TW201701611A - Authenticity determination device, authenticity determination system, and authenticity determination method - Google Patents

Authenticity determination device, authenticity determination system, and authenticity determination method Download PDF

Info

Publication number
TW201701611A
TW201701611A TW104120461A TW104120461A TW201701611A TW 201701611 A TW201701611 A TW 201701611A TW 104120461 A TW104120461 A TW 104120461A TW 104120461 A TW104120461 A TW 104120461A TW 201701611 A TW201701611 A TW 201701611A
Authority
TW
Taiwan
Prior art keywords
information
signature
unit
verification
discrimination
Prior art date
Application number
TW104120461A
Other languages
Chinese (zh)
Other versions
TWI609581B (en
Inventor
Takashi Ito
Nori Matsuda
Mitsuhiro Hattori
Takumi Mori
Original Assignee
Mitsubishi Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Electric Corp filed Critical Mitsubishi Electric Corp
Publication of TW201701611A publication Critical patent/TW201701611A/en
Application granted granted Critical
Publication of TWI609581B publication Critical patent/TWI609581B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to an authenticity determination device which determines whether a machine is authentic or an imitation. This authenticity determination device is provided with: a communication unit which receives component information indicating information about components constituting the inside of a target device for which authenticity is to be determined, device information indicating information specific to the target device, and signature information for the combination of the component information and the device information of the target device; a verification key storage unit which stores a verification key corresponding to a generating key that generated the signature information; a signature verification unit which uses the verification key to verify the validity of the combination of the component information, the device information and the signature information received by the communication unit; and a determination unit which determines the authenticity of the target device on the basis of the validity verified by the signature verification unit.

Description

真品贗品判別裝置、真品贗品判別系統以及真品贗品判別方法 Authentic product identification device, authentic product identification system, and authentic product identification method

本發明係關於判別機器是正規品或仿製品的真品贗品判別裝置。 The present invention relates to a genuine product discrimination device for discriminating that a machine is a regular product or an imitation product.

隨著機器的製造技術的發達,因為假冒正規機器的仿製品製造變得比較容易,用以辨別正規品與仿製品之真品贗品判別技術的重要性增加。作為進行真品贗品判別的方法之一,有以下方法,只能產生正規的機器製造者的真品贗品判別用的資訊,以條碼或二維條碼等的形式貼附在機器上,藉由讀取此條碼進行真品贗品判別。專利文件1中,揭示以只有正規的機器製造者知道的鍵密碼化每一機器固有的辨識資訊,給予機器得到的密碼化資料,藉此能夠判別真偽。 With the development of machine manufacturing technology, the imitation of counterfeit regular machines has become easier, and the importance of discriminating techniques for identifying genuine and imitation products has increased. As one of the methods for discriminating genuine products, there is a method in which only the information for authentic product manufacturer's genuine product identification can be generated, and attached to the machine in the form of a barcode or a two-dimensional barcode, etc., by reading this. Bar code for authentic product identification. Patent Document 1 discloses that the identification information unique to each machine is cryptographically recognized by a key known to a regular machine manufacturer, and the cryptographic data obtained by the machine is given, whereby the authenticity can be discriminated.

[先行技術文件] [advance technical documents] [專利文件] [Patent Document]

[專利文件1]日本專利第2007-166519號公開公報 [Patent Document 1] Japanese Patent Publication No. 2007-166519

專利文件1的方法,由於只有正規的機器製造者 可以產生正確的真品贗品判別用資訊作為條碼,即使具惡意的攻擊者適當製作真品贗品判別用資訊,也提供可以檢出此資訊的構造。不過,攻擊者得手正規機器時,由於複製給予機器的正確真品贗品判別用資訊的條碼,另外給予仿製的機器,有可以製作通過真品贗品判別的仿製品的課題。又,發現複數相同的真品贗品判別用資訊時,可以檢出不當,但此方法可能只對於少數的機器進行真品贗品判別時起作用。 Patent Document 1 method, since only regular machine builders It is possible to generate correct authentic product identification information as a barcode, and provide a structure that can detect this information even if a malicious attacker appropriately prepares the information for authentic product identification. However, when the attacker succeeds in the normal machine, the copying of the correct authentic product identification information bar code is given to the machine, and the imitation machine is provided, and there is a problem that the imitation product can be produced by the genuine product. In addition, it is possible to detect inappropriate information when the same number of genuine product identification information is found, but this method may only work when a small number of machines perform genuine product identification.

因為本發明係用以解決上述的課題而形成,不只是條碼上的資訊,構成機器內部的元件的資訊也同時取得,進行真品贗品判別,以實現也可以檢出根據條碼複製產生的仿製品之真品贗品判別裝置為目的。 Since the present invention is formed to solve the above-mentioned problems, not only the information on the barcode, but also the information constituting the components inside the machine is acquired at the same time, and the authentic product identification is performed, so that the imitation product generated according to the barcode copy can be detected. The purpose of the authentic product discriminating device.

為了解決上述課題,本發明的真品贗品判別裝置,包括通訊部,接收顯示構成判別真偽的判別對象裝置的內部之元件的資訊之元件資訊、顯示判別對象裝置的固有資訊之裝置資訊以及對於判別對象裝置的裝置資訊與元件資訊的配對之署名資訊;驗證鍵記憶部,記憶對應產生署名資訊的產生鍵之驗證鍵;署名驗證部,使用驗證鍵,驗證通訊部接收的元件資訊、裝置資訊與署名資訊的配對正當性;以及判別部,根據署名驗證部驗證的正當性,判別判別對象裝置的真偽。 In order to solve the problem, the authenticity product discriminating device of the present invention includes a communication unit that receives component information that displays information of components inside the device that determines the authenticity of the authenticity, device information that displays the unique information of the device to be identified, and The signature information of the device information of the target device and the component information; the verification key memory unit memorizes the verification key corresponding to the generation key of the signature information; the signature verification unit uses the verification key to verify the component information and device information received by the communication unit and The matching legitimacy of the signature information; and the determination unit determines the authenticity of the device to be determined based on the validity of the verification by the signature verification unit.

根據本發明,也同時取得構成機器內部的元件之資訊,進行真品贗品判別,得到可以檢出根據條碼的複製產生的仿製品之效果。 According to the present invention, the information of the components constituting the inside of the machine is simultaneously obtained, and the authentic product discrimination is performed, and the effect of detecting the copy produced by the copying of the barcode is obtained.

1‧‧‧真品贗品判別裝置 1‧‧‧ Genuine product identification device

2‧‧‧判別對象裝置 2‧‧‧Target device

3‧‧‧判別資訊登錄裝置 3‧‧‧Densus information registration device

4‧‧‧真品贗品判別系統 4‧‧‧ Genuine product identification system

5‧‧‧判別資訊取得裝置 5‧‧‧Discrimination information acquisition device

6‧‧‧網路 6‧‧‧Network

20‧‧‧驗證鍵記憶部 20‧‧‧Verification key memory

21‧‧‧署名驗證部 21‧‧‧Signature Verification Department

22‧‧‧判別部 22‧‧‧Discrimination Department

23‧‧‧通訊部 23‧‧‧Communication Department

30‧‧‧匯流排 30‧‧‧ Busbars

31‧‧‧記憶體 31‧‧‧ memory

32‧‧‧處理器 32‧‧‧ processor

33‧‧‧通訊模組 33‧‧‧Communication module

34‧‧‧輸入界面 34‧‧‧Input interface

35‧‧‧顯示器 35‧‧‧ display

40‧‧‧元件 40‧‧‧ components

41‧‧‧元件資訊記憶部 41‧‧‧Component Information Memory Department

42‧‧‧元件資訊取得部 42‧‧‧Component Information Acquisition Department

43‧‧‧通訊部 43‧‧‧Communication Department

44‧‧‧裝置資訊記憶部 44‧‧‧Device Information Memory Department

45‧‧‧署名記憶部 45‧‧‧Signature Memory

70‧‧‧匯流排 70‧‧‧ busbar

71‧‧‧記憶體 71‧‧‧ memory

72‧‧‧處理器 72‧‧‧ processor

73‧‧‧通訊模組 73‧‧‧Communication module

74‧‧‧輸入界面 74‧‧‧ input interface

75‧‧‧顯示器 75‧‧‧ display

80‧‧‧署名鍵對產生部 80‧‧‧ Signature Key Generation Department

81‧‧‧署名鍵對記憶部 81‧‧‧ Signature key to the memory department

82‧‧‧署名產生部 82‧‧‧Signature Generation Department

83‧‧‧通訊部 83‧‧‧Communication Department

84‧‧‧判別資訊登錄部 84‧‧‧Digital Information Registration Department

100‧‧‧匯流排 100‧‧‧ busbar

101‧‧‧記憶體 101‧‧‧ memory

102‧‧‧處理器 102‧‧‧Processor

103‧‧‧條碼印刷機 103‧‧‧Barcode printing machine

104‧‧‧通訊模組 104‧‧‧Communication module

105‧‧‧輸入界面 105‧‧‧Input interface

106‧‧‧顯示器 106‧‧‧ display

110‧‧‧元件資訊取得部 110‧‧‧Component Information Acquisition Department

111‧‧‧裝置資訊取得部 111‧‧‧Device Information Acquisition Department

112‧‧‧通訊部 112‧‧‧Communication Department

113‧‧‧顯示部 113‧‧‧Display Department

120‧‧‧匯流排 120‧‧‧ busbar

121‧‧‧記憶體 121‧‧‧ memory

122‧‧‧處理器 122‧‧‧Processor

123‧‧‧條碼閱讀器 123‧‧‧Barcode Reader

124‧‧‧攝影機 124‧‧‧ camera

125‧‧‧通訊模組 125‧‧‧Communication Module

126‧‧‧輸入界面 126‧‧‧ input interface

127‧‧‧顯示器 127‧‧‧ display

160‧‧‧接收資料驗證部 160‧‧‧Received Data Verification Department

170‧‧‧輸入部 170‧‧‧ Input Department

[第1圖]係顯示以第一實施例的真品贗品判別裝置1判別判別對象裝置2的正當性之真品贗品判別系統的一構成例圖;[第2圖]係顯示第一實施例的真品贗品判別裝置1的一構成例圖;[第3圖]係顯示真品贗品判別裝置1的硬體構成的一範例圖;[第4圖]係顯示第一實施例的判別對象裝置2的一構成例圖;[第5圖]係顯示元件資訊記憶部41記憶的元件資訊的一範例圖;[第6圖]係顯示裝置資訊記憶部44記憶的裝置資訊的一範例圖;[第7圖]係顯示判別對象裝置2的硬體構成的一範例圖;[第8圖]係顯示第一實施例的判別資訊登錄裝置3的一構成例圖;[第9圖]係顯示署名鍵對記憶部81記憶的產生鍵與驗證鍵的一範例圖;[第10圖]係顯示判別資訊登錄裝置3的硬體構成的一範例圖;[第11圖]係顯示第一實施例的判別資訊取得裝置5的一構成例圖; [第12圖]係顯示判別資訊取得裝置5的硬體構成的一範例圖;[第13圖]係顯示第一實施例的判別資訊登錄裝置3的動作流程的流程圖;[第14圖]係顯示第一實施例的真品贗品判別裝置1的動作流程的流程圖;[第15圖]係顯示以第二實施例的真品贗品判別裝置1判別已連接網路的判別對象裝置2的正當性之真品贗品判別系統的一範例圖;[第16圖]係顯示第二實施例的真品贗品判別裝置1的一構成例圖;[第17圖]係顯示第二實施例的判別對象裝置2的一構成例圖;[第18圖]係顯示第二實施例的判別資訊取得裝置5的一構成例圖;以及[第19圖]係顯示第二實施例的真品贗品判別裝置1的動作流程的流程圖。 [Fig. 1] is a view showing an example of a configuration of a genuine product discrimination system for determining the legitimacy of the determination target device 2 by the authentic product discrimination device 1 of the first embodiment; [Fig. 2] shows the authenticity of the first embodiment. FIG. 3 is a view showing an example of the hardware configuration of the genuine product discrimination device 1; FIG. 4 is a view showing a configuration of the discrimination target device 2 of the first embodiment. [Fig. 5] is a diagram showing an example of component information stored in the component information storage unit 41; [Fig. 6] is an example diagram showing device information memorized by the device information storage unit 44; [Fig. 7] An example of the hardware configuration of the discrimination target device 2 is shown; [Fig. 8] shows a configuration example of the discrimination information registration device 3 of the first embodiment; [Fig. 9] shows the signature key pair memory unit. An example diagram of the generation key and the verification key of the memory; [Fig. 10] is an example diagram showing the hardware configuration of the discrimination information registration device 3; [Fig. 11] shows the discrimination information acquisition apparatus of the first embodiment. An example of a configuration of 5; [Fig. 12] is a diagram showing an example of the hardware configuration of the discrimination information acquisition device 5; [Fig. 13] is a flowchart showing the flow of the operation of the discrimination information registration device 3 of the first embodiment; [Fig. 14] A flowchart showing the flow of the operation of the authenticity product discriminating device 1 of the first embodiment; [Fig. 15] shows the legitimacy of the discriminating device 2 for judging the connected network by the authentic product discriminating device 1 of the second embodiment. An example of a genuine product discrimination system; [FIG. 16] shows a configuration example of the authentic product discrimination device 1 of the second embodiment; [17] shows the determination target device 2 of the second embodiment. FIG. 18 is a view showing an example of the configuration of the discrimination information acquisition device 5 of the second embodiment; and FIG. 19 is a flow chart showing the operation of the authenticity discrimination device 1 of the second embodiment. flow chart.

[第一實施例] [First Embodiment]

第1圖係顯示以第一實施例的真品贗品判別裝置1判別判別對象裝置2的正當性之真品贗品判別系統4的一構成例圖。 1 is a view showing an example of a configuration of the authenticity product discrimination system 4 for determining the legitimacy of the determination target device 2 by the authentic product discrimination device 1 of the first embodiment.

第1圖中,真品贗品判別系統4,包括判別對象裝置2,成為真品贗品的判別對象;以及判別資訊取得裝置5,從判別 對象裝置2取得用以判別真偽的判別資訊。判別資訊係例如關於判別對象裝置2的元件資訊、裝置資訊、署名資訊等。又,真品贗品判別裝置1,經由網路6連接至判別資訊取得裝置5,根據判別資訊取得裝置5取得的判別資訊,利用數位署名技術判別判別對象裝置2的正當性。 In the first drawing, the authenticity product discrimination system 4 includes the determination target device 2, which is a target for determining a genuine product, and the discrimination information acquisition device 5 The target device 2 acquires discrimination information for discriminating the authenticity. The discrimination information is, for example, component information, device information, signature information, and the like of the discrimination target device 2. Further, the authenticity product discrimination device 1 is connected to the discrimination information acquisition device 5 via the network 6, and determines the legitimacy of the determination target device 2 by the digital signature technique based on the discrimination information acquired by the discrimination information acquisition device 5.

真品贗品判別裝置1與判別對象裝置2中,當真品贗品判別系統4在工廠製造之際,由判別資訊登錄裝置3登錄用以判別真偽的判別資訊。之後,具有登錄判別資訊的真品贗品判別裝置1與判別對象裝置2之真品贗品判別系統4,從工廠作為製品出貨。 In the authenticity product discriminating device 1 and the discrimination target device 2, when the genuine product discrimination system 4 is manufactured at the factory, the discrimination information registration device 3 registers the discrimination information for discriminating the authenticity. After that, the authenticity discrimination device 1 having the registration determination information and the authenticity discrimination system 4 of the determination target device 2 are shipped as products from the factory.

第2圖係顯示第一實施例的真品贗品判別裝置1的一構成例圖。 Fig. 2 is a view showing an example of the configuration of the genuine product discriminating device 1 of the first embodiment.

真品贗品判別裝置1,接受來自判別資訊取得裝置5的請求,利用數位署名技術進行判別對象裝置2的真品贗品判別。第2圖中,驗證鍵記憶部20記憶用以驗證判別對象裝置2的署名記憶部45記憶的署名資訊之署名的驗證鍵。 The authenticity product discrimination device 1 receives the request from the discrimination information acquisition device 5, and performs the identification of the authenticity of the determination target device 2 by the digital signature technique. In the second drawing, the verification key storage unit 20 stores a verification key for verifying the signature of the signature information stored in the signature storage unit 45 of the determination target device 2.

署名驗證部21,利用驗證鍵記憶部20記憶的署名的驗證鍵,進行署名驗證處理。此署名驗證處理,利用既存的密碼技術之署名驗證技術可以實現。 The signature verification unit 21 performs signature verification processing by using the verification key of the signature stored in the verification key storage unit 20. This signature verification process can be implemented using signature verification techniques of existing cryptographic techniques.

判別部22,根據署名驗證部21執行的署名驗證處理結果,進行判別對象裝置2的真品贗品判別。 The determination unit 22 performs the determination of the authenticity of the determination target device 2 based on the result of the signature verification processing executed by the signature verification unit 21.

通訊部23,係與真品贗品判別裝置1的外部進行通訊之通訊模組。 The communication unit 23 is a communication module that communicates with the outside of the genuine product discrimination device 1.

第3圖係顯示真品贗品判別裝置1的硬體構成的 一範例圖。 Fig. 3 is a view showing the hardware configuration of the genuine product discrimination device 1. An example diagram.

真品贗品判別裝置1係電腦,真品贗品判別裝置1的各構成要素可以以程式實現。真品贗品判別裝置1的硬體構成,係連接記憶體31、處理器32、通訊模組33、輸入界面34、顯示器35至匯流排30。 The genuine product discrimination device 1 is a computer, and each component of the genuine product discrimination device 1 can be realized by a program. The hardware configuration of the authenticity discrimination device 1 is to connect the memory 31, the processor 32, the communication module 33, the input interface 34, and the display 35 to the bus bar 30.

記憶體31,例如是RAM(隨機存取記憶體)等的主記憶裝置或ROM(唯讀記憶體)或快閃記憶體、硬碟裝置等的外部記憶裝置。 The memory 31 is, for example, a main memory device such as a RAM (Random Access Memory) or a ROM (read only memory) or an external memory device such as a flash memory or a hard disk device.

處理器32,係實行程式的CPU(中央處理單元)等。 The processor 32 is a CPU (Central Processing Unit) or the like that executes a program.

通訊模組33,係實行資料的通訊處理之電子電路,例如通訊埠等。 The communication module 33 is an electronic circuit that performs communication processing of data, such as a communication port.

輸入界面34,係處理對於真品贗品判別裝置1的輸入資料之裝置,例如,觸控面板、硬體鍵、滑鼠、鍵盤等。 The input interface 34 is a device that processes input data to the authenticity discrimination device 1, for example, a touch panel, a hardware key, a mouse, a keyboard, and the like.

顯示器35,係顯示真品贗品判別裝置1產生的真偽判別結果的輸出資料之裝置。 The display 35 is a device that displays the output data of the authenticity determination result generated by the genuine product discrimination device 1.

程式,通常記憶在記憶體31內,讀入處理器32內並實行。此程式,係實現說明為構成真品贗品判別裝置1的署名驗證部21、判別部22、通訊部23的機能之程式。 The program, which is usually stored in the memory 31, is read into the processor 32 and executed. This program is a program for explaining the functions of the signature verification unit 21, the determination unit 22, and the communication unit 23 that constitute the authentic product discrimination device 1.

又,記憶體31的外部記憶裝置中,也記憶作業系統(OS),OS的至少一部分載入至主記憶裝置內,處理器32,一邊實行OS,一邊實行上述程式。 Further, in the external memory device of the memory 31, the operating system (OS) is also stored, and at least a part of the OS is loaded into the main memory device, and the processor 32 executes the program while executing the OS.

又,以下實施例的說明中,驗證鍵記憶部20記憶的資訊或資料,顯示署名驗證部21、判別部22、通訊部23的處理結果的資訊、資料、信號值、變數值,作為檔案記憶在記 憶體31內。 In the description of the following embodiment, the information or data stored in the key storage unit 20 is verified, and information, data, signal values, and variable values of the processing results of the signature verification unit 21, the determination unit 22, and the communication unit 23 are displayed as file memories. In mind Recall within body 31.

又,第3圖的構成,原則上是顯示裝置的硬體構成的一範例,裝置的硬體構成不限於第3圖中記載的構成,其他的構成也可以。 Further, the configuration of Fig. 3 is, in principle, an example of the hardware configuration of the display device, and the hardware configuration of the device is not limited to the configuration described in Fig. 3, and other configurations may be employed.

第4圖係顯示第一實施例的判別對象裝置2的一構成例圖。 Fig. 4 is a view showing an example of the configuration of the discrimination target device 2 of the first embodiment.

判別對象裝置2,記憶用以證明本身是正當裝置的判別資訊,並傳送判別資訊至判別資訊取得裝置5。 The discrimination target device 2 memorizes the discrimination information for proving that it is a legitimate device, and transmits the discrimination information to the discrimination information acquisition device 5.

第4圖中,元件40表示判別對象裝置2的構成要素具有的一致性。例如,元件40的一範例,在判別對象裝置2中,除了框架部分,係裝置內部全體。又,本實施例中,說明關於判別對象裝置2具有單一的元件40的情況,但判別對象裝置2具有複數的元件也可以。 In Fig. 4, the element 40 indicates the consistency of the constituent elements of the discrimination target device 2. For example, an example of the component 40 is the entire interior of the device except for the frame portion in the discrimination target device 2. In the present embodiment, the case where the determination target device 2 has a single element 40 will be described. However, the determination target device 2 may have a plurality of elements.

元件資訊記憶部41,記憶關於元件40的資訊之元件資訊。 The component information storage unit 41 stores component information on the information of the component 40.

第5圖係顯示元件資訊記憶部41記憶的元件資訊的一範例圖。 Fig. 5 is a view showing an example of component information stored in the component information storage unit 41.

第5圖中,元件資訊的範例,例如元件名、元件製造年月日、元件序號等。 In Fig. 5, examples of component information, such as component name, component manufacturing date, component number, and the like.

元件資訊取得部42,接收來自通訊部43的取得要求,取得元件資訊記憶部41內記憶的元件資訊,並傳送取得的元件資訊至通訊部43。 The component information acquisition unit 42 receives the acquisition request from the communication unit 43, acquires the component information stored in the component information storage unit 41, and transmits the acquired component information to the communication unit 43.

裝置資訊記憶部44,記憶判別對象裝置2內固有資訊的裝置資訊。 The device information storage unit 44 stores device information of the information inherent in the discrimination target device 2.

第6圖係顯示裝置資訊記憶部44記憶的裝置資訊的一範例圖。 Fig. 6 is a view showing an example of device information stored in the device information storage unit 44.

第6圖中,裝置資訊的範例,例如裝置名、裝置製造年月日、序號等。又,本實施例中,裝置資訊,係條碼或二維碼等,以光學可讀取的形式記憶。 In Fig. 6, an example of device information, such as device name, device manufacturing date, serial number, and the like. Moreover, in this embodiment, the device information, such as a bar code or a two-dimensional code, is memorized in an optically readable form.

署名記憶部45,對於元件資訊記憶部41記憶的元件資訊、裝置資訊記憶部44記憶的裝置資訊,記憶以判別資訊登錄裝置3的署名鍵對記憶部81記憶的署名的產生鍵進行署名產生鍵處理的結果之署名資訊。又,本實施例中,署名資訊,係條碼或二維碼等,以光學可讀取的形式記憶。 The signature memory unit 45 stores the component information stored in the component information storage unit 41 and the device information stored in the device information storage unit 44, and stores the signature generation key of the signature generation key stored in the memory unit 81 by the signature key of the discrimination information registration device 3. Signature of the results of the processing. Further, in the present embodiment, the signature information, such as a bar code or a two-dimensional code, is memorized in an optically readable form.

通訊部43,係與判別對象裝置2的外部進行通訊的通訊模組。 The communication unit 43 is a communication module that communicates with the outside of the determination target device 2.

第7圖係顯示判別對象裝置2的硬體構成的一範例圖。 Fig. 7 is a view showing an example of the hardware configuration of the discrimination target device 2.

判別對象裝置2係電腦,判別對象裝置2的各構成要素可以以程式實現。判別對象裝置2的硬體構成,係連接記憶體71、處理器72、通訊模組73、輸入界面74、顯示器75至匯流排70。 The determination target device 2 is a computer, and each component of the determination target device 2 can be realized by a program. The hardware configuration of the determination target device 2 is to connect the memory 71, the processor 72, the communication module 73, the input interface 74, and the display 75 to the bus bar 70.

記憶體71,例如是RAM(隨機存取記憶體)等的主記憶裝置或ROM(唯讀記憶體)或快閃記憶體、硬碟裝置等的外部記憶裝置。 The memory 71 is, for example, a main memory device such as a RAM (Random Access Memory) or a ROM (read only memory) or an external memory device such as a flash memory or a hard disk device.

處理器72,係實行程式的CPU(中央處理單元)等。 The processor 72 is a CPU (Central Processing Unit) or the like that executes a program.

通訊模組73,係實行資料的通訊處理之電子電路,例如通訊埠等。 The communication module 73 is an electronic circuit that performs communication processing of data, such as a communication port.

輸入界面74,係處理對於判別對象裝置2的輸入資料之裝置,例如,觸控面板、硬體鍵、滑鼠、鍵盤等。 The input interface 74 is a device that processes input data for the target device 2, such as a touch panel, a hardware key, a mouse, a keyboard, and the like.

顯示器75,係顯示判別對象裝置2產生的輸出資料之裝置。 The display 75 is a device that displays the output data generated by the discrimination target device 2.

程式,通常記憶在記憶體71內,讀入處理器72內並實行。此程式,係實現說明為構成判別對象裝置2的元件資訊取得部42、通訊部43的機能之程式。 The program, usually stored in memory 71, is read into processor 72 and executed. This program is a program for explaining the functions of the component information acquisition unit 42 and the communication unit 43 that constitute the determination target device 2.

又,記憶體71的外部記憶裝置中,也記憶作業系統(OS),OS的至少一部分載入至主記憶裝置內,處理器72,一邊實行OS,一邊實行上述程式。 Further, in the external memory device of the memory 71, the operating system (OS) is also stored, and at least a part of the OS is loaded into the main memory device, and the processor 72 executes the program while executing the OS.

又,以下實施例的說明中,元件資訊記憶部41記憶的資訊或資料,顯示元件資訊取得部42、通訊部43的處理結果的資訊、資料、信號值、變數值,作為檔案記憶在記憶體71內。 In the description of the following embodiments, the information or data stored in the component information storage unit 41, the information on the processing results of the component information acquisition unit 42 and the communication unit 43, the data, the signal value, and the variable value are stored in the memory as an archive. Within 71.

又,第7圖的構成,原則上是顯示裝置的硬體構成的一範例,裝置的硬體構成不限於第7圖中記載的構成,其他的構成也可以。 Further, the configuration of Fig. 7 is, in principle, an example of the hardware configuration of the display device, and the hardware configuration of the device is not limited to the configuration described in Fig. 7, and other configurations may be employed.

第8圖係顯示第一實施例的判別資訊登錄裝置3的一構成例圖。 Fig. 8 is a view showing an example of the configuration of the discrimination information registration device 3 of the first embodiment.

判別資訊登錄裝置3,在真品贗品判別裝置1、判別對象裝置2中登錄真品贗品判別用的資訊之判別資訊。 The discrimination information registration device 3 registers the identification information of the information for authentic product identification in the authentic product discrimination device 1 and the determination target device 2.

第8圖中,署名鍵對產生部80,產生利用數位署名所必需的署名的產生鍵與驗證鍵的配對。產生此產生鍵與驗證鍵的配對之處理,利用既存的密碼技術之公開鍵密碼技術可以實現。 例如,產生RSA密碼的秘密鍵作為署名的產生鍵,並產生與秘密鍵配對之RSA密碼的公開鍵作為署名的驗證鍵。 In Fig. 8, the signature key pair generating unit 80 generates a pairing of a signature key and a verification key necessary for the digit signature. The process of generating the pairing of the generated key and the verification key can be realized by the public key cryptography technique of the existing cryptographic technique. For example, a secret key that generates an RSA cipher is used as a signature generation key, and a public key of the RSA cipher paired with the secret key is generated as a signature verification key.

署名鍵對記憶部81,係記憶署名鍵對產生部80產生的署名的產生鍵與驗證鍵的配對之記憶體。 The signature key pair storage unit 81 stores a paired memory of the signature generation key and the verification key generated by the signature key pair generation unit 80.

第9圖係顯示署名鍵對記憶部81記憶的產生鍵與驗證鍵的一範例圖。 Fig. 9 is a view showing an example of a generation key and a verification key which the signature key memorizes in the memory unit 81.

第9圖中,署名鍵對記憶部81,配對並記憶產生鍵ks與驗證鍵kv。 In Fig. 9, the signature key pair memory unit 81 pairs and memorizes the generation key ks and the verification key kv.

署名產生部82,利用署名鍵對產生部80產生的產生鍵,產生對於提供的輸入之數位署名的署名資訊。此署名資訊的產生處理,利用既存的密碼技術之公開鍵密碼技術可以實現。 The signature generation unit 82 generates signature information for the digital signature of the input provided by the signature key generation key generated by the generation unit 80. The generation of this signature information can be realized by the public key cryptography technique of the existing cryptographic technique.

判別資訊登錄部84,在真品贗品判別裝置1、判別對象裝置2中登錄署名鍵對記憶部81記憶的署名的驗證鍵、署名產生部82產生署名資訊等。如本實施例,以條碼等的形式記憶署名資訊時,判別資訊登錄部84包含印刷條碼等的條碼印刷機。 The identification information registration unit 84 registers the signature key of the signature stored in the memory unit 81 by the signature key and the discrimination target device 2, and the signature generation unit 82 generates signature information and the like. In the present embodiment, when the signature information is stored in the form of a bar code or the like, the discrimination information registration unit 84 includes a bar code printer that prints a barcode or the like.

通訊部83,係與判別資訊登錄裝置3的外部進行通訊之通訊模組。 The communication unit 83 is a communication module that communicates with the outside of the discrimination information registration device 3.

第10圖係顯示判別資訊登錄裝置3的硬體構成的一範例圖。 Fig. 10 is a view showing an example of the hardware configuration of the discrimination information registration device 3.

判別資訊登錄裝置3係電腦,可以以程式實現判別資訊登錄裝置3的各構成要素。作為判別資訊登錄裝置3的硬體構成,連接記憶體101、處理器102、條碼印刷機103、通訊模組 104、輸入界面105、顯示器106至匯流排100。 The discrimination information registration device 3 is a computer, and each component of the discrimination information registration device 3 can be realized by a program. As a hardware configuration of the discrimination information registration device 3, the memory 101, the processor 102, the barcode printer 103, and the communication module are connected. 104. Input interface 105, display 106 to bus bar 100.

記憶體101,例如是RAM(隨機存取記憶體)等的主記憶裝置或ROM(唯讀記憶體)或快閃記憶體、硬碟裝置等的外部記憶裝置。 The memory 101 is, for example, a main memory device such as a RAM (Random Access Memory) or a ROM (read only memory) or an external memory device such as a flash memory or a hard disk device.

處理器102,係實行程式的CPU(中央處理單元)等。 The processor 102 is a CPU (Central Processing Unit) or the like that executes a program.

條碼印刷機103,在以條碼等的形式記憶署名資訊的情況下,係條碼化署名資訊再印刷的裝置。 The bar code printer 103 is a device for reprinting the signature information after the signature information is stored in the form of a bar code or the like.

通訊模組104,係實行資料的通訊處理的電子電路,例如通訊埠等。 The communication module 104 is an electronic circuit that performs communication processing of data, such as a communication port.

輸入界面105,係處理對於判別資訊登錄裝置3的輸入資料之裝置,例如,觸控面板、硬體鍵、滑鼠、鍵盤等。 The input interface 105 is a device for processing input data for discriminating the information registration device 3, for example, a touch panel, a hardware key, a mouse, a keyboard, and the like.

顯示器106,係顯示判別資訊登錄裝置3的輸出資料之裝置。 The display 106 is a device that displays the output data of the information registration device 3.

程式,通常記憶在記憶體101內,讀入處理器102內並實行。此程式,係實現說明為構成判別資訊登錄裝置3的署名鍵對產生部80、署名產生部82、通訊部83、判別資訊登錄部84的機能之程式。 The program, which is usually stored in the memory 101, is read into the processor 102 and executed. This program is a program for explaining the functions of the signature key pair generation unit 80, the signature generation unit 82, the communication unit 83, and the discrimination information registration unit 84 that constitute the discrimination information registration device 3.

又,記憶體101的外部記憶裝置中,也記憶作業系統(OS),OS的至少一部分載入至主記憶裝置內,處理器102,一邊實行OS,一邊實行上述程式。 Further, in the external memory device of the memory 101, the operating system (OS) is also stored, and at least a part of the OS is loaded into the main memory device, and the processor 102 executes the program while executing the OS.

又,以下實施例的說明中,署名鍵對記憶部81記憶的資訊或資料,顯示署名鍵對產生部80、署名產生部82、通訊部83、判別資訊登錄部84的處理結果的資訊、資料、信號值、變數值,作為檔案記憶在記憶體101內。 In the following description of the embodiment, the signature key displays information and data of the processing result of the signature key pair generation unit 80, the signature generation unit 82, the communication unit 83, and the discrimination information registration unit 84 on the information or data stored in the storage unit 81. The signal value and the variable value are stored in the memory 101 as an archive.

又,第10圖的構成,原則上是顯示裝置的硬體構成的一範例,裝置的硬體構成不限於第10圖中記載的構成,其他的構成也可以。 Further, the configuration of Fig. 10 is, in principle, an example of the hardware configuration of the display device, and the hardware configuration of the device is not limited to the configuration described in Fig. 10, and other configurations may be employed.

第11圖係顯示第一實施例的判別資訊取得裝置5的一構成例圖。 Fig. 11 is a view showing an example of the configuration of the discrimination information acquisition device 5 of the first embodiment.

判別資訊取得裝置5,從判別對象裝置2取得真品贗品判別用的判別資訊,請求真品贗品判別裝置1判別真偽。第11圖中,元件資訊取得部110,取得判別對象裝置2的元件資訊記憶部41記憶的元件資訊。元件資訊的取得,經由USB(通用序列匯流排)連接等的有線連接進行也可以,經由利用NFC(近場通訊)或REID(射頻標示符)的無線連接進行也可以。 The discrimination information acquisition device 5 acquires the discrimination information for authenticity discrimination from the determination target device 2, and requests the authenticity product discrimination device 1 to determine the authenticity. In the eleventh diagram, the component information acquisition unit 110 acquires the component information stored in the component information storage unit 41 of the determination target device 2. The acquisition of the component information may be performed via a wired connection such as a USB (Universal Sequence Bus) connection, and may be performed via a wireless connection using NFC (Near Field Communication) or REID (Radio Frequency Identifier).

裝置資訊取得部111,取得判別對象裝置2的裝置資訊記憶部44記憶的裝置資訊、署名記憶部45記憶的署名資訊。如本實施例,以條碼等的形式記憶裝置資訊、署名資訊的情況下,裝置資訊取得部111,例如,可以以條碼閱讀器或攝影機實現。 The device information acquisition unit 111 acquires the device information stored in the device information storage unit 44 of the determination target device 2 and the signature information stored in the signature storage unit 45. In the present embodiment, when the device information and the signature information are memorized in the form of a bar code or the like, the device information acquisition unit 111 can be realized, for example, by a bar code reader or a video camera.

顯示部113,係顯示從真品贗品判別裝置1接收的真品贗品判別結果等之顯示器。 The display unit 113 displays a display of the authenticity discrimination result and the like received from the genuine product discrimination device 1.

通訊部112,係與判別資訊取得裝置5的外部進行通訊的通訊模組。 The communication unit 112 is a communication module that communicates with the outside of the discrimination information acquisition device 5.

第12圖係顯示判別資訊取得裝置5的硬體構成的一範例圖。 Fig. 12 is a view showing an example of the hardware configuration of the discrimination information acquiring device 5.

判別資訊取得裝置5係電腦,判別資訊取得裝置5的各構成要素可以以程式實現。判別資訊取得裝置5的硬體構成,係 連接記憶體121、處理器122、條碼閱讀器123、攝影機124、通訊模組125、輸入界面126、顯示器127至匯流排120。 The discrimination information acquisition device 5 is a computer, and each component of the discrimination information acquisition device 5 can be realized by a program. The hardware configuration of the information acquisition device 5 is determined. The memory 121, the processor 122, the barcode reader 123, the camera 124, the communication module 125, the input interface 126, and the display 127 are connected to the bus bar 120.

記憶體121,例如是RAM(隨機存取記憶體)等的主記憶裝置或ROM(唯讀記憶體)或快閃記憶體、硬碟裝置等的外部記憶裝置。 The memory 121 is, for example, a main memory device such as a RAM (Random Access Memory) or a ROM (read only memory) or an external memory device such as a flash memory or a hard disk device.

處理器122,係實行程式的CPU(中央處理單元)等。 The processor 122 is a CPU (Central Processing Unit) or the like that executes a program.

條碼閱讀器123,當以條碼等的形式記憶署名資訊時,係讀取條碼取得署名資訊的裝置。 The barcode reader 123 reads the barcode to obtain the signature information when the signature information is stored in the form of a barcode or the like.

攝影機124,與條碼閱讀器123相同,當以條碼等的形式記憶署名資訊時,係具有讀取條碼取得署名資訊的機能之攝影機。 The camera 124 is the same as the barcode reader 123. When the signature information is stored in the form of a bar code or the like, it is a camera having a function of reading the barcode to obtain the signature information.

通訊模組125,係實行資料的通訊處理之電子電路,例如通訊埠等。 The communication module 125 is an electronic circuit that performs communication processing of data, such as a communication port.

輸入界面126,係處理對於判別資訊取得裝置5的輸入資料之裝置,例如,觸控面板、硬體鍵、滑鼠、鍵盤等。 The input interface 126 is a device that processes input data for discriminating the information acquisition device 5, such as a touch panel, a hardware key, a mouse, a keyboard, and the like.

顯示器127,係顯示判別資訊取得裝置5的輸出資料之裝置。 The display 127 is a device that displays the output data of the discrimination information acquisition device 5.

程式,通常記憶在記憶體121內,讀入處理器122內並實行。此程式,係實現說明為構成判別資訊取得裝置5的元件資訊取得部110、裝置資訊取得部111、通訊部112的機能之程式。 The program is usually stored in the memory 121, read into the processor 122, and executed. This program is a program for explaining the functions of the component information acquisition unit 110, the device information acquisition unit 111, and the communication unit 112 that constitute the discrimination information acquisition device 5.

又,記憶體121的外部記憶體裝置中,也記憶作業系統(OS),OS的至少一部分載入至主記憶裝置內,處理器122,一邊實行OS,一邊實行上述程式。 Further, in the external memory device of the memory 121, the operating system (OS) is also stored, and at least a part of the OS is loaded into the main memory device, and the processor 122 executes the program while executing the OS.

又,以下實施例的說明中,顯示元件資訊取得部110、裝置資訊取得部111、通訊部112的處理結果之資訊、資料、信號值、變數值,作為檔案記憶在記憶體121內。 In the description of the following embodiments, information, data, signal values, and variable values of the processing results of the display element information acquisition unit 110, the device information acquisition unit 111, and the communication unit 112 are stored in the memory 121 as files.

又,第12圖的構成,原則上是顯示裝置的硬體構成的一範例,裝置的硬體構成不限於第12圖中記載的構成,其他的構成也可以。 Further, the configuration of Fig. 12 is, in principle, an example of the hardware configuration of the display device, and the hardware configuration of the device is not limited to the configuration described in Fig. 12, and other configurations may be employed.

其次,說明第一實施例的真品贗品判別系統4的動作流程。真品贗品判別系統4的動作大致分為(1)系統全體的初期設定(2)判別資訊登錄處理(3)署名的驗證鍵登錄處理(4)真品贗品判別處理,四項處理。以下,關於各個處理,一邊參照流程圖,一邊說明。又,裝置間的資訊收發利用各裝置的通訊部。 Next, the operational flow of the authenticity discrimination system 4 of the first embodiment will be described. The operation of the authentic product discrimination system 4 is roughly classified into (1) initial setting of the entire system (2) discrimination information registration processing (3) signature verification key registration processing (4) authentic product identification processing, and four processing. Hereinafter, each process will be described with reference to a flowchart. Further, the information transmission and reception between the devices uses the communication unit of each device.

上述(1)~(3)的處理中,判別資訊登錄裝置3,對於真品贗品判別裝置1和判別對象裝置2,進行真品贗品判別所必需的資訊之判別資訊的登錄。又,本實施例中,本登錄處理前,製造判別對象裝置2,上述裝置的元件資訊記憶在元件資訊記憶部41中,關於上述裝置的固有資訊之裝置資訊,記憶在裝置資訊記憶部44中。 In the processing of the above-described (1) to (3), the determination information registration device 3 registers the identification information of the information necessary for the authenticity determination of the authentic product discrimination device 1 and the determination target device 2. Further, in the present embodiment, before the registration processing, the determination target device 2 is manufactured, and the component information of the device is stored in the component information storage unit 41, and the device information about the unique information of the device is stored in the device information storage unit 44. .

第13圖係顯示第一實施例的判別資訊登錄裝置3的動作流程的流程圖。 Fig. 13 is a flow chart showing the flow of the operation of the discrimination information registration device 3 of the first embodiment.

(1)系統全體的初期設定 (1) Initial setting of the whole system

首先,步驟S100中,判別資訊登錄裝置3的署名鍵對產生部80,產生利用數位署名所必需的署名產生鍵ks與驗證鍵kv的配對。署名的產生鍵ks與驗證鍵kv的產生處理中,實行 例如以下的鍵產生運算法則。 First, in step S100, the apparatus determines that the information entered on the signature key generation portion 80 3, the digital signature is generated using the necessary signature key pair is generated and the verification key k s k v a. In the process of generating the signature generation key k s and the verification key k v , for example, the following key generation algorithm is executed.

<鍵產生運算法則> <Key generation algorithm>

步驟1:產生夠大的質數p、q,n=pq。 Step 1: Produce a large enough prime number p, q, n = pq.

步驟2:以Φ為尤拉的Φ函數,選擇未達Φ(n)並與Φ(n)互質的正數e。 Step 2: Select a positive number e that does not reach Φ(n) and is mutually prime with Φ(n) with Φ as the Φ function of Euler.

步驟3:求出成為ce=1(modΦ(n))的正數c。 Step 3: Find a positive number c that becomes ce = 1 (mod Φ (n)).

步驟4:決定c為秘密資訊的產生鍵ks,並決定e、n為公開資訊的驗證鍵kvStep 4: Determine c as the secret information generation key k s and decide that e and n are the verification keys k v of the public information.

署名鍵對產生部80,收納產生的署名的產生鍵ks與驗證鍵kv的配對在署名鍵對記憶部81中。以上,係(1)的系統全體的初期設定的處理。 The signature key pair generating unit 80 stores the generated signature generation key k s and the verification key k v in the signature key pair storage unit 81. The above is the processing of the initial setting of the entire system of the system (1).

(2)判別資訊登錄處理 (2) Discriminating information registration processing

其次,步驟S101中,署名產生部82,經由通訊部83,從判別對象裝置2的元件資訊記憶部41取得元件資訊p,還有從裝置資訊記憶部44取得裝置資訊d。具體而言,署名產生部82對於判別對象裝置2的通訊部43,傳送元件資訊p與裝置資訊d的取得要求。通訊部43,由元件資訊取得部42取得元件資訊記憶部41中記憶的元件資訊p,並傳送元件資訊p至判別資訊登錄裝置3的通訊部83。又,通訊部43,取得裝置資訊記憶部44中記憶的裝置資訊d,並傳送裝置資訊d至判別資訊登錄裝置3的通訊部83。通訊部83,傳送接收的元件資訊p與裝置資訊d至署名產生部82。 Then, in step S101, the signature generation unit 82 acquires the component information p from the component information storage unit 41 of the determination target device 2 via the communication unit 83, and acquires the device information d from the device information storage unit 44. Specifically, the signature generation unit 82 transmits the acquisition request of the component information p and the device information d to the communication unit 43 of the determination target device 2. In the communication unit 43, the component information acquisition unit 42 acquires the component information p stored in the component information storage unit 41, and transmits the component information p to the communication unit 83 of the discrimination information registration device 3. Further, the communication unit 43 acquires the device information d stored in the device information storage unit 44, and transmits the device information d to the communication unit 83 of the discrimination information registration device 3. The communication unit 83 transmits the received component information p and the device information d to the signature generation unit 82.

又,元件資訊p以及裝置資訊d,例如以元件資訊記憶部41及裝置資訊記憶部44記憶的各個元件資訊、裝置資 訊的聯結提供。具體而言,第5圖的元件資訊p的範例中,以p=XYZ-parts20141201111111提供,第6圖的裝置資訊d的範例中,以d=ABC-device20150115012345提供。 Further, the component information p and the device information d are, for example, the component information and device resources memorized by the component information storage unit 41 and the device information storage unit 44. The link of the news is provided. Specifically, in the example of the component information p of FIG. 5, it is provided by p=XYZ-parts20141201111111, and in the example of the device information d of FIG. 6, it is provided by d=ABC-device20150115012345.

其次,步驟S102中,署名產生部82產生署名對象資訊m作為元件資訊p及裝置資訊d的聯結,對此署名對象資訊m,以署名的產生鍵ks執行以下的署名產生運算Fs,產生署名資訊s。 Next, in step S102, the signature generation unit 82 generates the signature information m as the association between the component information p and the device information d, and the signature generation information m executes the signature generation operation Fs by the signature generation key k s to generate the signature. Information s.

<署名產生運算> <Signature generation operation>

s=Fs(m,c)=mc(mod n) s=Fs(m,c)=m c (mod n)

而,m:署名對象資訊、c:秘密資訊、n:公開資訊。 However, m: signature object information, c: secret information, n: public information.

在此,因為c=ks,s=Fs(m,ks)=mks(mod n) Here, since c=k s , s=Fs(m,k s )=m ks (mod n)

其次,步驟S103中,判別資訊登錄部84登錄署名資訊s在判別對象裝置2的署名記憶部45中。具體而言,判別資訊登錄部84,經由通訊部83,對判別對象裝置2的通訊部43,隨著署名資訊s傳送署名資訊s的登錄要求,通訊部43登錄接收的署名資訊s在署名記憶部45中。以上,係(2)的判別資訊登錄處理。 Then, in step S103, the identification information registration unit 84 registers the signature information s in the signature storage unit 45 of the determination target device 2. Specifically, the determination information registration unit 84 transmits the registration information of the signature information s to the communication unit 43 of the determination target device 2 via the communication unit 83, and the communication unit 43 registers the received signature information s in the signature memory. In the department 45. The above is the discrimination information registration process of (2).

(3)署名的驗證鍵登錄處理 (3) Signature verification key registration processing

其次,步驟S104中,判別資訊登錄部84,傳送驗證鍵kv至真品贗品判別裝置1,真品贗品判別裝置1登錄接收的驗證鍵kv在驗證鍵記憶部20中。以上,係(3)的署名的驗證鍵登錄處理。 Next, in step S104, login information determination unit 84 transmits to the verification key k v genuine counterfeit discrimination apparatus 1, authenticity verification key k v counterfeit determination apparatus 1 receives login authentication key in the memory unit 20. The above is the verification key registration process of the signature of (3).

(4)真品贗品判別處理 (4) Identification of genuine products

其次,真品贗品判別處理中,根據上述(3)登錄驗證鍵的真品贗品判別裝置1,判別判別對象裝置2的正當性。 Next, in the authenticity product discrimination processing, the authenticity of the determination target device 2 is determined based on the authenticity product discrimination device 1 of the above (3) registration verification key.

第14圖係顯示第一實施例的真品贗品判別裝置1的動作流程的流程圖。 Fig. 14 is a flow chart showing the flow of the operation of the authenticity discrimination device 1 of the first embodiment.

首先,步驟S200中,判別資訊取得裝置5的元件資訊取得部110,取得判別對象裝置2的元件資訊記憶部41記憶的元件資訊p。 First, in step S200, the component information acquisition unit 110 of the discrimination information acquisition device 5 acquires the component information p stored in the component information storage unit 41 of the determination target device 2.

其次,步驟S201中,判別資訊取得裝置5的裝置資訊取得部111,取得判別對象裝置2的裝置資訊記憶部44記憶的裝置資訊d以及署名記憶部45記憶的署名資訊s。 Then, in step S201, the device information acquisition unit 111 of the discrimination information acquisition device 5 acquires the device information d stored in the device information storage unit 44 of the determination target device 2 and the signature information s stored in the signature storage unit 45.

其次,步驟S202中,判別資訊取得裝置5的通訊部112,傳送取得的元件資訊p、裝置資訊d、署名資訊s的配對至真品贗品判別裝置1。 Next, in step S202, the communication unit 112 of the information acquisition device 5 determines that the acquired component information p, the device information d, and the signature information s are paired to the authentic product discrimination device 1.

其次,步驟S203中,真品贗品判別裝置1的署名驗證部21,以驗證鍵kv執行署名驗證運算FV驗證接收的署名資訊s對於元件資訊p、裝置資訊d是否是正確的署名資訊。 具體而言,署名驗證部21,產生署名對象資訊m作為元件資訊p與裝置資訊d的聯結,對於此署名對象資訊m,執行以下的署名驗證運算FV,驗證署名對象資訊m與署名資訊s的配對正當性,得到驗證結果r。 Next, in step S203, the signature verification unit 21 of the authenticity product discrimination device 1 performs the signature verification operation F V on the verification key k v to verify whether the received signature information s is correct for the component information p and the device information d. Specifically, the signature verification unit 21 generates the signature target information m as the association between the component information p and the device information d, and performs the following signature verification operation F V on the signature target information m, and verifies the signature target information m and the signature information s. Pairing legitimacy, get the verification result r.

<署名驗證運算> <Signature Verification Operation>

r=Fv(m、s、e)=「驗證成功」(m=se(mod n)時)=「驗證失敗」(m≠se(mod n)時) r=Fv(m, s, e)=“verification succeeded” (when m=s e (mod n)) = “verification failed” (m≠s e (mod n))

而,m:署名對象資訊;s:署名資訊;e、n:公開資 訊(驗證鍵kv)。 , m: signature object information; s: signature information; e, n: public funding Message (verification key kv).

其次,步驟S204中,判別部22根據署名驗證部21產生的驗證結果r,判別是否驗證成功。驗證結果r是「驗證成功」的話,根據Yes的分岔進行至步驟S205,通知判別資訊取得裝置5判別對象裝置2是正當裝置。驗證結果r是「驗證失敗」,根據No的分岔進行至步驟S206,通知判別資訊取得裝置5判別對象裝置2不是正當裝置。被通知驗證結果的判別資訊取得裝置5,隨著裝置資訊d在顯示部113顯示判別結果。以上,係(4)的真品贗品判別處理。 Next, in step S204, the determination unit 22 determines whether or not the verification is successful based on the verification result r generated by the signature verification unit 21. If the verification result r is "verification successful", the process proceeds to step S205 based on the Yes score, and the notification determination information acquisition means 5 determines that the target device 2 is a legitimate device. The verification result r is "verification failure", and the process proceeds to step S206 based on the No., and the notification determination information acquisition means 5 determines that the target device 2 is not a legitimate device. The discrimination information acquisition device 5, which is notified of the verification result, displays the determination result on the display unit 113 as the device information d. The above is the authentic product discrimination process of (4).

如上述,本第一實施例的發明中,也同時取得構成機器內部的元件的資訊,藉由進行真品贗品判別,得到也可以檢出根據條碼複製產生的仿製品之效果。因為以數位署名技術確認元件資訊p、裝置資訊d、署名資訊s的配對正當性,即使具惡意的攻擊手可以得手如包含裝置資訊d、署名資訊s的條碼,只要對應的元件不存在,就不能製作如通過真品贗品判別的仿製品。 As described above, in the invention of the first embodiment, the information constituting the components inside the device is simultaneously obtained, and the effect of the imitation product generated by the bar code copying can be obtained by performing the authentic product discrimination. Because the digital signature technology confirms the pairing legitimacy of the component information p, the device information d, and the signature information s, even if a malicious attacker can obtain a barcode including the device information d and the signature information s, as long as the corresponding component does not exist, It is not possible to make imitations that are judged by genuine products.

又,即使對應的元件存在的情況下,因為元件的複製比條碼的複製還困難,可以使仿製品難以製造。又,也具有只得手廢棄元件的攻擊者難以製造如通過真品贗品判別的仿製品之效果。 Further, even in the case where the corresponding element is present, since the copying of the element is more difficult than the copying of the bar code, the imitation can be made difficult to manufacture. Moreover, it is also difficult for an attacker who has only a hand-discarding component to manufacture an effect of a copy as judged by a genuine product.

又,本第一實施例中,使用根據公開鍵密碼的數位署名技術,以署名的產生鍵與驗證鍵為其他的值,但根據共同鍵密碼的數位署名技術,例如利用HMAC(Hash-based Message Authentication Code(雜湊型訊息驗證碼))等的技術也 可以。此時,署名的產生鍵與驗證鍵成為相同的值。 Further, in the first embodiment, the digital signature technique based on the public key cipher is used, and the signature generation key and the verification key are other values, but according to the digital signature technique of the common key cipher, for example, HMAC (Hash-based Message) is utilized. Authentication Code (mandatory message verification code) and other technologies can. At this time, the signature generation key and the verification key have the same value.

又,本第一實施例中,(4)的真品贗品判別處理中,真品贗品判別裝置1,只執行署名驗證,但執行關於真品贗品判別的追加驗證也可以。追加驗證的範例,例如元件資訊與裝置資訊中先包含相同的資訊,確認其相同性的驗證方法,或是確認元件製造年月日與裝置製造年月日間的關係妥當性之驗證方法,或是先記憶真品贗品判別履歷,確認與其履歷的整合性之驗證方法等。 Further, in the first embodiment, in the authenticity product discrimination processing of (4), the authenticity product discrimination device 1 performs only signature verification, but may perform additional verification regarding the determination of the genuine product. Examples of additional verification, such as the same information in the component information and device information, the verification method for confirming the identity, or the verification method for confirming the relationship between the date of manufacture of the component and the date of manufacture of the device, or First, remember the authenticity product identification history, and confirm the verification method of integration with the resume.

又,本第一實施例中,從元件資訊與裝置資訊產生署名資訊,但只從元件資訊產生署名資訊也可以。尤其,也可以使判別對象裝置2不具有裝置資訊記憶部44。但是,在此情況下,如上述的真品贗品判別裝置1中會限制追加的驗證方方法。 Further, in the first embodiment, the signature information is generated from the component information and the device information, but the signature information may be generated only from the component information. In particular, the determination target device 2 may not have the device information storage unit 44. However, in this case, the additional verifier method is limited as in the above-described genuine product discriminating device 1.

又,本第一實施例中,(2)的判別資訊登錄處理前,關於判別對象裝置2的元件資訊與裝置資訊,收納在元件資訊記憶部41、裝置資訊記憶部44內,但判別資訊登錄裝置3在判別對象裝置2內收納元件資訊與裝置資訊也可以。 In the first embodiment, before the determination information registration processing of (2), the component information and device information of the determination target device 2 are stored in the component information storage unit 41 and the device information storage unit 44, but the information registration is determined. The device 3 may store component information and device information in the determination target device 2.

又,本第一實施例中,分開記載判別對象裝置2的裝置資訊記憶部44與署名記憶部45,但統一記憶這些在相同的記憶區域內也可以。尤其,裝置資訊與元件資訊包含在單一的條碼內也可以。 Further, in the first embodiment, the device information storage unit 44 and the signature storage unit 45 of the determination target device 2 are separately described, but these may be stored in the same memory area. In particular, device information and component information can be included in a single barcode.

又,本第一實施例中,判別對象裝置2具有單一的元件,但判別對象裝置2具有複數的元件也可以。具有對於複數的元件的複數元件資訊的情況下,署名對象資訊內包含全 部的元件資訊,藉此可以驗證全部元件的組合是否正確。 Further, in the first embodiment, the determination target device 2 has a single element, but the determination target device 2 may have a plurality of elements. When there is a plurality of component information for a plurality of components, the signature object information includes all The component information of the department, so that it can be verified whether the combination of all components is correct.

又,本第一實施例中,產生署名對象資訊作為元件資訊或裝置資訊的聯結,但根據各資訊確定產生的話,以任何方法產生署名對象資訊都可以。 Further, in the first embodiment, the signature object information is generated as a link between the component information and the device information. However, if the information is determined based on the respective information, the signature object information may be generated by any method.

又,本第一實施例中,判別資訊取得裝置5與真品贗品判別裝置1為各別的裝置,但一裝置中兼有兩方的機能也可以。又,本實施例中,判別資訊登錄裝置3與真品贗品判別裝置1為各別的裝置,但一裝置中兼有兩方的機能也可以。 Further, in the first embodiment, the discrimination information acquisition device 5 and the genuine product discrimination device 1 are separate devices, but the device may have both functions. Further, in the present embodiment, the determination information registration device 3 and the authenticity product discrimination device 1 are separate devices, but the device may have both functions.

又,本第一實施例中,判別資訊登錄裝置3,利用全部的判別對象裝置共同的產生鍵、驗證鍵,但產生各判別對象裝置不同的產生鍵、驗證鍵也可以。但是,在此情況下,真品贗品判別裝置1的驗證鍵記憶部20,必須以與各判別對象裝置對應的形式記憶複數的驗證鍵。 In the first embodiment, the identification information registration device 3 may use the generation key and the verification key common to all the determination target devices, but may generate a generation key or a verification key different from each of the determination target devices. However, in this case, the verification key storage unit 20 of the authentic product discrimination device 1 must memorize a plurality of verification keys in a form corresponding to each determination target device.

[第二實施例] [Second embodiment]

第一實施例中,判別資訊取得裝置5從判別對象裝置2取得元件資訊、裝置資訊、署名資訊,實施真品贗品判別。此時,因為裝置資訊及署名資訊係條碼或二維碼等,以光學可讀取的形式記憶,這些資訊以簡易的操作可以取得。另一方面,因為元件在判別對象裝置2內部,必須經由例如USB連接等的有線連接、或NFC、RFID等的無線連接取得元件資訊。不過,利用USB連接等時,有大量的判別對象裝置2時,必須在每次判別轉換連接,有操作煩雜的課題。NFC或RFID等的無線連接時,不產生此問題,取而代之地,判別對象裝置2、判別資訊取得裝置5分別為了利用NFC、RFID必需追加構 成要素(例如,IC晶片或專用電路等),導致各裝置的成本上升。 In the first embodiment, the determination information acquisition device 5 acquires component information, device information, and signature information from the determination target device 2, and performs authentic product discrimination. At this time, since the device information and the signature information are stored in an optically readable form, such as a bar code or a two-dimensional code, the information can be obtained by a simple operation. On the other hand, since the component is inside the discrimination target device 2, it is necessary to acquire component information via a wired connection such as a USB connection or a wireless connection such as NFC or RFID. However, when a large number of discrimination target devices 2 are used by the USB connection or the like, it is necessary to determine the conversion connection every time, and there is a problem that the operation is complicated. In the case of wireless connection such as NFC or RFID, this problem does not occur. Instead, the determination target device 2 and the discrimination information acquisition device 5 must separately construct the NFC and the RFID. The formation of elements (for example, IC chips or dedicated circuits, etc.) results in an increase in the cost of each device.

另一方面,裝置具有連接至網際網路等的網路之機能,近年來成為普遍化,裝置經常連接網路的情況也在增加。此時,經由已連接的網路(例如,網際網路)取得元件資訊的話,上述操作的工夫、裝置的成本不上升,可以利用元件資訊作真品贗品判別。本第二實施例,說明實現真品贗品判別系統之實施例,經由已連接的網路取得元件資訊,以與條碼單體的情況相同程度的工夫,能夠進行比條碼單體的情況更高精確度的判別。 On the other hand, the device has a function of connecting to a network such as the Internet, and has become popular in recent years, and the number of devices frequently connected to the network is also increasing. At this time, if the component information is acquired via the connected network (for example, the Internet), the cost of the above operation and the device do not rise, and the component information can be used for authentic product identification. In the second embodiment, an embodiment for realizing a genuine product discrimination system is described. The component information is obtained via the connected network, and the same degree of work as in the case of the barcode unit can be performed, and the accuracy can be performed more than that of the barcode unit. Discrimination.

其次,說明第二實施例的真品贗品判別裝置1的構成。 Next, the configuration of the genuine product discrimination device 1 of the second embodiment will be described.

第15圖係顯示以第二實施例的真品贗品判別裝置1判別已連接網路的判別對象裝置2的正當性之真品贗品判別系統的一範例圖。 Fig. 15 is a view showing an example of a genuine product discrimination system for discriminating the authenticity of the discrimination target device 2 connected to the network by the authentic product discrimination device 1 of the second embodiment.

第15圖中,真品贗品判別系統4,包括已連接網路的判別對象裝置2、以及從判別對象裝置2取得用以判別真偽的判別資訊之判別資訊取得裝置5。又,真品贗品判別裝置1,經由網路6連接至判別資訊取得裝置5,根據判別資訊取得裝置5取得的判別資訊,利用數位署名技術判別判別對象裝置2的正當性。 In the fifteenth figure, the authenticity discrimination system 4 includes a discrimination target device 2 connected to the network, and a discrimination information acquisition device 5 that acquires discrimination information for authenticating from the determination target device 2. Further, the authenticity product discrimination device 1 is connected to the discrimination information acquisition device 5 via the network 6, and determines the legitimacy of the determination target device 2 by the digital signature technique based on the discrimination information acquired by the discrimination information acquisition device 5.

與第一實施例相同,真品贗品判別裝置1與判別對象裝置2中,當真品贗品判別系統4在工廠製造之際,由判別資訊登錄裝置3登錄用以判別真偽的判別資訊。之後,具有登錄判別資訊的真品贗品判別裝置1與判別對象裝置2之真品 贗品判別系統4,從工廠作為製品出貨。 In the same manner as the first embodiment, the authenticity product discriminating device 1 and the discrimination target device 2, when the genuine product discrimination system 4 is manufactured at the factory, the discrimination information registration device 3 registers the discrimination information for discriminating the authenticity. After that, the authenticity discrimination device 1 having the registration determination information and the authenticity of the determination target device 2 The product discrimination system 4 is shipped as a product from the factory.

第16圖係顯示第二實施例的真品贗品判別裝置1的一構成例圖。 Fig. 16 is a view showing an example of the configuration of the authenticity discrimination device 1 of the second embodiment.

真品贗品判別裝置1,接受來自判別資訊取得裝置5的請求,利用數位署名技術進行判別對象裝置2的真品贗品判別。第16圖中,接收資料驗證部160對通訊部23接收的元件資訊、裝置資訊、署名資訊的配對資料驗證正當性。關於其他的構成,與第一實施例相同。 The authenticity product discrimination device 1 receives the request from the discrimination information acquisition device 5, and performs the identification of the authenticity of the determination target device 2 by the digital signature technique. In Fig. 16, the received data verification unit 160 verifies the validity of the paired data of the component information, the device information, and the signature information received by the communication unit 23. The other configurations are the same as those of the first embodiment.

又,真品贗品判別裝置1的構成,與第3圖所示的構成相同,記憶體31內收納的程式實現接收資料驗證部160的機能。 Further, the configuration of the authenticity product discrimination device 1 is the same as the configuration shown in FIG. 3, and the program stored in the memory 31 realizes the function of the received data verification unit 160.

第17圖係顯示第二實施例的判別對象裝置2的一構成例圖。 Fig. 17 is a view showing an example of the configuration of the discrimination target device 2 of the second embodiment.

判別對象裝置2,記憶用以證明本身是正當裝置的判別資訊,並傳送判別資訊至判別資訊取得裝置5。 The discrimination target device 2 memorizes the discrimination information for proving that it is a legitimate device, and transmits the discrimination information to the discrimination information acquisition device 5.

第17圖中,輸入部170,接收來自判別對象裝置2的外部之輸入。輸入部170,使用按鍵或觸控面板可以實現。 In Fig. 17, the input unit 170 receives an input from the outside of the determination target device 2. The input unit 170 can be implemented using a button or a touch panel.

通訊部43,係進行與外部通訊的通訊模組。本第二實施例中,判別對象裝置2經由通訊部43,經常連接網路,與真品贗品判別裝置1成為可通訊的狀態。 The communication unit 43 is a communication module that communicates with the outside. In the second embodiment, the determination target device 2 is often connected to the network via the communication unit 43, and is in a state in which communication with the authenticity discrimination device 1 is possible.

關於第17圖中其他的構成,與第一實施例的判別對象裝置2中同名的構成相同。 The other configuration in Fig. 17 is the same as the configuration of the same name in the discrimination target device 2 of the first embodiment.

又,判別對象裝置2的硬體構成,與第7圖所示的構成相同,輸入部170係輸入界面74。 Further, the hardware configuration of the determination target device 2 is the same as the configuration shown in Fig. 7, and the input unit 170 is the input interface 74.

第18圖係顯示第二實施例的判別資訊取得裝置5的一構成例圖。 Fig. 18 is a view showing an example of the configuration of the discrimination information acquisition device 5 of the second embodiment.

判別資訊取得裝置5,從判別對象裝置2取得真品贗品判別用的判別資訊,並請求真品贗品判別裝置1判別真偽。 The discrimination information acquisition device 5 acquires the discrimination information for authentic product discrimination from the determination target device 2, and requests the authenticity product discrimination device 1 to determine the authenticity.

關於第18圖的構成,與第一實施例的判別資訊取得裝置5中同名的構成相同。但是,與一實施例的判別資訊取得裝置5不同,不包括元件資訊取得部110。 The configuration of Fig. 18 is the same as the configuration of the same name in the discrimination information acquisition device 5 of the first embodiment. However, unlike the discrimination information acquisition device 5 of the embodiment, the component information acquisition unit 110 is not included.

其次,說明第二實施例的真品贗品判別系統4的動作流程。真品贗品判別系統4的動作,與第一實施例相同,大致分為(1)系統全體的初期設定(2)判別資訊登錄處理(3)署名的驗證鍵登錄處理(4)真品贗品判別處理,四項處理。其中,關於(1)~(3)的處理,因為與第一實施例相同,省略說明。以下,說明關於(4)真品贗品判別處理。 Next, the operational flow of the authenticity discrimination system 4 of the second embodiment will be described. The operation of the authenticity product discrimination system 4 is roughly the same as that of the first embodiment, and is roughly classified into (1) initial setting of the entire system (2) determination information registration processing (3) verification key registration processing of signature (4) authentic product identification processing, Four treatments. Here, the processing of (1) to (3) is the same as that of the first embodiment, and the description thereof is omitted. Hereinafter, (4) authentic product discrimination processing will be described.

(4)真品贗品判別處理 (4) Identification of genuine products

第19圖係顯示第二實施例的真品贗品判別裝置1的動作流程的流程圖。 Fig. 19 is a flow chart showing the flow of the operation of the authenticity discrimination device 1 of the second embodiment.

首先,步驟S300中,判別資訊取得裝置5的裝置資訊取得部111,取得判別對象裝置2的裝置資訊記憶部44記憶的裝置資訊d以及署名記憶部45記憶的署名資訊s。 First, in step S300, the device information acquisition unit 111 of the discrimination information acquisition device 5 acquires the device information d stored in the device information storage unit 44 of the determination target device 2 and the signature information s stored in the signature storage unit 45.

其次,步驟S301中,判別資訊取得裝置5的通訊部112,傳送取得的裝置資訊d與署名資訊s的配對至真品贗品判別裝置1。又,通訊部112的傳送處理的實行狀況,顯示於顯示部113,操作者可以眼睛辨識傳送的實行狀況並確認。 Next, in step S301, the communication unit 112 of the information acquisition device 5 is determined to transmit the paired device information d and the signature information s to the authentic product discrimination device 1. Moreover, the execution status of the transmission processing by the communication unit 112 is displayed on the display unit 113, and the operator can recognize the execution status of the transmission and confirm it.

其次,步驟S302中,操作者操作判別對象裝置2 的輸入部170,經由此操作,判別對象裝置2的通訊部43,傳送元件資訊p至真品贗品判別裝置1。又,對輸入部170的操作,只要在步驟S301的判別資訊取得裝置5傳送的前後一定時間內即可,緊接傳送之後、與傳送同時、即將傳送前都可以。 Next, in step S302, the operator operates the discrimination target device 2 Through the operation, the input unit 170 determines the communication unit 43 of the target device 2 and transmits the component information p to the authenticity discrimination device 1. Further, the operation of the input unit 170 may be performed for a predetermined period of time before and after the transmission by the discrimination information acquisition device 5 in step S301, and may be performed immediately after the transmission, at the same time as the transmission, or immediately before the transmission.

其次,步驟S303中,接收資料驗證部160,驗證接收的裝置資訊d、署名資訊s、元件資訊p的配對正當性。具體而言,接收的裝置資訊d、署名資訊s、元件資訊p,根據接收時刻或傳送時刻、IP位址等的資訊驗證是否是從同一操作者接收的資訊。例如,在一定時間內接收這些資訊時,判別為從同一操作者接收的資訊。 Next, in step S303, the received data verification unit 160 verifies the pairing legitimacy of the received device information d, signature information s, and component information p. Specifically, the received device information d, the signature information s, and the component information p are verified based on information such as the reception time, the transmission time, and the IP address, whether or not the information is received from the same operator. For example, when receiving such information within a certain period of time, it is determined as information received from the same operator.

其次,步驟S304中,接收資料驗證部160,判別在步驟S303中實行的驗證是否成功。例如,因為在一定時間內接收裝置資訊d、署名資訊s、元件資訊p,判別為從同一操作者接收的資訊的情況下,判別為驗證成功,根據Yes的分岔進行至步驟S305。另一方面,判別為驗證失敗時,根據No的分岔進行至步驟S306,通知判別資訊取得裝置5判別對象裝置2不是正當的裝置,並結束處理。 Next, in step S304, the received data verification unit 160 determines whether or not the verification performed in step S303 is successful. For example, when the device information d, the signature information s, and the component information p are received for a predetermined period of time and it is determined that the information is received from the same operator, it is determined that the verification is successful, and the process proceeds to step S305 based on the Yes. On the other hand, when it is determined that the verification has failed, the process proceeds to step S306 based on the No., and the notification determination information acquisition device 5 determines that the target device 2 is not a proper device, and ends the process.

其次,步驟S305中,真品贗品判別裝置1的署名驗證部21,以驗證鍵kv執行署名驗證運算FV驗證接收的署名資訊s對元件資訊p、裝置資訊d是否是正確的署名資訊。具體而言,與第一實施例的步驟S203相同,署名驗證部21,產生署名對象資訊m作為元件資訊p和裝置資訊d的聯結,對於此署名對象資訊m,執行以下的署名驗證運算FV,驗證署名對象資訊m與署名資訊s的配對正當性,得到驗證結果r。 Next, in step S305, the signature verification unit 21 of the authenticity discrimination device 1 performs the signature verification operation F V on the verification key k v to verify whether the received signature information s is correct for the component information p and the device information d. Specifically, the same as the first embodiment in step S203, the signature verification unit 21, generates the signature target information as the coupling element information m and p d, device information, the object information for this signature m, executes the following signature verification operation F V , verifying the validity of the matching of the signed object information m and the signature information s, and obtaining the verification result r.

<署名驗證運算> <Signature Verification Operation>

r=FV(m、s、e)=「驗證成功」(m=se(mod n)時)=「驗證失敗」(m≠se(mod n)時) r=F V (m, s, e) = "verification succeeded" (when m=s e (mod n)) = "verification failed" (m≠s e (mod n))

而,m:裝置對象資訊;s:署名資訊;e、n:公開資訊(驗證鍵kv)。 And, m: device object information; s: signature information; e, n: public information (verification key k v ).

其次,步驟S307中,判別部22,根據署名驗證部21產生得驗證結果r,判別是否驗證成功。驗證結果r是「驗證成功」的話,根據Yes的分岔進行至步驟S308,通知判別資訊取得裝置5判別對象裝置2是正當裝置。驗證結果r2是「驗證失敗」,根據No的分岔進行至步驟S309,通知判別資訊取得裝置5判別對象裝置2不是正當裝置。被通知別結果的判別資訊取得裝置5,隨著裝置資訊d在顯示部113顯示判別結果。又,有可能從同一操作者接收的配對複數存在時,對於全部的配對實施署名驗證運算。 Next, in step S307, the determination unit 22 determines whether or not the verification is successful based on the verification result r generated by the signature verification unit 21. If the verification result r is "verification successful", the process proceeds to step S308 based on the Yes score, and the notification determination information acquisition means 5 determines that the target device 2 is a legitimate device. The verification result r2 is "verification failure", and the process proceeds to step S309 based on the No., and the notification determination information acquisition means 5 determines that the target device 2 is not a legitimate device. The discrimination information acquisition device 5, which is notified of the result, displays the determination result on the display unit 113 as the device information d. Further, when there is a possibility that the pairing complex received from the same operator exists, the signature verification operation is performed for all the pairs.

接收驗證結果r的判別資訊取得裝置5的顯示部113,驗證結果r是「驗證成功」的話,顯示判別對象裝置2是正當裝置之判別結果,驗證結果r是「驗證失敗」,顯示判別對象裝置2不是正當裝置之判別結果。 When the verification result r is "verification successful", the display unit 113 of the discrimination information acquisition device 5 that has received the verification result r displays the determination result of the determination device 2 as the legitimate device, and the verification result r is "verification failure", and the determination target device is displayed. 2 is not the discriminating result of the proper device.

以上,係(4)的真品贗品判別處理。 The above is the authentic product discrimination process of (4).

如上述,本實施例的發明中,根據操作者的輸入操作,真品贗品判別裝置1經由已連接的網路取得接判別對象裝置2的元件資訊p,對於另外接收的裝置資訊d與署名資訊s,藉由追加驗證取得的元件資訊p是否是正當資料之處理,以與條碼單體進行真品贗品判別的情況相同程度的工夫,具有 能夠進行比條碼單體的情況更高精確度的真品贗品判別之效果。 As described above, in the invention of the present embodiment, the authenticity product discrimination device 1 acquires the component information p of the discrimination target device 2 via the connected network, and the device information d and the signature information s received separately according to the input operation of the operator. Whether the component information p obtained by the additional verification is the processing of the legitimate data, and has the same degree of work as the case where the bar code unit performs the genuine product identification, and has It is possible to perform the effect of authenticity discrimination with higher accuracy than the case of the bar code unit.

又,操作者操作判別對象裝置2的輸入部170,藉由明示傳送元件資訊p,真品贗品判別裝置1的判別部22,可以判別從各個裝置接收的元件資訊p與裝置資訊d、署名資訊s是從同一操作者接收的資訊。 Further, the operator operates the input unit 170 of the determination target device 2, and by clearly indicating the transmission component information p, the determination unit 22 of the authentic product discrimination device 1 can determine the component information p and the device information d and the signature information s received from the respective devices. Is information received from the same operator.

又,第一實施例中記載的實施的變化,關於本第二實施例也同樣可以適用。 Further, the change of the embodiment described in the first embodiment can be applied similarly to the second embodiment.

又,本第二實施例中,(4)的真品贗品判別處理中,真品贗品判別裝置1的判別部22,執行元件資訊p、裝置資訊d、署名資訊s的正當性驗證,但使判別對象裝置2與判別資訊取得裝置5分別具有位置資訊取得部,也傳送各裝置的位置資訊,藉此利用位置資訊,也可以執行判別對象裝置2的正當性驗證。具體而言,根據各裝置的位置資訊,判斷各裝置的距離在一定以下時,判別為各資訊是從同一操作者接收的。又,位置資訊取得部,可以利用GPS(全球定位系統)等實現。 Further, in the second embodiment, in the authenticity product discrimination processing of (4), the determination unit 22 of the authenticity product discrimination device 1 performs verification of the validity of the component information p, the device information d, and the signature information s, but makes the discrimination target The device 2 and the discrimination information acquisition device 5 each have a position information acquisition unit, and also transmit position information of each device, whereby the position verification can be used to verify the validity of the determination target device 2. Specifically, when it is determined that the distance between the devices is equal to or less than a certain value based on the position information of each device, it is determined that each piece of information is received from the same operator. Further, the location information acquisition unit can be realized by using a GPS (Global Positioning System) or the like.

又,作為執行判別對象裝置2的正當性驗證的另一方法,使判別資訊取得裝置5具有隨機數產生部,以判別資訊取得裝置5產生、顯示的隨機數輸入至判別對象裝置2的輸入部170,也可以從各裝置傳送此隨機數至真品贗品判別裝置1。相反地,使判別對象裝置2具有隨機數產生部與顯示部,並使判別資訊取得裝置5具有輸入部,也可以同樣實現。又,顯示的隨機數手動輸入至各裝置也可以,具有隨機數讀取部機械讀取也可以。 In addition, as another method of performing the verification of the validity of the determination target device 2, the determination information acquisition device 5 includes a random number generation unit that inputs the random number generated and displayed by the information acquisition device 5 to the input unit of the determination target device 2. 170. This random number can also be transmitted from each device to the authenticity discrimination device 1. On the other hand, the determination target device 2 may have the random number generation unit and the display unit, and the determination information acquisition device 5 may have an input unit. Further, the displayed random number may be manually input to each device, and may be mechanically read by the random number reading unit.

又,本第二實施例中,以真品贗品判別裝置1,執行判別對象裝置2的正當性驗證,但也可以使真品贗品判別裝置1具有隨機數產生部,傳送同一隨機數給判別對象裝置2與判別資訊取得裝置5,並使其顯示,藉由操作者確認隨機數的相同性,確認判別對象裝置2的正當性。此時,真品贗品判別裝置1,根據裝置資訊d可以明確指定裝置或裝置的IP位址的話,不用判別對象裝置2的輸入部170,真品贗品判別裝置1也可以自動取得判別對象裝置2的元件資訊記憶部41記憶的元件資訊p。 In the second embodiment, the authenticity verification device 1 performs the verification of the authenticity of the determination target device 2. However, the authenticity discrimination device 1 may have the random number generation unit and transmit the same random number to the determination target device 2. The identification information acquisition device 5 is displayed and displayed, and the operator confirms the validity of the random number, and the validity of the determination target device 2 is confirmed. In this case, the authenticity product discriminating device 1 can specify the IP address of the device or device based on the device information d, and the authenticity product discriminating device 1 can automatically acquire the components of the discriminating device 2 without determining the input unit 170 of the target device 2. The component information p memorized by the information storage unit 41.

1‧‧‧真品贗品判別裝置 1‧‧‧ Genuine product identification device

20‧‧‧驗證鍵記憶部 20‧‧‧Verification key memory

21‧‧‧署名驗證部 21‧‧‧Signature Verification Department

22‧‧‧判別部 22‧‧‧Discrimination Department

23‧‧‧通訊部 23‧‧‧Communication Department

Claims (7)

一種真品贗品判別裝置,包括:通訊部,接收顯示構成判別真偽的判別對象裝置的內部之元件的資訊之元件資訊、顯示上述判別對象裝置的固有資訊之裝置資訊以及對於上述判別對象裝置的上述裝置資訊與上述元件資訊的配對之署名資訊;驗證鍵記憶部,記憶對應產生上述署名資訊的產生鍵之驗證鍵;署名驗證部,使用上述驗證鍵,驗證上述通訊部接收的上述元件資訊、上述裝置資訊與上述署名資訊的配對正當性;以及判別部,根據上述署名驗證部驗證的上述正當性,判別上述判別對象裝置的真偽。 A authenticity product discriminating device includes: a communication unit that receives component information that displays information of components inside the device that determines the authenticity of the device, device information that displays unique information of the device to be identified, and the above-described device for the discrimination target device a signature information of the pairing of the device information and the component information; a verification key storage unit that memorizes a verification key corresponding to the generation key of the signature information; and a signature verification unit that verifies the component information received by the communication unit using the verification key, The pairing legitimacy of the device information and the signature information; and the determination unit determines the authenticity of the device to be determined based on the validity of the verification by the signature verification unit. 如申請專利範圍第1項所述的真品贗品判別裝置,其包括一判別資訊登錄裝置,包括:署名鍵對產生部,產生上述產生鍵與上述驗證鍵的配對;署名產生部,從上述判別對象裝置取得上述裝置資訊與上述元件資訊,利用上述署名鍵對產生部產生的上述產生鍵,產生對於上述裝置資訊與上述元件資訊的配對之上述署名資訊;以及判別資訊登錄部,登錄上述署名鍵對產生部產生的上述驗證鍵在上述驗證鍵記憶部中,並登錄上述署名產生部產生的上述署名資訊在上述判別對象裝置中。 The authenticity product discriminating device according to claim 1, comprising a discriminating information registration device, comprising: a signature key pair generating unit that generates a pair of the generation key and the verification key; and a signature generation unit that determines the object from the determination The device acquires the device information and the component information, generates the signature information for pairing the device information and the component information by using the generation key generated by the signature key pair generating unit, and the identification information registration unit registers the signature key pair The verification key generated by the generation unit is in the verification key storage unit, and the signature information generated by the signature generation unit is registered in the determination target device. 如申請專利範圍第1項所述的真品贗品判別裝置,其中, 顯示上述裝置資訊與上述署名資訊於上述判別裝置對象的框架內。 The authentic product discriminating device according to the first aspect of the patent application, wherein The device information and the signature information are displayed in a frame of the object of the discriminating device. 如申請專利範圍第1項所述的真品贗品判別裝置,包括:元件資訊取得部,從上述判別對象裝置取得上述元件資訊;裝置資訊取得部,從上述判別對象裝置取得上述裝置資訊以及上述署名資訊;以及判別資訊取得裝置,傳送上述元件資訊、上述裝置資訊、上述署名資訊至通訊部。 The authenticity product discriminating device according to the first aspect of the invention, comprising: a component information obtaining unit that acquires the component information from the determination target device; and a device information acquisition unit that acquires the device information and the signature information from the determination target device And the discrimination information acquisition device transmits the component information, the device information, and the signature information to the communication unit. 如申請專利範圍第4項所述的真品贗品判別裝置,更包括:接收資料驗證部,從上述判別對象裝置經由網路取得上述元件資訊,驗證對於上述接收部從上述判別資訊取得裝置接收的上述裝置資訊和上述署名資訊與取得的上述元件資訊的配對之正當性;其中,上述署名驗證部,對於上述接收資料驗證部驗證正當性的上述元件資訊、上述裝置資訊及上述署名資訊的配對,驗證正當性。 The authenticity product discriminating device according to claim 4, further comprising: a received data verification unit that acquires the component information from the determination target device via a network, and verifies the above-mentioned receiving unit receiving the information received from the determination information acquisition device The device information and the validity of the matching of the signature information and the obtained component information; wherein the signature verification unit verifies the pairing of the component information, the device information, and the signature information for verifying the validity of the received data verification unit. Justification. 一種真品贗品判別系統,包括:判別對象裝置,包括:裝置資訊記憶部,記憶顯示本身固有的資訊之裝置資訊;元件資訊記憶部,記憶顯示構成本身內部的元件的資訊之元件資訊;以及署名記憶部,記憶對於上述裝置資訊與上述元件資訊的配對之署名資訊;判別資訊取得裝置,包括: 元件資訊取得部,從上述判別對象裝置取得上述元件資訊;裝置資訊取得部,從上述判別對象裝置取得上述裝置資訊以及上述署名資訊;上述判別資訊取得裝置傳送上述元件資訊、上述裝置資訊、上述署名資訊至通訊部;通訊部,從上述判別資訊取得裝置接收上述元件資訊、上述裝置資訊、上述署名資訊;以及真品贗品判別裝置,包括:驗證鍵記憶部,記憶對應產生上述署名資訊的產生鍵之驗證鍵;署名驗證部,使用上述驗證鍵,驗證上述通訊部接收的上述元件資訊、上述裝置資訊與上述署名資訊的配對正當性;以及判別部,根據上述署名驗證部驗證的上述正當性,判別上述判別對象裝置的真偽。 A genuine product discrimination system includes: a device for determining a target, comprising: a device information storage unit, device information for memorizing the information inherent in the device; a component information storage unit for memorizing display of component information of information constituting components inside thereof; and signature memory a part of the signature information for matching the device information with the component information; the discriminating information obtaining device includes: The component information acquisition unit acquires the component information from the determination target device, and the device information acquisition unit acquires the device information and the signature information from the determination target device, and the determination information acquisition device transmits the component information, the device information, and the signature. a communication to the communication unit; the communication unit receives the component information, the device information, and the signature information from the discrimination information acquisition device; and the authenticity product discrimination device includes: a verification key storage unit that memorizes a generation key corresponding to the generation of the signature information a verification key; the signature verification unit verifies the pairing validity of the component information received by the communication unit, the device information, and the signature information by using the verification key; and the determination unit determines the validity according to the verification by the signature verification unit The authenticity of the above-mentioned discrimination target device. 一種真品贗品判別方法,其包括一真品贗品判別裝置用以對於判別對象裝置的真偽進行判別,包括下列步驟:通訊步驟,通訊部接收顯示上述判別對象裝置的固有資訊之裝置資訊、顯示構成上述判別對象裝置的內部之元件的資訊之元件資訊、以及對於上述裝置資訊與上述元件資訊的配對之署名資訊;署名驗證步驟,署名驗證部使用對應產生上述署名資訊的產生鍵之驗證鍵,驗證上述通訊部接收的上述元件資訊、上述裝置資訊與上述署名資訊的配對正當性;以及判別步驟,判別部根據上述署名驗證部驗證的上述正當 性,判別上述判別對象裝置的真偽。 A method for discriminating a genuine product, comprising: a product identification device for discriminating the authenticity of the device to be determined, comprising the following steps: a communication step, the communication unit receiving device information indicating the inherent information of the device to be identified, and displaying the above a component information for identifying information of components inside the target device, and signature information for pairing the device information with the component information; and a signature verification step, the signature verification unit verifies the above by using a verification key corresponding to a generation key for generating the signature information The above-mentioned component information received by the communication unit, the pairing legitimacy of the device information and the signature information, and a discriminating step, the discriminating unit verifies the above-mentioned legitimateity according to the signature verification unit The authenticity of the device to be discriminated is discriminated.
TW104120461A 2015-06-22 2015-06-25 Authenticity product identification device, authentic product identification system and authentic product identification method TWI609581B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2015/067863 WO2016207945A1 (en) 2015-06-22 2015-06-22 Authenticity determination device, authenticity determination system, and authenticity determination method

Publications (2)

Publication Number Publication Date
TW201701611A true TW201701611A (en) 2017-01-01
TWI609581B TWI609581B (en) 2017-12-21

Family

ID=57585181

Family Applications (1)

Application Number Title Priority Date Filing Date
TW104120461A TWI609581B (en) 2015-06-22 2015-06-25 Authenticity product identification device, authentic product identification system and authentic product identification method

Country Status (4)

Country Link
JP (1) JP6359188B2 (en)
CN (1) CN107735983B (en)
TW (1) TWI609581B (en)
WO (1) WO2016207945A1 (en)

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102007026836A1 (en) * 2007-06-06 2008-12-11 Bundesdruckerei Gmbh Method and system for checking the authenticity of a product and reader
JP5145882B2 (en) * 2007-11-09 2013-02-20 富士ゼロックス株式会社 Authenticity determination device, program, and storage medium
WO2009072387A1 (en) * 2007-12-03 2009-06-11 International Frontier Technology Laboratory, Inc. Genuine & counterfeit certification member
US8578161B2 (en) * 2010-04-01 2013-11-05 Intel Corporation Protocol for authenticating functionality in a peripheral device
US8839459B2 (en) * 2010-09-22 2014-09-16 Qualcomm Incorporated Product authentication using end-to-end cryptographic scheme
TWI546692B (en) * 2011-10-27 2016-08-21 電子戰協會公司 Systems and methods of device authentication including features of circuit testing and verification in connection with known board information
WO2013101085A1 (en) * 2011-12-29 2013-07-04 Intel Corporation Secure key storage using physically unclonable functions
US8938792B2 (en) * 2012-12-28 2015-01-20 Intel Corporation Device authentication using a physically unclonable functions based key generation system

Also Published As

Publication number Publication date
CN107735983B (en) 2020-12-04
TWI609581B (en) 2017-12-21
CN107735983A (en) 2018-02-23
JP6359188B2 (en) 2018-07-18
WO2016207945A1 (en) 2016-12-29
JPWO2016207945A1 (en) 2017-08-17

Similar Documents

Publication Publication Date Title
CN110287682B (en) Login method, device and system
TWI522836B (en) Network authentication method and system for secure electronic transaction
CN107409049B (en) Method and apparatus for securing mobile applications
US11539690B2 (en) Authentication system, authentication method, and application providing method
KR101863953B1 (en) System and method for providing electronic signature service
CN114556865A (en) Electronic device and method for managing block chain address by using same
EP2645338A1 (en) System and method for secure voting
CN107133520B (en) Credibility measuring method and device for cloud computing platform
CN110177111B (en) Information verification method, system and device
CN113596046A (en) Bidirectional authentication method and device
US20170331631A1 (en) A method and device for authentication
JP2009212731A (en) Card issuing system, card issuing server, and card issuing method, and program
CN111783049A (en) User information processing method and system based on block chain
CN103686712A (en) Network connecting method and electronic device
CN111125665A (en) Authentication method and device
CN116506134B (en) Digital certificate management method, device, equipment, system and readable storage medium
CN115244893A (en) Registration device, authentication device, identification device, and individual identification system
CN117640096A (en) Method of updating device certificate and device for driving the same
TWI609581B (en) Authenticity product identification device, authentic product identification system and authentic product identification method
JP2013062650A (en) Data verification device, data verification method for data verification device, data verification program, and data verification system
CN112583600B (en) User authentication method, device, electronic equipment and medium
JP2009163676A (en) Connection system for configuration verifying equipment, verification terminal, connection method for configuration verifying equipment, and program
TWI590637B (en) Genuine counterfeit identification device and authentic counterfeit identification method
CN114117388A (en) Device registration method, device registration apparatus, electronic device, and storage medium
JP6988525B2 (en) Registration system and registration method

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees