WO2012041070A1 - Radio frequency identification tag access method and device - Google Patents

Radio frequency identification tag access method and device Download PDF

Info

Publication number
WO2012041070A1
WO2012041070A1 PCT/CN2011/074647 CN2011074647W WO2012041070A1 WO 2012041070 A1 WO2012041070 A1 WO 2012041070A1 CN 2011074647 W CN2011074647 W CN 2011074647W WO 2012041070 A1 WO2012041070 A1 WO 2012041070A1
Authority
WO
WIPO (PCT)
Prior art keywords
bitmap
access
tag
command
tag access
Prior art date
Application number
PCT/CN2011/074647
Other languages
French (fr)
Chinese (zh)
Inventor
刘志起
黄志道
郭慰
张恺
李凯
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012041070A1 publication Critical patent/WO2012041070A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • G06Q20/35765Access rights to memory zones
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/0826Embedded security module

Definitions

  • the present invention relates to the field of wireless communication technologies, and in particular, to a Bitmap (Position Map)-based RFID (Radio Frequency Identification) tag access method and device. Background technique
  • RFID technology is a non-contact automatic identification technology. Compared with traditional barcodes, magnetic cards and IC cards (Integrated Circuit Cards), RFID systems do not require manual intervention, and have fast reading speed, non-contact, and no It is widely used due to its characteristics of wear, environmental protection, long life and ease of use.
  • the most basic RFID system includes a reader (or reader) and a tag (also known as a radio frequency card), which uses wireless radio to perform non-contact two-way data transmission between the reader and the tag to achieve target recognition and data exchange.
  • the basic working process of the RFID system is:
  • the reader sends an RF signal of a certain frequency through the internal RF antenna.
  • the passive tag enters the working area of the RF antenna of the reader, the received RF signal is converted by the beam power supply principle.
  • the passive tag gets the energy activated, responds to the RF signal of the reader, and passes the information in the tag, such as EPC (Electronic Product Code), through the passive tag.
  • EPC Electronic Product Code
  • the memory of a tag is generally divided into multiple areas that are independent of each other, and different areas correspond to different applications, and each application access is divided into its own tag memory information.
  • each memory area There is no limit to the access to each memory area, and it can be modified arbitrarily, which is prone to errors and insufficient security. Therefore, an RFID tag access scheme is urgently needed to overcome the above drawbacks. Summary of the invention
  • the technical problem to be solved by the present invention is to provide an RFID tag access method and device, which can solve the problem of restricted access of different applications to different memory areas of the same tag, thereby ensuring the security of tag access.
  • An RFID tag access method comprising the steps of: receiving a tag access command, specifying an application type in the tag access command; acquiring a bitmap corresponding to an application type in the tag access command, the bitmap and Correlating the memory area of the label; and determining, according to the obtained bitmap, whether the label access command has the access authority of the corresponding memory area, and if the access right is performed, executing the label access command, if the access right is not, stopping execution The tag access command.
  • the method before the step of receiving the tag access command, the method further includes: respectively setting bitmaps corresponding to different application types and respectively storing the bitmaps in the storage medium.
  • the method before the step of separately setting a bitmap for the different application types, the method further includes: dividing the memory of the tag into a plurality of memory regions according to an application type; and placing the bit The graph is associated with the memory area of the label.
  • the step of associating the bitmap with the memory area of the label is specifically: associating the bitmap with a memory area of the label according to a mapping method in which two bits of the bitmap correspond to one bit of the memory area .
  • the step of determining, according to the acquired bitmap, whether the tag access command has the access authority of the corresponding memory area specifically includes: according to the start address and the length in the tag access command, each time in units of bits One-bit access rights are compared. If all the bits satisfy the access rights, the tag access command is continued, otherwise the tag access command is stopped.
  • the method for accessing the RFID tag before the storing the bitmap in the storage medium, the method further includes: encrypting the bitmap, and the step of acquiring the bitmap corresponding to the application specifically includes: A bitmap is read from the storage medium and the bitmap is decrypted.
  • the step of encrypting the bitmap is specifically:: encrypting the bitmap by using a 3DES algorithm.
  • the method further includes: performing authentication with the storage medium to obtain access to the storage medium. Permissions. Specifically, the step is to load a key and authenticate with the storage medium through the key to obtain access to the storage medium.
  • An RFID tag access device includes a command receiving module, a bitmap reading module, and an access authority verification module.
  • the command receiving module is configured to receive a tag access command, where the tag access command specifies an application type
  • the bitmap reading module is configured to acquire an application type in a tag access command received by the command receiving module.
  • the bitmap is associated with a memory area of the label
  • the access authority verification module is configured to determine, according to the acquired bitmap, whether the label access command has access rights of a corresponding memory area, if there is access The permission executes the tag access command, and stops executing the tag access command if there is no access right.
  • the RFID tag access device further includes a bitmap storage module, and the bitmap storage module is configured to store a bitmap corresponding to the application type.
  • the RFID tag access device further includes a bitmap decryption module, and the bitmap decryption module is configured to decrypt the bitmap acquired by the bitmap reading module.
  • the RFID tag access device further includes an authentication module, and the authentication module is configured to perform authentication with the bitmap storage module to obtain permission to access the bitmap storage module.
  • the bitmap storage module is a PSAM card
  • the RFID tag access device further includes a key reading module configured to acquire a key of the PSAM card.
  • the RFID tag access device further includes a key writing module configured to write the PSAM card key to a designated location of the reader/writer.
  • the Bitmap-based RFID tag access method and device of the present invention sets a Bitmap according to different business applications, and sets access rights for different memory areas in the tag through Bitmap, that is, different memory in the tag according to different service applications.
  • the locale access permission is used to determine whether the tag access command can be executed according to the access permission specified in the Bitmap, so that different service applications can only access the memory area specified in the tag, thereby avoiding the application.
  • the memory area outside the scope is modified to ensure the security of the tag access.
  • Figure 1 is a memory space distribution diagram of the label
  • FIG. 2 is a schematic flowchart of a first embodiment of a Bitmap-based RFID tag access method according to the present invention
  • FIG. 3 is a schematic diagram of memory planning of a tag in a Bitmap-based RFID tag access method according to the present invention
  • FIG. 4 is a schematic diagram of mapping a Bitmap and a user area of a tag in a Bitmap-based RFID tag access method according to the present invention
  • FIG. 5 is a schematic flowchart of a second embodiment of a method for accessing a Bitmap-based RFID tag according to the present invention.
  • Figure 6 is a schematic diagram of a PSAM card key writing process
  • FIG. 7 is a schematic structural diagram of an embodiment of a Bitmap-based RFID tag access device according to the present invention.
  • FIG. 8 is a structural diagram of another embodiment of a Bitmap-based RFID tag access device according to the present invention. detailed description
  • the present invention provides a Bitmap-based RFID tag access method and device, which can solve the problem of restricted access of different service applications to different memory areas of the same tag, thereby ensuring the security of tag access.
  • the UHF tag is taken as an example to illustrate the Bitmap-based RFID tag access method and device of the present invention.
  • the operating frequency of UHF tags generally ranges from 860 to 960 MHz, and the communication standards used are ISO18000-6B and ISO18000-6C.
  • Embodiments of the present invention are hereinafter described using UHF tags of the ISO 18000-6B communication standard.
  • the available memory of the tag is 224BYTE.
  • its available memory space is divided into two major blocks: system memory and user memory.
  • the system memory area accounts for 18 BYTE, and is not allowed to be used as the storage of service data, and the processing method of the factory is solidified, and the user memory area accounts for 206 BYTE, which is used for storing business data.
  • the Bitmap-based RFID tag access method of this embodiment includes: Step 101: Receive a tag access command, where an application type is specified in the tag access command. Step 102: Obtain a Bitmap corresponding to an application type in the tag access command, where the Bitmap is associated with a memory area of the tag.
  • the Bitmap can be associated with a plurality of memory regions of the tag in the following manner.
  • the user memory area is planned according to the application type of the service application, for example, it can be divided into a basic information area, a service application area 1, a service application area 2, a service application area 3, and the like, as shown in FIG. Show.
  • the common information of all business applications is used as basic information, and the information of different business applications is stored in different business application areas.
  • the memory space corresponding to different business applications should not overlap.
  • the basic information area and the service application area may be divided according to BYTE. It can also be divided according to Bit.
  • mapping is performed according to a Bit mapping method of Bitmap corresponding to a Bit of the user memory area.
  • Bitmap's Bitl and Bit2 limit the user's memory area to Bitl #zhang, Bitmap's Bit3295 and Bit3296 to the user's memory area's last Bit #zhang access limit.
  • Bit in Bitmap is shown in Table 1. It can represent four meanings, which are defined as unrestricted, read limit, write limit, and read/write limit. Among them, there is no limit to indicate that the label can be
  • the write limit means that the memory area of the tag cannot be written.
  • the read/write limit means that the memory area of the tag cannot be read or written.
  • Step 103 Determine, according to the obtained Bitmap, whether the label access command has the access authority of the corresponding memory area, execute the label access command if the access right is available, and stop executing the label access command if there is no access right.
  • the access rights of each bit are compared according to Bit-time. If all the bits satisfy the access right, the execution is continued, otherwise the execution is stopped. Further, for the read command: the access permission of the Bitmap is unrestricted, the write limit can be continued, and the access permission of the Bitmap is stopped when the read limit and the read/write limit are stopped; for the write command: the access permission of the Bitmap is unlimited, You can continue execution when the limit is read, and stop execution when the access permissions of Bitmap are write limit and read/write limit.
  • the Bitmap-based RFID tag access method of this embodiment is designed according to different business applications.
  • the tag access command of the service application it is determined whether the tag access command can be executed according to the access permission specified in the Bitmap, so that different service applications can only access the memory area specified in the tag, and the memory area outside the service application range is avoided. Modifications are made to ensure the security of tag access.
  • FIG. 5 is a flow chart of a method for accessing a Bitmap-based RFID tag according to a second embodiment of the present invention.
  • the PSAM (Terminal Security Control Module) card is taken as an example to illustrate a Bitmap-based RFID tag access method of the present invention.
  • the Bitmap-based RFID tag access method of the second embodiment includes:
  • Step 201 Plan the user memory area according to the type of the service application. Specifically, it can be divided into a basic information area, a service application area 1, a service application area 2, a service application area 3, and the like, as shown in FIG.
  • the common information of all business applications is used as basic information, and the information of different business applications is stored in different business application areas.
  • the memory space corresponding to different business applications should not overlap.
  • the basic information area and the service application area may be divided according to BYTE, or may be divided according to Bit.
  • Step 202 Set the Bitmap for each application type and save it in the PSAM card. You can store multiple Bitmaps in one PSAM card, select the application type by command, or store a Bitmap corresponding to a PSAM card.
  • the Bitmap is set as follows. As shown in Figure 4, the two Bits of the Bitmap map to a Bit mapping method of the user memory area. That is, the Bitl and Bit2 of the Bitmap restrict access to the Bitl of the user memory area, and the Bitmap's Bit3295 and Bit3296 are used by the user. The last bit in the memory area is used to make access restrictions.
  • the definition of the Bit in the Bitmap is the same as that of the first embodiment (Table 1), and a detailed description is omitted here.
  • the Bitmap is encrypted before it is saved on the PSAM card.
  • the Bitmap can be encrypted using a 3DES algorithm.
  • Table 2 is a file attribute table of the Bitmap of the embodiment.
  • the Bitmap file identifier is 0001-000X, which is determined according to the number of service applications; the file type is binary file; the file size is 412 bytes, which is twice the size of the label user memory area; external authentication is required for access control; For the cipher text, different encryption keys can be used for the Bitmap of different service applications. In this embodiment, the encryption algorithm is unified into 3DES.
  • Step 203 Perform authentication with the PS AM card to obtain the right to access the PS AM card.
  • the PSAM card key is stored in the EEPROM of the reader. After the reader is powered on, the PSAM card key is read first, that is, the key stored in the EEPROM of the reader/writer is read, and the key is used.
  • the PSAM card is authenticated, and the access to the PSAM card is obtained after the authentication is passed, and the file information in the PSAM card can be accessed.
  • Step 203a The upper computer and the reader establish a connection, and the connection can be established through the network port or the serial port.
  • Step 203b Enter the PSAM card key.
  • the PSAM card key is used to access the PSAM card. This key is usually 16 bytes and is stored inside the reader.
  • Step 203c The host computer sends a message to the reader to perform a key write operation.
  • Step 203d The reader authenticates the PSAM card according to the input PSAM card key to ensure that the written key is a key corresponding to the PSAM card.
  • Step 203e After passing the authentication, the PSAM card key is saved in a specific area of the reader/writer, and is usually written into the EEPROM of the reader/writer. After the PSAM card key is written, to access the file information in the PSAM card, the key must be loaded to authenticate the PSAM card.
  • Step 204 Receive a label access command, where an application type is specified in the label access command. Specifically, the parameter of the application type can be input in the tag access command, and the corresponding Bitmap is determined according to the parameter.
  • Step 205 Obtain a Bitmap corresponding to the application type. Specifically, in this embodiment, after the PSAM card is authenticated, all the Bitmaps in the PSAM card are read out and stored in the memory in a two-dimensional array. And all the keys are read out and saved to the memory in a two-dimensional array. The read Bitmap file is then decrypted with the corresponding key, and the decryption algorithm can also use 3DES. Finally, select the corresponding Bitmap according to the application type specified in the tag access command.
  • the Bitmap associated with the application type and the corresponding key file can also be directly read and then decrypted to obtain a Bitmap corresponding to the application type.
  • Step 206 Determine, according to the obtained Bitmap, whether the label access command has the access authority of the corresponding memory area, execute the label access command if the access right is available, and stop executing the label access command if there is no access right.
  • the access rights of each bit are compared according to Bit-time. If all the bits satisfy the access right, the execution is continued, otherwise the execution is stopped. Further, for the read command: the access permission of the Bitmap is unrestricted, the write limit can be continued, and the access permission of the Bitmap is stopped when the read limit and the read/write limit are stopped; for the write command: the access permission of the Bitmap is unlimited, You can continue execution when the limit is read, and stop execution when the access permissions of Bitmap are write limit and read/write limit.
  • the Bitmap-based RFID tag access method of this embodiment sets a Bitmap according to different service applications, and sets access rights for different memory areas in the tag through Bitmap.
  • receives tag access commands of different service applications according to the access specified in the Bitmap Permission to determine the label Whether the access command can be executed, so that different service applications can only access the memory area specified in the label, and the modification of the memory area outside the service application range is avoided, thereby ensuring the security of the label access.
  • FIG. 7 is a block diagram showing the construction of an embodiment of a Bitmap-based RFID tag access device of the present invention.
  • the Bitmap-based RFID tag access device of this embodiment includes a command receiving module 71, a bitmap reading module 72, and an access authority verifying module 73.
  • the command receiving module 71 is configured to receive a tag access command, and the tag access command specifies an application type;
  • the bitmap reading module 72 is configured to acquire a tag access command received by the command receiving module 71.
  • the access authority verification module 73 is configured to determine the tag access command according to the bitmap acquired by the bitmap reading module 72 Whether there is access permission of the corresponding memory area, if the access right is executed, the label access command is executed, and if there is no access right, the label access command is stopped.
  • the Bitmap-based RFID tag access device may further include a bitmap storage module 74, the bitmap storage module 74 is configured to store a bitmap corresponding to the application type, and the bitmap reading module 72 A bitmap is obtained in the bitmap storage module 74.
  • the bitmap storage module 74 can be an encrypted file.
  • the bitmap storage module 74 can also be a separate storage device, such as a PSAM card.
  • the Bitmap-based RFID tag access device of the present embodiment sets the tag access command of the service application according to different service applications, it is determined whether the tag access command can be executed according to the access permission specified in the Bitmap, so that different service applications can only access.
  • the memory area specified in the label avoids modification of the memory area outside the scope of the service application, thereby ensuring the security of the label access.
  • FIG. 8 is a structural diagram of another embodiment of a Bitmap-based RFID tag access device according to the present invention; Schematic.
  • the Bitmap-based RFID tag access device of this embodiment is a reader/writer. As shown in FIG. 8, it includes a key write module 81, a key read module 82, a PSAM authentication module 83, a Bitmap read module 84, and a Bitmap.
  • the key writing module 81 is configured to write the PSAM card key to a specified position of the reader/writer, and is generally written into the EEPROM of the reader/writer.
  • the key reading module 82 is configured to acquire a key of the PSAM card.
  • the PSAM authentication module 83 is configured to perform authentication according to the key acquired by the key reading module 82 and the PSAM card to obtain the right to access the PSAM card.
  • the command receiving module 87 is configured to receive a tag access command, and an application type is specified in the tag access command.
  • the Bitmap reading module 84 is configured to acquire, after the authentication is passed, a bitmap corresponding to an application type in the tag access command received by the command receiving module 87 from the PSAM card, where the bitmap and the label are The memory area is associated.
  • the Bitmap decryption module 85 is arranged to decrypt the Bitmap read by the Bitmap read module 84.
  • the access authority verification module 86 is configured to determine, according to the acquired bitmap, whether the label access command has the access authority of the corresponding memory area, and if the access authority has the access authority, execute the label access command, and stop executing if there is no access right.
  • the tag access command is configured to determine, according to the acquired bitmap, whether the label access command has the access authority of the corresponding memory area, and if the access authority has the access authority, execute the label access command, and stop executing if there is no access right. The tag access command.
  • the Bitmap-based RFID tag access device of the present embodiment sets the tag access command of the service application according to different service applications, it is determined whether the tag access command can be executed according to the access permission specified in the Bitmap, so that different service applications can only access.
  • the memory area specified in the label avoids modification of the memory area outside the scope of the service application, thereby ensuring the security of the label access.
  • the invention can be applied to various fields such as mobile vehicle identification, electronic identification card, warehousing and logistics application, electronic lock-up anti-theft (electronic remote control door lock controller), and the like, and can also be applied to the transportation field, using the label recording the vehicle information as an electronic License plate, complete the vehicle's non-stop charging, vehicle management, public security traffic police enforcement, etc., record the basic information of the vehicle in the traffic field.
  • the basic information area of the memory area of the user, the service applications such as non-stop charging, vehicle management, and public security traffic police enforcement are distributed in different memory areas in the tag, and then the readers of the PSAM with different Bitmaps are allocated to different parts, that is, Restricted access to different memory areas of the tag can be done.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

A radio frequency identification tag access method is disclosed, which comprises: receiving a tag access command, wherein the type of an application is designated; obtaining a bitmap which corresponds to the type of the application in the tag access command, and is related with a memory area of the tag; and judging whether the tag access command has access authority to the corresponding memory area according to the obtained bitmap, if so, executing the tag access command, if not, stopping executing the tag access command. A radio frequency identification tag access device is also disclosed. The radio frequency identification tag access method and the device can set the access authority according to different service applications, thereby realizing that the different service applications can only access the memory areas stipulated in the tag, avoiding modifying the memory areas outside the service application range and further ensuring the tag access safety.

Description

一种射频识别标签访问方法及设备 技术领域  Radio frequency identification tag access method and device
本发明涉及无线通信技术领域, 尤其涉及一种基于 Bitmap (位图) 的 RFID ( Radio Frequency Identification, 射频 i只另 )标签访问方法及设备。 背景技术  The present invention relates to the field of wireless communication technologies, and in particular, to a Bitmap (Position Map)-based RFID (Radio Frequency Identification) tag access method and device. Background technique
RFID技术是一种非接触式的自动识别技术, 与传统的条形码、 磁卡及 IC卡(Integrated Circuit Card, 集成电路卡)相比, RFID系统无须人工干 预, 且具有阅读速度快、 非接触、 无磨损、 不受环境影响、 寿命长、 便于 使用的特点, 因此得到了广泛的应用。  RFID technology is a non-contact automatic identification technology. Compared with traditional barcodes, magnetic cards and IC cards (Integrated Circuit Cards), RFID systems do not require manual intervention, and have fast reading speed, non-contact, and no It is widely used due to its characteristics of wear, environmental protection, long life and ease of use.
最基本的 RFID系统包括读写器 (或阅读器)和标签(又称射频卡), 利用无线射频方式在读写器和标签之间进行非接触双向数据传输, 以达到 目标识别和数据交换的目的。 RFID系统的基本工作流程是: 读写器通过内 部的射频天线发送一定频率的射频信号, 当无源标签进入读写器的射频天 线工作区域时, 利用波束供电原理, 将接收到的射频信号转化为直流电源, 为无源标签内电路供电, 无源标签获得能量被激活, 响应读写器的射频信 号, 将标签中的信息, 如 EPC ( Electronic Product Code , 电子产品码), 通 过无源标签内置的天线利用载波信号发送给读写器。  The most basic RFID system includes a reader (or reader) and a tag (also known as a radio frequency card), which uses wireless radio to perform non-contact two-way data transmission between the reader and the tag to achieve target recognition and data exchange. purpose. The basic working process of the RFID system is: The reader sends an RF signal of a certain frequency through the internal RF antenna. When the passive tag enters the working area of the RF antenna of the reader, the received RF signal is converted by the beam power supply principle. For DC power supply, powering the circuit inside the passive tag, the passive tag gets the energy activated, responds to the RF signal of the reader, and passes the information in the tag, such as EPC (Electronic Product Code), through the passive tag. The built-in antenna is transmitted to the reader using the carrier signal.
在实际应用中, 一般是将标签的内存划分为互相独立的多个区域, 不 同区域对应着不同应用, 各应用访问划分给自己的标签内存信息。 对于各 个内存区域的访问没有限制, 可以任意修改, 容易出现错误, 安全性保障 不足。 因此, 亟待提供一种 RFID标签访问方案以克服上述缺陷。 发明内容 In practical applications, the memory of a tag is generally divided into multiple areas that are independent of each other, and different areas correspond to different applications, and each application access is divided into its own tag memory information. There is no limit to the access to each memory area, and it can be modified arbitrarily, which is prone to errors and insufficient security. Therefore, an RFID tag access scheme is urgently needed to overcome the above drawbacks. Summary of the invention
有鉴于此,本发明要解决的技术问题在于提供一种 RFID标签访问方法 及设备, 其可以解决不同应用对同一标签的不同内存区域的限制访问问题, 进而保证了标签访问的安全性。  In view of the above, the technical problem to be solved by the present invention is to provide an RFID tag access method and device, which can solve the problem of restricted access of different applications to different memory areas of the same tag, thereby ensuring the security of tag access.
为了解决上述技术问题, 本发明的技术方案是这样实现的:  In order to solve the above technical problem, the technical solution of the present invention is implemented as follows:
一种 RFID标签访问方法, 其包括以下步骤: 接收标签访问命令, 所述 标签访问命令中指定了应用类型; 获取与所述标签访问命令中的应用类型 相对应的位图, 所述位图与标签的内存区域相关联; 以及根据获取到的位 图判断所述标签访问命令是否具有相应内存区域的访问权限, 若具有访问 权限则执行所述标签访问命令, 若不具有访问权限则停止执行所述标签访 问命令。  An RFID tag access method, comprising the steps of: receiving a tag access command, specifying an application type in the tag access command; acquiring a bitmap corresponding to an application type in the tag access command, the bitmap and Correlating the memory area of the label; and determining, according to the obtained bitmap, whether the label access command has the access authority of the corresponding memory area, and if the access right is performed, executing the label access command, if the access right is not, stopping execution The tag access command.
优选地, 所述 RFID标签访问方法中, 在所述接收标签访问命令的步骤 之前还包括: 对应不同的应用类型分别设置位图并将其分别保存在存储介 质中。  Preferably, in the RFID tag access method, before the step of receiving the tag access command, the method further includes: respectively setting bitmaps corresponding to different application types and respectively storing the bitmaps in the storage medium.
优选地, 所述 RFID标签访问方法中, 在所述对应不同的应用类型分别 设置位图的步骤之前还包括: 根据应用类型将所述标签的内存划分为多个 内存区域; 以及将所述位图与标签的内存区域相关联。  Preferably, in the RFID tag access method, before the step of separately setting a bitmap for the different application types, the method further includes: dividing the memory of the tag into a plurality of memory regions according to an application type; and placing the bit The graph is associated with the memory area of the label.
进一步地, 所述将位图与标签的内存区域相关联的步骤具体为: 按照 位图的两个比特对应所述内存区域的一个比特的映射方法将所述位图与标 签的内存区域相关联。  Further, the step of associating the bitmap with the memory area of the label is specifically: associating the bitmap with a memory area of the label according to a mapping method in which two bits of the bitmap correspond to one bit of the memory area .
更进一步地, 所述根据获取到的位图判断标签访问命令是否具有相应 内存区域的访问权限的步骤具体包括: 根据所述标签访问命令中的起始地 址和长度, 以比特为单位一次对每一比特的访问权限做比较, 如果所有比 特都满足访问权限, 则继续执行所述标签访问命令, 否则停止执行所述标 签访问命令。 优选地, 所述 RFID标签访问方法中, 在所述将位图保存在存储介质中 之前还包括: 对所述位图进行加密, 则所述获取与应用相对应的位图的步 骤具体包括: 从所述存储介质中读取位图并对所述位图进行解密。 Further, the step of determining, according to the acquired bitmap, whether the tag access command has the access authority of the corresponding memory area, specifically includes: according to the start address and the length in the tag access command, each time in units of bits One-bit access rights are compared. If all the bits satisfy the access rights, the tag access command is continued, otherwise the tag access command is stopped. Preferably, in the method for accessing the RFID tag, before the storing the bitmap in the storage medium, the method further includes: encrypting the bitmap, and the step of acquiring the bitmap corresponding to the application specifically includes: A bitmap is read from the storage medium and the bitmap is decrypted.
优选地,对所述位图进行加密的步骤具体为: 釆用 3DES算法对所述位 图进行加密。  Preferably, the step of encrypting the bitmap is specifically:: encrypting the bitmap by using a 3DES algorithm.
优选地, 所述 RFID标签访问方法中, 在所述获取与标签访问命令中的 应用类型相对应的位图的步骤之前还包括: 与所述存储介质进行认证, 以 获得访问所述存储介质的权限。 具体地, 该步骤为加载密钥并通过所述密 钥与所述存储介质进行认证, 以获得访问所述存储介质的权限。  Preferably, in the method for accessing the RFID tag, before the step of acquiring the bitmap corresponding to the application type in the tag access command, the method further includes: performing authentication with the storage medium to obtain access to the storage medium. Permissions. Specifically, the step is to load a key and authenticate with the storage medium through the key to obtain access to the storage medium.
一种 RFID标签访问设备, 其包括命令接收模块、位图读取模块和访问 权限验证模块。 其中, 所述命令接收模块设置为接收标签访问命令, 所述 标签访问命令中指定了应用类型; 所述位图读取模块设置为获取与所述命 令接收模块接收的标签访问命令中的应用类型相对应的位图, 所述位图与 标签的内存区域相关联; 所述访问权限验证模块设置为根据获取到的位图 判断所述标签访问命令是否具有相应内存区域的访问权限, 若具有访问权 限则执行所述标签访问命令, 若不具有访问权限则停止执行所述标签访问 命令。  An RFID tag access device includes a command receiving module, a bitmap reading module, and an access authority verification module. The command receiving module is configured to receive a tag access command, where the tag access command specifies an application type, and the bitmap reading module is configured to acquire an application type in a tag access command received by the command receiving module. Corresponding bitmap, the bitmap is associated with a memory area of the label; the access authority verification module is configured to determine, according to the acquired bitmap, whether the label access command has access rights of a corresponding memory area, if there is access The permission executes the tag access command, and stops executing the tag access command if there is no access right.
优选地, 所述 RFID标签访问设备还包括位图存储模块, 所述位图存储 模块设置为存储与应用类型相对应的位图。  Preferably, the RFID tag access device further includes a bitmap storage module, and the bitmap storage module is configured to store a bitmap corresponding to the application type.
优选地, 所述 RFID标签访问设备还包括位图解密模块, 所述位图解密 模块设置为对所述位图读取模块获取的位图进行解密。  Preferably, the RFID tag access device further includes a bitmap decryption module, and the bitmap decryption module is configured to decrypt the bitmap acquired by the bitmap reading module.
优选地, 所述 RFID标签访问设备还包括认证模块, 所述认证模块设置 为与所述位图存储模块进行认证, 以获得访问所述位图存储模块的权限。  Preferably, the RFID tag access device further includes an authentication module, and the authentication module is configured to perform authentication with the bitmap storage module to obtain permission to access the bitmap storage module.
优选地, 所述位图存储模块为 PSAM卡, 所述 RFID标签访问设备还 包括密钥读取模块, 设置为获取所述 PSAM卡的密钥。 优选地, 所述 RFID标签访问设备还包括密钥写入模块,设置为将所述 PSAM卡密钥写入读写器的指定位置。 Preferably, the bitmap storage module is a PSAM card, and the RFID tag access device further includes a key reading module configured to acquire a key of the PSAM card. Preferably, the RFID tag access device further includes a key writing module configured to write the PSAM card key to a designated location of the reader/writer.
本发明的基于 Bitmap的 RFID标签访问方法及设备, 根据不同的业务 应用设置 Bitmap , 通过 Bitmap为标签中不同的内存区域设定访问权限, 也 就是说, 根据不同的业务应用对标签中不同的内存区域设置访问权限, 当 接收不同应用的标签访问命令时, 根据 Bitmap中规定的访问权限判断该标 签访问命令是否可以执行, 以实现不同业务应用仅能访问标签中规定的内 存区域, 避免了对应用范围以外的内存区域进行修改, 进而保证了标签访 问的安全性。 附图说明  The Bitmap-based RFID tag access method and device of the present invention sets a Bitmap according to different business applications, and sets access rights for different memory areas in the tag through Bitmap, that is, different memory in the tag according to different service applications. The locale access permission is used to determine whether the tag access command can be executed according to the access permission specified in the Bitmap, so that different service applications can only access the memory area specified in the tag, thereby avoiding the application. The memory area outside the scope is modified to ensure the security of the tag access. DRAWINGS
图 1为标签的内存空间分布图;  Figure 1 is a memory space distribution diagram of the label;
图 2为本发明基于 Bitmap的 RFID标签访问方法的第一实施例的流程 示意图;  2 is a schematic flowchart of a first embodiment of a Bitmap-based RFID tag access method according to the present invention;
图 3为本发明基于 Bitmap的 RFID标签访问方法中的标签的内存规划 示意图;  3 is a schematic diagram of memory planning of a tag in a Bitmap-based RFID tag access method according to the present invention;
图 4为本发明所示基于 Bitmap的 RFID标签访问方法中 Bitmap与标签 的用户内存区的映射示意图;  4 is a schematic diagram of mapping a Bitmap and a user area of a tag in a Bitmap-based RFID tag access method according to the present invention;
图 5为本发明基于 Bitmap的 RFID标签访问方法的第二实施例的流程 示意图;  5 is a schematic flowchart of a second embodiment of a method for accessing a Bitmap-based RFID tag according to the present invention;
图 6为 PSAM卡密钥写入流程示意图;  Figure 6 is a schematic diagram of a PSAM card key writing process;
图 7为本发明基于 Bitmap的 RFID标签访问设备的一个实施例的结构 示意图;  7 is a schematic structural diagram of an embodiment of a Bitmap-based RFID tag access device according to the present invention;
图 8为本发明基于 Bitmap的 RFID标签访问设备的另一实施例的结构 具体实施方式 FIG. 8 is a structural diagram of another embodiment of a Bitmap-based RFID tag access device according to the present invention; detailed description
为了使本发明的技术方案更加清楚、 明了, 下面将结合附图作进一步 详述。  In order to make the technical solutions of the present invention clearer and clearer, the following will be further described in detail with reference to the accompanying drawings.
如上所述, 本发明提供了一种基于 Bitmap的 RFID标签访问方法及设 备, 其可以解决不同业务应用对同一标签的不同内存区域的限制访问问题, 进而保证了标签访问的安全性。  As described above, the present invention provides a Bitmap-based RFID tag access method and device, which can solve the problem of restricted access of different service applications to different memory areas of the same tag, thereby ensuring the security of tag access.
下面以超高频标签为例, 来说明本发明的基于 Bitmap的 RFID标签访 问方法及设备。 在 RFID 技术中, 超高频标签的工作频率一般范围为 860-960MHz, 其釆用的通信标准有 ISO18000-6B、 ISO18000-6C等。 下文 中均釆用 ISO 18000-6B通信标准的超高频标签来对本发明的实施例进行说 明。 按照 ISO18000-6B国际标准协议, 标签的可用内存为 224BYTE。 如图 1所示, 其可用内存空间分为系统内存和用户内存两大块。 其中, 系统内存 区占 18BYTE,不允许作为业务数据的存储使用,并且釆用出厂即固化的处 理方式, 而用户内存区占 206BYTE, 用于存放业务数据。  The UHF tag is taken as an example to illustrate the Bitmap-based RFID tag access method and device of the present invention. In RFID technology, the operating frequency of UHF tags generally ranges from 860 to 960 MHz, and the communication standards used are ISO18000-6B and ISO18000-6C. Embodiments of the present invention are hereinafter described using UHF tags of the ISO 18000-6B communication standard. According to the ISO18000-6B international standard protocol, the available memory of the tag is 224BYTE. As shown in Figure 1, its available memory space is divided into two major blocks: system memory and user memory. The system memory area accounts for 18 BYTE, and is not allowed to be used as the storage of service data, and the processing method of the factory is solidified, and the user memory area accounts for 206 BYTE, which is used for storing business data.
图 2为本发明基于 Bitmap的 RFID标签访问方法的第一实施例的流程 图。 如图 2所示, 本实施例的基于 Bitmap的 RFID标签访问方法包括: 步骤 101 : 接收标签访问命令, 所述标签访问命令中指定了应用类型。 步骤 102: 获取与所述标签访问命令中的应用类型相应的 Bitmap, 所 述 Bitmap与标签的内存区域相关联。  2 is a flow chart of a first embodiment of a Bitmap-based RFID tag access method according to the present invention. As shown in FIG. 2, the Bitmap-based RFID tag access method of this embodiment includes: Step 101: Receive a tag access command, where an application type is specified in the tag access command. Step 102: Obtain a Bitmap corresponding to an application type in the tag access command, where the Bitmap is associated with a memory area of the tag.
具体地, 可以按照以下方式将 Bitmap与标签的多个内存区域相关联。 首先, 根据业务应用的应用类型, 对所述用户内存区进行规划, 例如, 可以将其划分为基本信息区、 业务应用 1 区、 业务应用 2 区、 业务应用 3 区等等, 如图 3 所示。 将所有业务应用的公用信息作为基本信息, 将各不 同业务应用的信息分别存放在不同的业务应用区。 不同业务应用对应的内 存空间应不重叠。 所述基本信息区和业务应用区可以按照 BYTE来划分, 也可以按照 Bit来划分。 Specifically, the Bitmap can be associated with a plurality of memory regions of the tag in the following manner. First, the user memory area is planned according to the application type of the service application, for example, it can be divided into a basic information area, a service application area 1, a service application area 2, a service application area 3, and the like, as shown in FIG. Show. The common information of all business applications is used as basic information, and the information of different business applications is stored in different business application areas. The memory space corresponding to different business applications should not overlap. The basic information area and the service application area may be divided according to BYTE. It can also be divided according to Bit.
然后, 使 Bitmap与用户内存区相映射。 如图 4所示, 在本实施例中, 按照 Bitmap的两个 Bit对应用户内存区的一个 Bit的映射方法进行映射。 Bitmap的 Bitl和 Bit2对用户内存区的 Bitl #丈访问限制, Bitmap的 Bit3295 和 Bit3296对用户内存区的最后一个 Bit #丈访问限制。  Then, map the Bitmap to the user memory area. As shown in FIG. 4, in this embodiment, mapping is performed according to a Bit mapping method of Bitmap corresponding to a Bit of the user memory area. Bitmap's Bitl and Bit2 limit the user's memory area to Bitl #zhang, Bitmap's Bit3295 and Bit3296 to the user's memory area's last Bit #zhang access limit.
Bitmap中 Bit的定义如表 1所示, 其可以代表四种含义, 分别定义为 无限制、 读限制、 写限制、 读写限制。 其中, 无限制表示可以对所在标签  The definition of Bit in Bitmap is shown in Table 1. It can represent four meanings, which are defined as unrestricted, read limit, write limit, and read/write limit. Among them, there is no limit to indicate that the label can be
写限制表示不可以对所在标签内存区域进行写操作; 读写限制表示不可以 对所在标签内存区域进行读写操作。 The write limit means that the memory area of the tag cannot be written. The read/write limit means that the memory area of the tag cannot be read or written.
Figure imgf000008_0001
Figure imgf000008_0001
表 1  Table 1
步骤 103: 根据获取到的 Bitmap判断所述标签访问命令是否具有相应 内存区域的访问权限, 若具有访问权限则执行所述标签访问命令, 若不具 有访问权限则停止执行所述标签访问命令。  Step 103: Determine, according to the obtained Bitmap, whether the label access command has the access authority of the corresponding memory area, execute the label access command if the access right is available, and stop executing the label access command if there is no access right.
具体地, 可以根据标签访问命令中的起始地址和长度,按 Bit—次对每 一 Bit的访问权限做比较, 如果所有 Bit都满足访问权限, 则继续执行, 否 则停止执行。 进一步地, 对于读命令: Bitmap 的访问权限为无限制、 写限 制时可以继续执行,而 Bitmap的访问权限为读限制和读写限制时停止执行; 对于写命令: Bitmap 的访问权限为无限制、 读限制时可以继续执行, 而 Bitmap的访问权限为写限制和读写限制时停止执行。  Specifically, according to the starting address and length in the tag access command, the access rights of each bit are compared according to Bit-time. If all the bits satisfy the access right, the execution is continued, otherwise the execution is stopped. Further, for the read command: the access permission of the Bitmap is unrestricted, the write limit can be continued, and the access permission of the Bitmap is stopped when the read limit and the read/write limit are stopped; for the write command: the access permission of the Bitmap is unlimited, You can continue execution when the limit is read, and stop execution when the access permissions of Bitmap are write limit and read/write limit.
本实施例的基于 Bitmap的 RFID标签访问方法根据不同的业务应用设 同业务应用的标签访问命令时, 根据 Bitmap中规定的访问权限判断该标签 访问命令是否可以执行, 以实现不同业务应用仅能访问标签中规定的内存 区域, 避免了对业务应用范围以外的内存区域进行修改, 进而保证了标签 访问的安全性。 The Bitmap-based RFID tag access method of this embodiment is designed according to different business applications. When the tag access command of the service application is used, it is determined whether the tag access command can be executed according to the access permission specified in the Bitmap, so that different service applications can only access the memory area specified in the tag, and the memory area outside the service application range is avoided. Modifications are made to ensure the security of tag access.
图 5为本发明基于 Bitmap的 RFID标签访问方法的第二实施例的流程 图, 本实施例以 PSAM (终端安全控制模块)卡为例, 来说明本发明的基 于 Bitmap的 RFID标签访问方法。 如图 5所示, 第二实施例的基于 Bitmap 的 RFID标签访问方法包括:  FIG. 5 is a flow chart of a method for accessing a Bitmap-based RFID tag according to a second embodiment of the present invention. The PSAM (Terminal Security Control Module) card is taken as an example to illustrate a Bitmap-based RFID tag access method of the present invention. As shown in FIG. 5, the Bitmap-based RFID tag access method of the second embodiment includes:
步骤 201 :根据业务应用的类型,对所述用户内存区进行规划。具体地, 可以将其划分为基本信息区、 业务应用 1 区、 业务应用 2 区、 业务应用 3 区等等, 如图 3 所示。 将所有业务应用的公用信息作为基本信息, 将各不 同业务应用的信息分别存放在不同的业务应用区。 不同业务应用对应的内 存空间应不重叠。 所述基本信息区和业务应用区可以按照 BYTE来划分, 也可以按照 Bit来划分。  Step 201: Plan the user memory area according to the type of the service application. Specifically, it can be divided into a basic information area, a service application area 1, a service application area 2, a service application area 3, and the like, as shown in FIG. The common information of all business applications is used as basic information, and the information of different business applications is stored in different business application areas. The memory space corresponding to different business applications should not overlap. The basic information area and the service application area may be divided according to BYTE, or may be divided according to Bit.
步骤 202: 对应不同的应用类型分别设置 Bitmap并将其保存在 PSAM 卡中。 可以在一个 PSAM卡中存储多个 Bitmap, 通过命令选择应用类型, 也可以一个 PSAM卡对应存储一个 Bitmap。  Step 202: Set the Bitmap for each application type and save it in the PSAM card. You can store multiple Bitmaps in one PSAM card, select the application type by command, or store a Bitmap corresponding to a PSAM card.
在本实施例中, 按照以下方式设置 Bitmap。 如图 4所示, Bitmap的两 个 Bit对应用户内存区的一个 Bit的映射方法进行映射, 也就是说, Bitmap 的 Bitl和 Bit2对用户内存区的 Bitl做访问限制, Bitmap的 Bit3295和 Bit3296 对用户内存区的最后一个 Bit做访问限制。 其中, Bitmap中 Bit的定义与实 施例一相同 (表 1 ), 在此省略详细描述。  In this embodiment, the Bitmap is set as follows. As shown in Figure 4, the two Bits of the Bitmap map to a Bit mapping method of the user memory area. That is, the Bitl and Bit2 of the Bitmap restrict access to the Bitl of the user memory area, and the Bitmap's Bit3295 and Bit3296 are used by the user. The last bit in the memory area is used to make access restrictions. The definition of the Bit in the Bitmap is the same as that of the first embodiment (Table 1), and a detailed description is omitted here.
在将 Bitmap保存在 PSAM卡中之前, 对其进行加密。 具体地, 可以釆 用 3DES算法对所述 Bitmap加密。
Figure imgf000010_0001
The Bitmap is encrypted before it is saved on the PSAM card. Specifically, the Bitmap can be encrypted using a 3DES algorithm.
Figure imgf000010_0001
表 2  Table 2
表 2为本实施例的 Bitmap的文件属性表。 其中, Bitmap文件标识为 0001-000X, 根据业务应用的个数决定; 文件类型为二进制文件; 文件大小 为 412字节, 为标签用户内存区大小的两倍; 存取控制时需外部认证; 内 容为密文, 对于不同业务应用的 Bitmap, 可以釆用不同的加密密钥, 在本 实施例中, 加密算法统一为 3DES。  Table 2 is a file attribute table of the Bitmap of the embodiment. The Bitmap file identifier is 0001-000X, which is determined according to the number of service applications; the file type is binary file; the file size is 412 bytes, which is twice the size of the label user memory area; external authentication is required for access control; For the cipher text, different encryption keys can be used for the Bitmap of different service applications. In this embodiment, the encryption algorithm is unified into 3DES.
步骤 203: 与所述 PS AM卡进行认证, 以获得访问所述 PS AM卡的权 限。 通常, PSAM卡密钥保存在读写器的 EEPROM中, 当读写器上电后, 先读取 PSAM卡密钥 , 即读取保存在读写器的 EEPROM中的密钥 , 用此密 钥对 PSAM卡进行认证, 认证通过后即获得访问所述 PSAM卡的权限, 可 以访问 PSAM卡内的文件信息。  Step 203: Perform authentication with the PS AM card to obtain the right to access the PS AM card. Usually, the PSAM card key is stored in the EEPROM of the reader. After the reader is powered on, the PSAM card key is read first, that is, the key stored in the EEPROM of the reader/writer is read, and the key is used. The PSAM card is authenticated, and the access to the PSAM card is obtained after the authentication is passed, and the file information in the PSAM card can be accessed.
显然, 在该步骤之前, 需要将 PSAM卡密钥写入, 该写入流程如图 6 所示, 其包括以下步骤:  Obviously, before this step, the PSAM card key needs to be written. The writing process is shown in Figure 6, which includes the following steps:
步骤 203a: 上位机和读写器建立连接, 可以通过网口或串口建立连接。 步骤 203b:输入 PSAM卡密钥。 PSAM卡密钥用于对 PSAM卡的访问, 此密钥通常为 16字节, 保存在读写器内部。  Step 203a: The upper computer and the reader establish a connection, and the connection can be established through the network port or the serial port. Step 203b: Enter the PSAM card key. The PSAM card key is used to access the PSAM card. This key is usually 16 bytes and is stored inside the reader.
步骤 203c: 上位机发送消息给读写器执行密钥写入操作。  Step 203c: The host computer sends a message to the reader to perform a key write operation.
步骤 203d: 读写器根据输入的 PSAM卡密钥对 PSAM卡进行认证, 以 确保写入的密钥是和 PSAM卡对应的密钥。  Step 203d: The reader authenticates the PSAM card according to the input PSAM card key to ensure that the written key is a key corresponding to the PSAM card.
步骤 203e: 通过认证后, 将所述 PSAM卡密钥保存到读写器的特定区 域中, 通常写入读写器的 EEPROM中。 在 PSAM卡密钥写入后, 要访问 PSAM卡内的文件信息, 就必须加载 该密钥对 PSAM卡进行认证。 Step 203e: After passing the authentication, the PSAM card key is saved in a specific area of the reader/writer, and is usually written into the EEPROM of the reader/writer. After the PSAM card key is written, to access the file information in the PSAM card, the key must be loaded to authenticate the PSAM card.
步骤 204: 接收标签访问命令, 所述标签访问命令中指定了应用类型。 具体的, 可以在标签访问命令中传入应用类型的参数, 根据此参数决定对 应的 Bitmap„  Step 204: Receive a label access command, where an application type is specified in the label access command. Specifically, the parameter of the application type can be input in the tag access command, and the corresponding Bitmap is determined according to the parameter.
步骤 205: 获取与应用类型相对应的 Bitmap。 具体地, 在本实施例中, 在 PSAM卡通过认证后 ,将 PSAM卡中的所有 Bitmap读出 ,按照二维数组 的方式保存到内存中。 并且将所有密钥读出, 按照二维数组的方式保存到 内存中。 然后用对应的密钥对读取的 Bitmap文件进行解密, 解密算法同样 可以釆用 3DES。 最后再根据标签访问命令中指定的应用类型选取对应的 Bitmap„  Step 205: Obtain a Bitmap corresponding to the application type. Specifically, in this embodiment, after the PSAM card is authenticated, all the Bitmaps in the PSAM card are read out and stored in the memory in a two-dimensional array. And all the keys are read out and saved to the memory in a two-dimensional array. The read Bitmap file is then decrypted with the corresponding key, and the decryption algorithm can also use 3DES. Finally, select the corresponding Bitmap according to the application type specified in the tag access command.
可选地,也可以直接读取与应用类型相关的 Bitmap及对应的密钥文件, 然后将其解密以获得与应用类型相应的 Bitmap。  Optionally, the Bitmap associated with the application type and the corresponding key file can also be directly read and then decrypted to obtain a Bitmap corresponding to the application type.
步骤 206: 根据获取到的 Bitmap判断所述标签访问命令是否具有相应 内存区域的访问权限, 若具有访问权限则执行所述标签访问命令, 若不具 有访问权限则停止执行所述标签访问命令。  Step 206: Determine, according to the obtained Bitmap, whether the label access command has the access authority of the corresponding memory area, execute the label access command if the access right is available, and stop executing the label access command if there is no access right.
具体地, 可以根据标签访问命令中的起始地址和长度,按 Bit—次对每 一 Bit的访问权限做比较, 如果所有 Bit都满足访问权限, 则继续执行, 否 则停止执行。 进一步地, 对于读命令: Bitmap 的访问权限为无限制、 写限 制时可以继续执行,而 Bitmap的访问权限为读限制和读写限制时停止执行; 对于写命令: Bitmap 的访问权限为无限制、 读限制时可以继续执行, 而 Bitmap的访问权限为写限制和读写限制时停止执行。  Specifically, according to the starting address and length in the tag access command, the access rights of each bit are compared according to Bit-time. If all the bits satisfy the access right, the execution is continued, otherwise the execution is stopped. Further, for the read command: the access permission of the Bitmap is unrestricted, the write limit can be continued, and the access permission of the Bitmap is stopped when the read limit and the read/write limit are stopped; for the write command: the access permission of the Bitmap is unlimited, You can continue execution when the limit is read, and stop execution when the access permissions of Bitmap are write limit and read/write limit.
本实施例的基于 Bitmap的 RFID标签访问方法根据不同的业务应用设 置 Bitmap , 通过 Bitmap为标签中不同的内存区域设定访问权限, 当接收不 同业务应用的标签访问命令时, 根据 Bitmap中规定的访问权限判断该标签 访问命令是否可以执行, 以实现不同业务应用仅能访问标签中规定的内存 区域, 避免了对业务应用范围以外的内存区域进行修改, 进而保证了标签 访问的安全性。 The Bitmap-based RFID tag access method of this embodiment sets a Bitmap according to different service applications, and sets access rights for different memory areas in the tag through Bitmap. When receiving tag access commands of different service applications, according to the access specified in the Bitmap Permission to determine the label Whether the access command can be executed, so that different service applications can only access the memory area specified in the label, and the modification of the memory area outside the service application range is avoided, thereby ensuring the security of the label access.
图 7本发明基于 Bitmap的 RFID标签访问设备的一个实施例的结构示 意图。 如图 7所示, 本实施例的基于 Bitmap的 RFID标签访问设备包括命 令接收模块 71、 位图读取模块 72和访问权限验证模块 73。 其中, 所述命 令接收模块 71设置为接收标签访问命令, 所述标签访问命令中指定了应用 类型; 所述位图读取模块 72设置为获取与所述命令接收模块 71接收的标 签访问命令中的应用类型相对应的位图, 所述位图与标签的内存区域相关 联; 所述访问权限验证模块 73设置为根据所述位图读取模块 72获取到的 位图判断所述标签访问命令是否具有相应内存区域的访问权限, 若具有访 问权限则执行所述标签访问命令, 若不具有访问权限则停止执行所述标签 访问命令。  Figure 7 is a block diagram showing the construction of an embodiment of a Bitmap-based RFID tag access device of the present invention. As shown in FIG. 7, the Bitmap-based RFID tag access device of this embodiment includes a command receiving module 71, a bitmap reading module 72, and an access authority verifying module 73. The command receiving module 71 is configured to receive a tag access command, and the tag access command specifies an application type; the bitmap reading module 72 is configured to acquire a tag access command received by the command receiving module 71. a bit map corresponding to the application type, the bitmap being associated with a memory area of the tag; the access authority verification module 73 is configured to determine the tag access command according to the bitmap acquired by the bitmap reading module 72 Whether there is access permission of the corresponding memory area, if the access right is executed, the label access command is executed, and if there is no access right, the label access command is stopped.
可选地, 所述基于 Bitmap的 RFID标签访问设备还可以包括位图存储 模块 74, 所述位图存储模块 74设置为存储与应用类型相对应的位图, 所述 位图读取模块 72从所述位图存储模块 74中获取位图。 所述位图存储模块 74可以为加密文件。显然,所述位图存储模块 74也可以为独立的存储设备, 如 PSAM卡等。  Optionally, the Bitmap-based RFID tag access device may further include a bitmap storage module 74, the bitmap storage module 74 is configured to store a bitmap corresponding to the application type, and the bitmap reading module 72 A bitmap is obtained in the bitmap storage module 74. The bitmap storage module 74 can be an encrypted file. Obviously, the bitmap storage module 74 can also be a separate storage device, such as a PSAM card.
本实施例的基于 Bitmap的 RFID标签访问设备根据不同的业务应用设 同业务应用的标签访问命令时, 根据 Bitmap中规定的访问权限判断该标签 访问命令是否可以执行, 以实现不同业务应用仅能访问标签中规定的内存 区域, 避免了对业务应用范围以外的内存区域进行修改, 进而保证了标签 访问的安全性。  When the Bitmap-based RFID tag access device of the present embodiment sets the tag access command of the service application according to different service applications, it is determined whether the tag access command can be executed according to the access permission specified in the Bitmap, so that different service applications can only access. The memory area specified in the label avoids modification of the memory area outside the scope of the service application, thereby ensuring the security of the label access.
图 8为本发明基于 Bitmap的 RFID标签访问设备的另一实施例的结构 示意图。 本实施例的基于 Bitmap的 RFID标签访问设备为读写器, 如图 8 所示,其包括密钥写入模块 81、密钥读取模块 82、 PSAM认证模块 83、 Bitmap 读取模块 84、 Bitmap解密模块 85、 访问权限验证模块 86和命令接收模块 87。 其中, 所述密钥写入模块 81设置为将 PSAM卡密匙写入读写器的指定 位置, 一般写入读写器的 EEPROM中。 所述密钥读取模块 82设置为获取 所述 PSAM卡的密钥。 所述 PSAM认证模块 83设置为根据所述密钥读取 模块 82获取的密钥与 PSAM卡进行认证, 以获得访问所述 PSAM卡的权 限。 所述命令接收模块 87设置为接收标签访问命令, 所述标签访问命令中 指定了应用类型。 所述 Bitmap读取模块 84设置为当认证通过后, 从所述 PSAM卡中获取与所述命令接收模块 87接收的标签访问命令中的应用类型 相对应的位图, 所述位图与标签的内存区域相关联。 所述 Bitmap解密模块 85设置为对所述 Bitmap读取模块 84读取的 Bitmap进行解密。所述访问权 限验证模块 86设置为根据获取到的位图判断所述标签访问命令是否具有相 应内存区域的访问权限, 若具有访问权限则执行所述标签访问命令, 若不 具有访问权限则停止执行所述标签访问命令。 FIG. 8 is a structural diagram of another embodiment of a Bitmap-based RFID tag access device according to the present invention; Schematic. The Bitmap-based RFID tag access device of this embodiment is a reader/writer. As shown in FIG. 8, it includes a key write module 81, a key read module 82, a PSAM authentication module 83, a Bitmap read module 84, and a Bitmap. The decryption module 85, the access authority verification module 86, and the command receiving module 87. The key writing module 81 is configured to write the PSAM card key to a specified position of the reader/writer, and is generally written into the EEPROM of the reader/writer. The key reading module 82 is configured to acquire a key of the PSAM card. The PSAM authentication module 83 is configured to perform authentication according to the key acquired by the key reading module 82 and the PSAM card to obtain the right to access the PSAM card. The command receiving module 87 is configured to receive a tag access command, and an application type is specified in the tag access command. The Bitmap reading module 84 is configured to acquire, after the authentication is passed, a bitmap corresponding to an application type in the tag access command received by the command receiving module 87 from the PSAM card, where the bitmap and the label are The memory area is associated. The Bitmap decryption module 85 is arranged to decrypt the Bitmap read by the Bitmap read module 84. The access authority verification module 86 is configured to determine, according to the acquired bitmap, whether the label access command has the access authority of the corresponding memory area, and if the access authority has the access authority, execute the label access command, and stop executing if there is no access right. The tag access command.
本实施例的基于 Bitmap的 RFID标签访问设备根据不同的业务应用设 同业务应用的标签访问命令时, 根据 Bitmap中规定的访问权限判断该标签 访问命令是否可以执行, 以实现不同业务应用仅能访问标签中规定的内存 区域, 避免了对业务应用范围以外的内存区域进行修改, 进而保证了标签 访问的安全性。  When the Bitmap-based RFID tag access device of the present embodiment sets the tag access command of the service application according to different service applications, it is determined whether the tag access command can be executed according to the access permission specified in the Bitmap, so that different service applications can only access. The memory area specified in the label avoids modification of the memory area outside the scope of the service application, thereby ensuring the security of the label access.
本发明可以应用于移动车辆识别、 电子身份证、 仓储物流应用、 电子 闭锁防盗(电子遥控门锁控制器)等多种领域, 还可以应用于交通领域, 釆用记录了车辆信息的标签作为电子车牌, 完成车辆的不停车收费、 车辆 管理、 公安交警执法等功能, 在交通领域将车辆的基本信息记录在前述用 户内存区的基本信息区, 不停车收费、 车辆管理、 公安交警执法等业务应 用分布在标签中对应不同的内存区域,然后将装有不同 Bitmap的 PSAM的 读写器分配给不同的部分, 即可以完成对于标签的不同内存区域的限制访 问。 The invention can be applied to various fields such as mobile vehicle identification, electronic identification card, warehousing and logistics application, electronic lock-up anti-theft (electronic remote control door lock controller), and the like, and can also be applied to the transportation field, using the label recording the vehicle information as an electronic License plate, complete the vehicle's non-stop charging, vehicle management, public security traffic police enforcement, etc., record the basic information of the vehicle in the traffic field. The basic information area of the memory area of the user, the service applications such as non-stop charging, vehicle management, and public security traffic police enforcement are distributed in different memory areas in the tag, and then the readers of the PSAM with different Bitmaps are allocated to different parts, that is, Restricted access to different memory areas of the tag can be done.
以上所述仅为本发明的优选实施例, 并非因此限制本发明的专利范围, 凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换, 或直 接或间接应用在其他相关的技术领域, 均同理包括在本发明的专利保护范 围内。  The above is only the preferred embodiment of the present invention, and is not intended to limit the scope of the invention, and the equivalent structure or equivalent process transformations made by the description of the invention and the drawings are directly or indirectly applied to other related The technical field is equally included in the scope of patent protection of the present invention.

Claims

权利要求书 Claim
1. 一种射频识别标签访问方法, 包括:  A method for accessing a radio frequency identification tag, comprising:
接收标签访问命令, 所述标签访问命令中指定了应用类型;  Receiving a tag access command, where the application type is specified in the tag access command;
获取与所述标签访问命令中的应用类型相对应的位图, 所述位图与标 签的内存区域相关联;  Obtaining a bitmap corresponding to an application type in the tag access command, the bitmap being associated with a memory area of the tag;
根据获取到的位图判断所述标签访问命令是否具有相应内存区域的访 问权限, 若具有访问权限则执行所述标签访问命令, 若不具有访问权限则 停止执行所述标签访问命令。  Determining, according to the obtained bitmap, whether the tag access command has the access authority of the corresponding memory area, if the access right is performed, executing the tag access command, and stopping the execution of the tag access command if there is no access right.
2. 根据权利要求 1所述的射频识别标签访问方法, 其中, 在所述接收 标签访问命令的步骤之前, 还包括:  The radio frequency identification tag access method according to claim 1, wherein before the step of receiving the tag access command, the method further includes:
对应不同的应用类型分别设置位图并将其保存在存储介质中。  The bitmap is set separately for different application types and saved in the storage medium.
3. 根据权利要求 2所述的射频识别标签访问方法, 其中, 在所述对应 不同的应用类型分别设置位图的步骤之前, 还包括: 根据应用类型将所述 标签的内存划分为多个内存区域; 以及将所述位图与标签的内存区域相关 联。  The radio frequency identification tag access method according to claim 2, wherein before the step of respectively setting a bitmap for the different application types, the method further comprises: dividing the memory of the tag into a plurality of memories according to an application type a region; and associating the bitmap with a memory region of the tag.
4. 根据权利要求 3所述的射频识别标签访问方法, 其中, 所述将位图 与标签的内存区域相关联的步骤, 具体为: 按照位图的两个比特对应所述 内存区域的一个比特的映射方法将所述位图与标签的内存区域相关联。  The method for accessing a radio frequency identification tag according to claim 3, wherein the step of associating the bitmap with the memory area of the tag is specifically: corresponding to one bit of the memory area according to two bits of the bitmap The mapping method associates the bitmap with the memory area of the tag.
5. 根据权利要求 1所述的射频识别标签访问方法, 其中, 所述根据获 取到的位图判断标签访问命令是否具有相应内存区域的访问权限的步骤, 具体包括: 根据所述标签访问命令中的起始地址和长度, 以比特为单位一 次对每一比特的访问权限做比较, 如果所有比特都满足访问权限, 则继续 执行所述标签访问命令, 否则停止执行所述标签访问命令。  The method for accessing a radio frequency identification tag according to claim 1, wherein the step of determining, according to the acquired bitmap, whether the tag access command has the access authority of the corresponding memory area, specifically includes: according to the tag access command The starting address and length of the bit are compared in terms of bits. The access rights of each bit are compared once. If all the bits satisfy the access rights, the tag access command is continued, otherwise the tag access command is stopped.
6. 根据权利要求 2所述的射频识别标签访问方法, 其中,  6. The radio frequency identification tag access method according to claim 2, wherein
在所述将所述位图保存在存储介质中之前, 还包括: 对所述位图进行 加密; Before the storing the bitmap in the storage medium, the method further includes: performing the bitmap Encryption
则所述获取与所述标签访问命令中的应用类型相对应的位图的步骤具 体包括: 从所述存储介质中读取位图并对所述位图进行解密。  And the step of obtaining the bitmap corresponding to the application type in the tag access command comprises: reading the bitmap from the storage medium and decrypting the bitmap.
7. 根据权利要求 6所述的射频识别标签访问方法, 其中, 所述对位图 进行加密的步骤, 具体为:  The method for accessing a radio frequency identification tag according to claim 6, wherein the step of encrypting the bitmap is specifically:
釆用 3DES算法对所述位图进行加密。  The bitmap is encrypted using the 3DES algorithm.
8. 根据权利要求 2、 或 3至 7任一项所述的射频识别标签访问方法, 其中, 在所述获取与标签访问命令中的应用类型相对应的位图的步骤之前, 还包括:  The radio frequency identification tag access method according to any one of claims 2 to 3, wherein before the step of acquiring the bitmap corresponding to the application type in the tag access command, the method further includes:
与所述存储介质进行认证, 以获得访问所述存储介质的权限。  Authenticating with the storage medium to gain access to the storage medium.
9. 根据权利要求 8所述的射频识别标签访问方法, 其中, 所述与存储 介质进行认证, 以获得访问所述存储介质的权限的步骤, 具体为:  The radio frequency identification tag access method according to claim 8, wherein the step of performing authentication with the storage medium to obtain permission to access the storage medium is specifically:
加载密钥并通过所述密钥与所述存储介质进行认证, 以获得访问所述 存储介质的权限。  A key is loaded and authenticated with the storage medium by the key to gain access to the storage medium.
10. 一种射频识别标签访问设备, 包括:  10. A radio frequency identification tag access device, comprising:
命令接收模块, 设置为接收标签访问命令, 所述标签访问命令中指定 了应用类型;  The command receiving module is configured to receive a label access command, where the application type is specified in the label access command;
位图读取模块, 设置为获取与所述命令接收模块接收的标签访问命令 中的应用类型相对应的位图, 所述位图与标签的内存区域相关联;  a bitmap reading module configured to acquire a bitmap corresponding to an application type in a tag access command received by the command receiving module, the bitmap being associated with a memory area of the tag;
访问权限验证模块, 设置为根据获取到的位图判断所述标签访问命令 是否具有相应内存区域的访问权限, 若具有访问权限则执行所述标签访问 命令, 若不具有访问权限则停止执行所述标签访问命令。  The access authority verification module is configured to determine, according to the acquired bitmap, whether the label access command has the access authority of the corresponding memory area, execute the label access command if the access right is available, and stop executing if the access right is not available. Tag access command.
11. 根据权利要求 10所述的射频识别标签访问设备, 其中, 还包括: 位图存储模块, 设置为存储与应用类型相对应的位图。  11. The RFID tag access device of claim 10, further comprising: a bitmap storage module configured to store a bitmap corresponding to the application type.
12. 根据权利要求 10或 11所述的射频识别标签访问设备, 其中, 还包 括: The radio frequency identification tag access device according to claim 10 or 11, wherein Includes:
位图解密模块, 设置为对所述位图读取模块获取的位图进行解密。 The bitmap decryption module is configured to decrypt the bitmap acquired by the bitmap reading module.
13. 根据权利要求 12所述的射频识别标签访问设备, 其中, 还包括: 认证模块, 设置为与所述位图存储模块进行认证, 以获得访问所述位 图存储模块的权限。 13. The RFID tag access device of claim 12, further comprising: an authentication module configured to authenticate with the bitmap storage module to obtain access to the bitmap storage module.
14. 根据权利要求 13所述的射频识别标签访问设备, 其中, 所述位图 存储模块为 PSAM卡, 所述射频识别标签访问设备还包括密钥读取模块, 设置为获取所述 PSAM卡的密钥。  The radio frequency identification tag access device according to claim 13, wherein the bitmap storage module is a PSAM card, and the radio frequency identification tag access device further includes a key reading module configured to acquire the PSAM card. Key.
15. 根据权利要求 14所述的射频识别标签访问设备, 其中, 还包括: 密钥写入模块, 设置为将所述 PSAM卡密钥写入读写器的指定位置。  15. The RFID tag access device of claim 14, further comprising: a key writing module configured to write the PSAM card key to a designated location of the reader/writer.
PCT/CN2011/074647 2010-09-30 2011-05-25 Radio frequency identification tag access method and device WO2012041070A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 201010500186 CN101976362B (en) 2010-09-30 2010-09-30 Radio frequency identification tag access method based on bitmap and device
CN201010500186.9 2010-09-30

Publications (1)

Publication Number Publication Date
WO2012041070A1 true WO2012041070A1 (en) 2012-04-05

Family

ID=43576246

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/074647 WO2012041070A1 (en) 2010-09-30 2011-05-25 Radio frequency identification tag access method and device

Country Status (2)

Country Link
CN (1) CN101976362B (en)
WO (1) WO2012041070A1 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101976362B (en) * 2010-09-30 2013-07-03 中兴通讯股份有限公司 Radio frequency identification tag access method based on bitmap and device
CN102291241B (en) * 2011-09-15 2014-01-22 重庆市城投金卡信息产业股份有限公司 Encryption and decryption method and device for multi-data security module
CN106487744B (en) * 2015-08-25 2020-06-05 北京京东尚科信息技术有限公司 Shiro verification method based on Redis storage
CN113032768B (en) * 2021-03-31 2021-11-16 广州锦行网络科技有限公司 Authentication method, device, equipment and computer readable medium
CN113411395B (en) * 2021-06-18 2022-11-11 微民保险代理有限公司 Access request routing method, device, computer equipment and storage medium
CN117829173A (en) * 2022-09-29 2024-04-05 维沃移动通信有限公司 Indication method, first equipment and second equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719460A (en) * 2004-07-08 2006-01-11 富士通株式会社 Non-contact IC recording medium, recording medium managing program and recording medium managing method
CN101027699A (en) * 2004-08-13 2007-08-29 意大利电信股份公司 Method and system for safety managing data stored on electronic label
CN101976362A (en) * 2010-09-30 2011-02-16 中兴通讯股份有限公司 Radio frequency identification tag access method based on bitmap and device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1542688A (en) * 2003-11-06 2004-11-03 上海复旦微电子股份有限公司 A method for expanding memory structure and control permission of non-contact intelligent card memory
CN100545861C (en) * 2007-10-16 2009-09-30 上海华申智能卡应用系统有限公司 A kind of transmission method with the radio-frequency (RF) tag storage organization that transmits the control of encryption and access rights

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1719460A (en) * 2004-07-08 2006-01-11 富士通株式会社 Non-contact IC recording medium, recording medium managing program and recording medium managing method
CN101027699A (en) * 2004-08-13 2007-08-29 意大利电信股份公司 Method and system for safety managing data stored on electronic label
CN101976362A (en) * 2010-09-30 2011-02-16 中兴通讯股份有限公司 Radio frequency identification tag access method based on bitmap and device

Also Published As

Publication number Publication date
CN101976362B (en) 2013-07-03
CN101976362A (en) 2011-02-16

Similar Documents

Publication Publication Date Title
US10186127B1 (en) Exit-code-based RFID loss-prevention system
US8547202B2 (en) RFID tag and operating method thereof
JP5107934B2 (en) Communication control method, RFID device, and RFID system
US7946473B2 (en) Authentication information management system, authentication information management server, authentication information management method and program
US20090033464A1 (en) Transponder with access protection and method for access to the transponder
US20100277287A1 (en) Communication data protection method based on symmetric key encryption in rfid system, and apparatus for enabling the method
WO2012041070A1 (en) Radio frequency identification tag access method and device
US8115596B2 (en) Method and system for controlling distant equipment
CN113841355B (en) Apparatus and system for securely monitoring using a blockchain
JP4977543B2 (en) Control device, control system, control method, and control program
CN102289688B (en) Method and device for label processing and access
CN100545861C (en) A kind of transmission method with the radio-frequency (RF) tag storage organization that transmits the control of encryption and access rights
EP2893487B1 (en) Read/write device and transponder for exchanging data via an electromagnetic field
US10050788B2 (en) Method for reading an identification document in a contactless manner
CN103500349A (en) RFID (radio frequency identification) digital information read-write security control method and device, and reader-writer
CN106778939A (en) Electronic tag sensor-based system
CN102291241B (en) Encryption and decryption method and device for multi-data security module
JP2009128930A (en) Information processing apparatus, authentication method, program, and information processing system
CN113988103A (en) RFID identification method based on multiple tags
JP2011060136A (en) Portable electronic apparatus, and data management method in the same
KR20070059946A (en) Rfid tag device and method for operating the same
KR101053636B1 (en) Encryption/decryption method and system for rfid tag and reader using multi algorithm
JP4642596B2 (en) Information processing apparatus and method, and program
WO2012027895A1 (en) Method and device for transmitting data in passive ultra high frequency radio frequency identification (uhf rfid) system
CN102708393A (en) Transponder, method and reader for monitoring access to application data in the transponder

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11827966

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11827966

Country of ref document: EP

Kind code of ref document: A1