the electronic tag 230, 110 as a header value of the corresponding payload data with a first cryptographic key to form packet data, divides the packet data in units of bits, The authentication key 330, which is information for encryption, may be used as the second cryptographic key to change and encrypt the payload data, and store the encrypted payload data 340 in the electronic tag 230.

When receiving the signal requesting the use of the encrypted payload data 340, the processing unit 220 transmits information for encryption, stored in the storage unit 210, information on the unique number of the user terminal, Decrypts and encrypts the encrypted payload data 340 using the encrypted payload data 340 stored in the electronic tag 230 to determine whether the electronic tag 230 is valid or invalid, The service providing server 120 may request the second authentication process by forming the decrypted payload data 310 only when the service providing server 230 is valid. The second authentication process may include transmitting the ID and the password stored in the electronic tag 230 to the service providing server 120 to determine whether the ID and the password are valid or invalid. The first authentication process will be described later with reference to FIG.

4 is a diagram illustrating an example of a payload data decoding process according to an embodiment of the present invention. In an embodiment, when a specific user desires to use the mobile credit card using the user terminal 110, the user terminal 110 including the electronic tag 230 is approached near the electronic tag reader or reader, In this case, the processing unit 220 fetches the encrypted payload data 340 stored in the electronic tag 230, and includes information about the encryption program stored in the storage unit 210 and the unique number of the user terminal The first authentication process is performed using the first cryptographic key including the information for encryption and the second cryptographic key including information for encryption to determine whether the electronic tag 230 is valid or invalid and to form the decrypted payload data And transmits the decrypted payload data 310 to the service providing server 120 through the communication unit 240 to perform the second authentication process.

As another embodiment, when a specific user desires to use the mobile credit card using the user terminal 110, the user terminal 110 including the electronic tag 230 can be accessed and tagged near the electronic tag reader or reader In this case, the processing unit 220 fetches the encrypted payload data 340 stored in the electronic tag 230, and uses the information for encryption stored in the storage unit 210 to store the bits of the encrypted data 340 The arrangement order can be rearranged to form the packet data including the header value and the payload data. In addition, the processing unit 220 performs a first authentication process for comparing the header value of the packet data with the information about the unique number of the user terminal stored in the storage unit 210 to determine whether the electronic tag 230 is valid or invalid can do. When it is determined that the electronic tag 230 is valid by matching the header value of the packet data with the unique number of the user terminal stored in the storage unit 210, the processing unit 220 separates the header value from the packet data, And transmits the decrypted payload data 310 to the service providing server 120 through the communication unit 240 to perform the second authentication process.

The electronic tag 230 may store the encrypted payload data formed in the processing unit 220. In one embodiment, the electronic tag 230 may include an NFC (Near Field Communication) tag, an IC chip (Integrated Circuit Chip), and the like, but is not limited thereto.

The communication unit 240 transmits the decoded payload data to the service providing server 120, receives the result of performing the second authentication process from the service providing server 120, and transmits / receives a signal related to the service to be received .

5 is a flowchart illustrating a procedure of an electronic tag authentication method according to an embodiment of the present invention.

5, when a specific user desires to use a mobile credit card by using the user terminal 110, the user terminal 110 including the electronic tag 230 is accessed near the electronic tag reader or the reader (S510). In this case, the electronic tag authentication apparatus 200 extracts the encrypted payload data 340 stored in the electronic tag 230 and generates a first encryption key including information on the unique number of the user terminal 110, The first authentication process may be performed using the second cryptographic key including information to determine whether the electronic tag 230 is valid or invalid (S520). If the electronic tag authentication apparatus 200 determines that the electronic tag 230 is invalid, the electronic tag authentication apparatus 200 may not provide the service desired to be provided using the electronic tag 230 (S530). On the other hand, when the electronic tag authentication apparatus 200 determines that the electronic tag 230 is valid, it transmits an ID and a password to the service providing server 120 to perform a second authentication process to determine whether the ID and the password are valid or invalid (S540). If the ID and the password are valid, the electronic tag 230 can be used to provide a service (S550).

Although the method has been described through particular embodiments, the method may also be implemented as computer readable code on a computer readable recording medium. A computer-readable recording medium includes all kinds of recording apparatuses in which data that can be read by a computer system is stored. Examples of the computer-readable recording medium include a ROM, a RAM, a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like, and may be implemented in the form of a carrier wave (for example, transmission via the Internet) . In addition, the computer-readable recording medium may be distributed over network-connected computer systems so that computer readable codes can be stored and executed in a distributed manner. In addition, functional programs, codes, and code segments for implementing the above embodiments can be easily deduced by programmers of the present invention.

While specific embodiments have been described, these embodiments are provided by way of illustration and are not to be construed as limiting the scope of the disclosure. The novel methods and apparatus of the present disclosure can be implemented in various other forms, and it is possible to variously omit, substitute, and alter the embodiments disclosed herein without departing from the spirit of the present disclosure. It is intended that the appended claims and their equivalents be interpreted as embracing all such forms and modifications as fall within the scope and spirit of this disclosure.

111, 131, 230: an electronic tag 110, 130:
120: Service providing server 200: Electronic tag authentication device
210: storage unit 220:
230: Electronic tag 240:
310: payload data
320: information on the unique number of the user terminal
330: Authentication key, which is information for encryption
340: Encrypted payload data

Claims (11)

An electronic tag authentication method in a user terminal,
Performing encryption of payload data using a first cryptographic key including information on a unique number of a user terminal and a second cryptographic key including information for encryption;
Storing the encrypted payload data in an electronic tag of the user terminal
And the electronic tag authentication method. The method according to claim 1,
Determining whether the electronic tag is valid or invalid by performing a first authentication process using the first cryptographic key and the second cryptographic key when receiving a use request of the electronic tag;
Performing decryption of the encrypted payload data when it is determined that the electronic tag is valid,
Receiving a service based on the decrypted payload data from the server when the electronic tag is determined to be valid through a second authentication process by the server
Further comprising the steps of: The method according to claim 1,
The information on the unique number of the user terminal may be,
Wherein the electronic tag authentication information includes at least one of a Media Access Control (MAC) address, an International Mobile Subscriber Identity (IMSI), an Integrated Circuit Card ID (ICCID), an International Mobile Equipment Identity (IMEI) and a serial number of the user terminal. The method according to claim 1,
Wherein the step of performing encryption of the payload data comprises:
The first cryptographic key is added to the header value of the payload data to form packet data, the packet data is divided into bits, and the order of the divided bits is changed using the second cryptographic key To form the encrypted payload data
And the electronic tag authentication method. 5. The method of claim 4,
Wherein the step of determining whether the electronic tag is valid or invalid by performing the first authentication process comprises:
Dividing the encrypted payload data in units of bits and reordering the arrangement order of the divided bits using the second cryptographic key to form packet data including a header value and payload data, , ≪ / RTI &
And determining whether the electronic tag is valid or invalid by determining whether the header value matches the information about the first cipher key. As an electronic tag authentication device,
A storage unit for storing a first encryption key including information on a unique number of a user terminal and a second encryption key including information for encryption;
A processor for performing encryption of payload data using the first encryption key and the second encryption key,
An electronic tag that stores the encrypted payload data
And the electronic tag authentication device. The method according to claim 6,
Wherein,
When receiving the use request of the electronic tag, performs a first authentication process using the first cryptographic key and the second cryptographic key to determine whether the electronic tag is valid or invalid, and determines that the electronic tag is valid And decrypts the encrypted payload data when the encrypted payload data is decrypted. The method according to claim 6,
The information on the unique number of the user terminal may be,
Wherein the authentication information includes at least one of a Media Access Control (MAC) address, an International Mobile Subscriber Identity (IMSI), an Integrated Circuit Card ID (ICCID), an International Mobile Equipment Identity (IMEI), and a serial number of the user terminal. The method according to claim 6,
Wherein the information for the encryption includes a random number for changing the arrangement order of the divided bits by dividing the encryption target information into units of bits. The method according to claim 6,
Wherein,
Storing the first cryptographic key as a header value of the payload data to form packet data, dividing the packet data into units of bits, and changing an arrangement order of the divided bits using the second cryptographic key Thereby forming the encrypted payload data. 11. The method of claim 10,
Wherein,
Dividing the encrypted payload data in units of bits and reordering the arrangement order of the divided bits using the second cryptographic key to form packet data including a header value and payload data, And determines whether the electronic tag is valid or invalid by determining whether the header value matches information about the first cipher key stored in the storage unit.

KR1020150147503A 2015-10-22 2015-10-22 Method and apparatus for confirmation of rfid KR20170047077A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150147503A KR20170047077A (en) 2015-10-22 2015-10-22 Method and apparatus for confirmation of rfid

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150147503A KR20170047077A (en) 2015-10-22 2015-10-22 Method and apparatus for confirmation of rfid

Publications (1)

Publication Number Publication Date
KR20170047077A true KR20170047077A (en) 2017-05-04

Family

ID=58743419

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150147503A KR20170047077A (en) 2015-10-22 2015-10-22 Method and apparatus for confirmation of rfid

Country Status (1)

Country Link
KR (1) KR20170047077A (en)

Similar Documents

Publication Publication Date Title
KR101404673B1 (en) System for authenticating radio frequency identification tag
CN107181714B (en) Verification method and device based on service code and generation method and device of service code
KR100702971B1 (en) Method and system for encrypting Radio-Frequency-Identification Tag using Broadcast Encryption Type
EP3698535A1 (en) Privacy preserving tag
US20070150736A1 (en) Token-enabled authentication for securing mobile devices
US20160034728A1 (en) Rfid tag and reader characteristic determination using group keys
KR101449611B1 (en) System for authenticating rfid(radio frequency identification) tag
CN107302435B (en) Identity information processing method and system and corresponding server
US7620187B1 (en) Method and apparatus for ad hoc cryptographic key transfer
Cheng et al. A secure and practical key management mechanism for NFC read-write mode
KR100728629B1 (en) System and Method for Preventing Forgery of RFID Tag
KR100817222B1 (en) Method for encrypting/decrypting electronic product code and rfid system using the same
KR101162196B1 (en) System and Method for Assigning Dynamic ID to RFID Tag, RFID Tag, RFID Terminal and Recording Medium
US10511946B2 (en) Dynamic secure messaging
KR20070006526A (en) System and method for assigning dynamic id to rfid tag, rfid tag, rfid terminal and recording medium
US9715586B2 (en) Read/write device and transponder for exchanging data via an electromagnetic field
CN110533128B (en) Encryption-based anti-counterfeiting traceability data processing method, device, system and medium
US8320570B2 (en) Apparatus and method for generating secret key
Song et al. Security improvement of an RFID security protocol of ISO/IEC WD 29167-6
KR101162227B1 (en) RFID Terminal
KR20170047077A (en) Method and apparatus for confirmation of rfid
KR101426223B1 (en) Method for checking confidential information using smartcard and smart terminal, and computer-readable recording medium for the same
KR101077860B1 (en) RFID tag
CN109951423B (en) System, method and device for identity authentication and server
JP5514780B2 (en) COMMUNICATION SYSTEM, TRANSMISSION DEVICE, AND RECEPTION DEVICE