WO2015119043A1 - Système d'authentification - Google Patents

Système d'authentification Download PDF

Info

Publication number
WO2015119043A1
WO2015119043A1 PCT/JP2015/052576 JP2015052576W WO2015119043A1 WO 2015119043 A1 WO2015119043 A1 WO 2015119043A1 JP 2015052576 W JP2015052576 W JP 2015052576W WO 2015119043 A1 WO2015119043 A1 WO 2015119043A1
Authority
WO
WIPO (PCT)
Prior art keywords
side channel
rfid
secret key
data
received
Prior art date
Application number
PCT/JP2015/052576
Other languages
English (en)
Japanese (ja)
Inventor
一男 ▲崎▼山
陽 李
Original Assignee
国立大学法人電気通信大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国立大学法人電気通信大学 filed Critical 国立大学法人電気通信大学
Priority to JP2015560958A priority Critical patent/JP6348914B2/ja
Publication of WO2015119043A1 publication Critical patent/WO2015119043A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10009Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
    • G06K7/10257Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves arrangements for protecting the interrogation against piracy attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/79Radio fingerprint

Definitions

  • the present invention relates to an authentication system and an authentication method. More specifically, the present invention relates to a robust authentication system with improved resistance to relay attacks.
  • IC tags such as IC cards and RFID (Radio Frequency IDentification) that have ultra-small functions to be authenticated are widely used in the market.
  • These IC tags perform wireless communication with an authentication system having an authentication function. Then, the authentication system acquires individual information from the IC tag and confirms that the IC tag is authentic. Then, the authentication system proceeds to the next process. For example, if the IC tag is an IC card, the next processing in the authentication system is money deposit / withdrawal after confirming that the owner of the IC card is a genuine owner. For example, if the IC tag is RFID, the next processing in the authentication system is permission for distribution after confirming that the product to which the RFID is attached is a genuine product.
  • the relay attack is an attack method in which an attacker constructs a communication path that can relay communication between an authenticator and a person to be authenticated, and the attacker impersonates the person to be authenticated from a remote location. As a result, even if the attacker is physically separated from the authenticator, the authentication can be successful.
  • the object of the present invention is to provide a highly robust authentication system that solves such problems and prevents cracking due to relay attacks by adding simple hardware and software.
  • an authentication system of the present invention includes a device to be authenticated that includes a response value calculation unit that holds a secret key and calculates a response value using a challenge value and a secret key received from outside.
  • a main channel transmission / reception circuit that transmits a challenge value and a response value to the authentication device, and a side channel signal reception circuit that receives a physical change generated by the response value calculation unit in an arithmetic process as an analog side channel signal;
  • a verification processing unit that verifies the authenticity of the response value received from the main channel transmitting / receiving circuit and verifies the authenticity of the side channel signal received from the side channel signal receiving circuit.
  • FIG. 1 is a block diagram showing the overall configuration of an RFID system 101 according to the first embodiment of the present invention.
  • 2 is a block diagram illustrating a hardware configuration and software functions of an RFID reader / writer.
  • FIG. It is a block diagram which shows the software function of an authentication server, and a figure which shows the field structure of a RFID table. It is a time chart which shows the flow of authentication operation
  • an RFID system is disclosed.
  • One method of cracking in an authentication system is a side channel attack.
  • a side channel attack is the interception of electromagnetic waves generated by arithmetic processing executed by an IC tag such as an IC card or RFID for authentication operation, and guesses the arithmetic processing itself or data used for the arithmetic processing.
  • This is an attack method that analyzes the encryption key. That is, the IC tag emits an electromagnetic wave during the authentication process.
  • This electromagnetic wave is referred to as a side channel as the opposite of the main channel indicating a communication path provided for transmitting main information such as authentication processing.
  • the RFID system of the present embodiment actively intercepts this side channel signal from the RFID. Then, the intercepted side channel signal is analyzed to determine whether the authentication target is a genuine authentication target.
  • the side channel signal assumed by the RFID system can be normally received, it can be determined that the authentication target exists in the immediate vicinity of the RFID reader / writer. That is, it can be determined that the authentication process is not a false authentication process based on a relay attack.
  • the essence of the vulnerability in the relay attack is that the authentication system only verifies the authentication result (main channel), and does not verify that the appropriate person to be authenticated has performed the calculation.
  • the RFID system according to the present embodiment realizes “verification that an appropriate person to be authenticated performs a calculation” by receiving and analyzing a side channel signal issued by the person to be authenticated.
  • FIG. 1 is a block diagram showing the overall configuration of an RFID system 101 according to the first embodiment of the present invention.
  • the RFID system 101 includes an RFID 102 that is an authentication target device, an RFID reader / writer 103 that performs wireless communication with the RFID 102, and an authentication server 104 that processes and transmits information to and from the RFID 102 through the RFID reader / writer 103.
  • the authentication server 104 is a general computer.
  • a CPU 105, a ROM 106, a RAM 107, a non-volatile storage 108 such as an HDD, and a serial interface (hereinafter abbreviated as “serial I / F”) 109 such as a USB are connected to the bus 110.
  • serial I / F serial interface
  • the RFID reader / writer 103 is connected to the authentication server 104 through the serial I / F 109.
  • the display unit 111 and the operation unit 112 are also connected to the bus 110, but the display unit 111 and the operation unit 112 are not necessarily required.
  • the authentication server 104 performs wireless communication with the RFID 102 through the RFID reader / writer 103 and acquires ID information of the RFID 102.
  • the authentication result is output to another information processing apparatus or the like (not shown) together with the ID information of the RFID 102, or used for predetermined information processing by the authentication server 104 itself.
  • the RFID 102 includes an antenna coil L113, a capacitor C114, a modulation unit 115, a demodulation unit 116, a sequence control unit 117, a power supply circuit 118, a response value calculation unit 119, a clock circuit 120, a ROM 121, and a RAM 122.
  • the antenna coil L113 and the capacitor C114 are connected in parallel to constitute a resonance circuit having the same resonance frequency as the radio wave having the frequency transmitted and received by the RFID reader / writer 103.
  • the sequence control unit 117 controls the modulation unit 115 and the demodulation unit 116 to operate exclusively.
  • the power supply circuit 118 includes a rectifier circuit (not shown) and a charging capacitor, rectifies the current of the radio wave obtained from the antenna coil L113, and charges the charging capacitor to provide a power source for operating other circuit blocks. Supply.
  • the clock circuit 120 supplies a clock signal necessary for the operation of other circuit blocks while receiving power from the power supply circuit 118.
  • the response value calculation unit 119 performs a predetermined calculation process using the challenge value received from the authentication server 104 through the demodulation unit 116 and temporarily stored in the RAM 122, and the secret key stored in the ROM 121, and the calculation result The response value that is is output. The response value is returned to the authentication server 104 through the modulation unit 115.
  • the ROM 121 is a nonvolatile memory such as a flash memory or an EEPROM in which ID information for uniquely identifying the RFID 102 itself and data such as a secret key used for challenge response authentication are stored.
  • the RAM 122 is a well-known volatile memory such as SRAM. The RAM 122 is used for such purposes as temporarily storing a challenge value received from the authentication server 104 and used by the response value calculation unit 119 for calculation processing for challenge response authentication.
  • FIG. 2A is a block diagram showing a hardware configuration of the RFID reader / writer 103.
  • a CPU 201, a ROM 202, a RAM 203, and a serial I / F 204 are connected to a bus 205.
  • a modulation unit 206 and a demodulation unit 207 are connected to the bus 205.
  • a resonance circuit including an antenna coil L208 and a capacitor C209 is connected to the modulation unit 206 and the demodulation unit 207.
  • the antenna coil L208, the capacitor C209, the modulation unit 206, and the demodulation unit 207 constitute a main channel transmission / reception circuit 210.
  • a quantization processing unit 211 is connected to the bus 205.
  • a resonance circuit including an antenna coil L213 and a capacitor C214 is connected to the quantization processing unit 211 via an A / D converter 212.
  • the antenna coil L213, the capacitor C214, the A / D converter 212, and the quantization processing unit 211 constitute a side channel signal receiving circuit 215.
  • An analog side channel signal generated from the RFID 102 is received by a resonance circuit including an antenna coil L213 and a capacitor C214, and then digitized (PCM) by an A / D converter 212 to be converted into waveform data.
  • PCM digitized
  • the quantization processing unit 211 performs signal processing such as AM demodulation by arithmetic processing.
  • an analog circuit may be provided before the A / D converter 212.
  • AM demodulation is performed using a diode and a capacitor. In this case, reception side channel data is generated directly from the A / D converter 212.
  • FIG. 2B is a block diagram illustrating software functions of the RFID reader / writer 103.
  • the CPU 201, the ROM 202, the RAM 203, and the serial I / F 204 connected to the bus 205 in FIG. 2A provide a function as the control unit 216.
  • the control unit 216 is connected to the modulation unit 206 and the demodulation unit 207 of the main channel transmission / reception circuit 210 and the quantization processing unit 211 of the side channel signal reception circuit 215.
  • the control unit 216 controls the modulation unit 206 and the demodulation unit 207 to operate exclusively and performs communication with the authentication server 104.
  • the main channel transmission / reception circuit 210 of the RFID reader / writer 103 constitutes an interface with the RFID 102 for the authentication server 104.
  • the data transmitted by the authentication server 104 is transmitted to the RFID 102 through the RFID reader / writer 103 almost as it is.
  • the data transmitted by the RFID 102 is transmitted to the authentication server 104 through the RFID reader / writer 103 almost as it is.
  • the side channel signal receiving circuit 215 of the RFID reader / writer 103 digitizes the side channel signal received from the RFID 102 by the A / D converter 212 and performs the predetermined data processing by the quantization processing unit 211.
  • the side channel data is transmitted to the authentication server 104 in real time.
  • FIG. 3A is a block diagram illustrating software functions of the authentication server 104.
  • FIG. 3B is a diagram showing a field configuration of the RFID table 302.
  • the control unit 301 receives ID information, a response value, and reception side channel data from the RFID 102 through the RFID reader / writer 103, and transmits a challenge value to the RFID 102 through the RFID reader / writer 103. Further, the control unit 301 searches the RFID table 302 based on the ID information received from the RFID 102 and acquires a secret key corresponding to the ID information of the RFID 102.
  • the challenge value generation unit 303 includes a random number generator, and generates a challenge value to be transmitted to the RFID 102.
  • the response value calculation unit 304 calculates a response value using the secret key obtained by the control unit 301 searching the RFID table 302 and the challenge value generated by the challenge value generation unit 303.
  • the side channel data generation unit 305 generates side channel model data using the secret key obtained by the control unit 301 searching the RFID table 302 and the challenge value generated by the challenge value generation unit 303.
  • the side channel data generation unit 305 is a program function that imitates the response value calculation unit 119 of the RFID 102 and also imitates a change in current consumption that occurs in the calculation process executed by the response value calculation unit 119 by the calculation process. Then, as a result of the imitation calculation process, original waveform data that imitates a change in current consumption of the response value calculation unit 119 is generated.
  • the waveform data generated by the side channel data generation unit 305 is referred to as side channel model data.
  • the side channel memory 306 temporarily stores reception side channel data received from the RFID 102.
  • the matching processing unit 307 includes a main channel matching unit 308, a side channel matching unit 309, and a threshold 310.
  • the main channel matching unit 308 compares the response value received from the RFID 102 with the response value calculated by the response value calculation unit 304 and determines a match / mismatch.
  • the side channel verification unit 309 calculates a correlation coefficient between the received side channel data received from the RFID 102 and the side channel model data generated by the side channel data generation unit 305. Then, the correlation coefficient is compared with the threshold 310 to determine the level of coincidence of the received side channel data.
  • the RFID table 302 which can be called an authenticated device table, has an ID information field and a secret key field. ID information for uniquely identifying the RFID 102 is stored in the ID information field. A secret key corresponding to the ID information of the RFID 102 is stored in the secret key field. In the RFID table 302 in the first embodiment, one record is provided for one RFID 102.
  • FIG. 4 is a time chart showing a flow of authentication operation between the authentication server 104, the RFID reader / writer 103, and the RFID 102.
  • the RFID reader / writer 103 continues to transmit a query command until a query response is received from the RFID 102 (S401, S402).
  • the RFID 102 comes close to the RFID reader / writer 103, the RFID 102 receives a query command (S403) issued by the RFID reader / writer 103 and returns a query response to the RFID reader / writer 103 (S404).
  • the control unit 301 of the authentication server 104 transmits a command requesting the RFID 102 to transmit ID information (S405).
  • the RFID 102 receives the command for requesting transmission of the ID information
  • the RFID 102 returns the ID information through the RFID reader / writer 103 (S406).
  • the control unit 301 of the authentication server 104 activates the challenge value generation unit 303 to generate a challenge value (S407), and transmits the challenge value to the RFID 102 (S408). ).
  • the response value calculation unit 119 calculates a response value using the received challenge value and the secret key stored in the ROM (S409).
  • the authentication server 104 After transmitting the challenge value to the RFID 102 in step S408, the authentication server 104 immediately starts an operation of recording the received side channel data in the side channel memory 306 (S410).
  • the response value calculation unit 119 finishes calculating the response value in step S409, the RFID 102 returns this response value through the RFID reader / writer 103 (S411).
  • the control unit 301 of the authentication server 104 stops receiving the side channel signal (recording the received side channel data in the side channel memory 306), and the verification processing unit 307 verifies the authenticity of the RFID 102. Determination is made (S412).
  • FIG. 5 is a flowchart showing a flow of authentication operation in the authentication server 104 and the RFID reader / writer 103.
  • the RFID reader / writer 103 transmits a query command (S502), and checks whether a query response has been received (S503). If there is no query response (NO in S503), the RFID reader / writer 103 transmits a query command again (S502). That is, the RFID reader / writer 103 repeats transmission of a query command until a query response is received from the RFID 102 (YES in S503) (S401 and S402 in FIG. 4).
  • the control unit 301 passes this secret key to the response value calculation unit 304 together with the challenge value generated in step S506, and causes the response value calculation unit 304 to calculate a response value (S509). Further, the control unit 301 passes this secret key to the side channel data generation unit 305 together with the challenge value, and causes the side channel data generation unit 305 to generate side channel model data (S510).
  • control part 301 confirms whether the response value was returned from RFID102 (S511).
  • the control unit 301 stops recording the received side channel data in the side channel memory 306 (S512).
  • the control unit 301 activates the collation processing unit 307.
  • the main channel matching unit 308 of the matching processing unit 307 compares the response value received from the RFID 102 with the response value calculated by the response value calculation unit 304, and outputs a match / mismatch result.
  • the side channel verification unit 309 of the verification processing unit 307 calculates a correlation coefficient between the received side channel data received from the RFID 102 and recorded in the side channel memory 306 and the side channel model data created by the side channel data generation unit 305. calculate.
  • the series of processing ends (S514).
  • FIG. 6 is a block diagram illustrating the software function of the authentication server 104 illustrating the data flow.
  • the control unit 301 searches the RFID table 302 to obtain a secret key.
  • This secret key is supplied to the response value calculation unit 304 and the side channel data generation unit 305 together with the challenge value generated by the challenge value generation unit 303.
  • the challenge value is transmitted to the RFID 102.
  • the response value calculated by the response value calculation unit 304 is supplied to the main channel verification unit 308 together with the response value received from the RFID 102, and a match / mismatch is determined.
  • the correlation coefficient is calculated.
  • the correlation coefficient is compared with the threshold 310, and the degree of coincidence is determined.
  • the determination result output from the main channel verification unit 308 and the determination result output from the side channel verification unit 309 are logically AND (authentication determination result) output by the AND gate 601 in the verification processing unit 307 and output destinations of a predetermined host device or the like. Is output.
  • FIG. 7 is a waveform diagram showing an example of a side channel signal.
  • the vertical axis represents signal level (power), and the horizontal axis represents time.
  • the response value calculation unit 304 which is a main component of the RFID 102, is an integrated circuit, and the integrated circuit is an aggregate of CMOS gates. In the CMOS gate, a through current flows only when the logic state changes from true to false and from false to true. The sum total of the through currents is the consumption current of the response value calculation unit 304.
  • the response value calculation unit 304 is driven by a clock output from the clock circuit. As the arithmetic processing inside the response value calculation unit 304 proceeds with the clock, the number of CMOS gates whose logic state changes fluctuates.
  • the consumption current which is the sum of the through currents, fluctuates for each clock step. That is, the current consumption waveform changes. Due to such factors, the current consumption of the response value calculation unit 304 fluctuates for each clock. Therefore, when an AC component is extracted from the current consumption, an AC waveform as shown in FIG. 7 is formed.
  • the inventors examined the correlation between the side channel signal and the response value, and found that the waveform of the side channel signal has high uniqueness. That is, for the combination of the secret key and the challenge value, the side channel signal generated by these has high identification ability in principle.
  • the waveform of the side channel signal can be generated by calculation processing relatively easily by imitating the CMOS gate, which is a component of the response value calculation unit 304, by the program and calculating the current consumption generated by the calculation processing by the program. Is possible.
  • This calculation process is the side channel data generation unit 305. In order to obtain the similarity between analog waveforms by calculation, it is only necessary to convert them into digital data (numerical data string) and calculate the statistical similarity between the numerical data strings.
  • the simplest calculation method for calculating the similarity between numerical data strings is the calculation of a correlation coefficient. Since the correlation coefficient obtained by the calculation is a scalar value, it may be determined whether the similarity of the waveform is sufficiently high as compared with the predetermined threshold 310. This calculation processing is the side channel verification unit 309.
  • the RFID system 101 adds authenticity determination using a side channel signal in addition to challenge response authentication in the main channel, which is a conventional technique. Further, the authentication server 104 obtains not only the presence / absence of the side channel signal generated from the RFID 102 but also the similarity of the side channel signal by calculation processing, and includes this determination result in the authentication determination of the RFID 102. For this reason, even if a malicious third party succeeds in cracking the main channel, cracking of the side channel signal is almost impossible unless reverse engineering of the RFID 102 is performed. Therefore, the RFID system 101 according to the first embodiment realizes extremely high robustness and safety against cracking by a malicious third party.
  • FIG. 8A is a block diagram showing software functions of the authentication server 804 according to the second embodiment of the present invention.
  • FIG. 8B is a diagram showing a field configuration of the RFID table 802. The RFID system according to the second embodiment of the present invention is different only in the software function of the authentication server 104 of the first embodiment, and other components are the same. Therefore, since the components are the same up to FIG. 1, FIG. 2A and FIG. 2B, description thereof will be omitted.
  • the RFID table 802 includes an ID information field, a secret key field, a challenge value field, a response value field, a side channel model data field, and a used flag field.
  • the ID information field and the secret key field are the same as the field with the same name in the RFID table 302 of the first embodiment.
  • a challenge value is stored in the challenge value field.
  • the response value field stores a response value calculated from the secret key in the secret key field and the challenge value in the challenge value field.
  • the side channel model data field stores side channel model data generated from the secret key in the secret key field and the challenge value in the challenge value field.
  • the used flag field stores a flag indicating whether or not the record is used.
  • a plurality of records corresponding to the required number of uses is provided for one RFID 102. For example, if the RFID 102 is to be used 10 times, 10 records are provided. In these 10 records, the contents of the ID information field are the same, and the contents of the challenge value field, response value field, and side channel model data field are different. That is, challenge values are generated in advance for a finite number of times of use, and response values and side channel model data corresponding to the challenge values are generated and recorded in the RFID table 802. Then, a used flag in the used flag field is set in the record of the RFID table 802 that has been used after authentication.
  • the authentication server 804 includes a challenge value generation unit 303 and a response.
  • the value calculation unit 304 and the side channel data generation unit 305 are not necessary.
  • the difference between the authentication server 804 shown in FIG. 8A and the authentication server 104 in the first embodiment is that the challenge value generation unit 303, the response value calculation unit 304, and the side channel data generation unit 305 are omitted.
  • FIG. 8B the field configuration of the RFID table 802 is different.
  • FIG. 9 is a flowchart showing a flow of authentication operations in the authentication server 804 and the RFID reader / writer 103.
  • Steps S901, S902, S903, S904, and S905 are the same as steps S501, S502, S503, S504, and S505 described with reference to FIG.
  • step S905 when the ID information is received from the RFID 102 (YES in S905), the control unit 301 searches the RFID table 302 with the ID information, and the used flag field flag is not set, that is, an unused record. get. If there are a plurality of acquired records, one of the records is specified as a record to be used.
  • a response value, a challenge value, and side channel model data are acquired from the specified record (S906). Then, the challenge value acquired from the record specified in step S906 is transmitted to the RFID 102 (S907).
  • the control unit 301 immediately starts an operation of recording the received side channel data in the side channel memory 306 (S908). Then, the control unit 301 confirms whether or not a response value is returned from the RFID 102 (S909). When the response value is returned from the RFID 102 (YES in S909), the control unit 301 stops recording the received side channel data in the side channel memory 306 (S910). Then, the control unit 301 activates the collation processing unit 307.
  • the main channel matching unit 308 of the matching processing unit 307 compares the response value received from the RFID 102 with the response value acquired from the record identified in step S906, and outputs a match / mismatch result.
  • the side channel verification unit 309 of the verification processing unit 307 compares the received side channel data received from the RFID 102 and recorded in the side channel memory 306 with the response value acquired from the record identified in step S906, The correlation coefficient with the model data is calculated. Then, the calculated correlation coefficient is compared with the threshold 310 to determine the degree of coincidence between the received side channel data and the side channel model data.
  • the verification processing unit 307 outputs a logical product signal of the logical output of the main channel verification unit 308 and the logical output of the side channel verification unit 309 to an output destination such as a predetermined host device (S911). Then, the logical value of the used flag field of the record specified in step S906 is set to true. That is, a used flag is set (S912). In this way, a series of processing is completed (S913).
  • the authentication server 804 according to the second embodiment is different from the authentication server 104 according to the first embodiment in that the challenge value generation unit 303, the response value calculation unit 304, and the side channel data generation unit 305 are omitted. Yes.
  • the challenge value, response value, and side channel model data are obtained from the RFID table 302. Therefore, the challenge value is acquired from the RFID table 302 instead of the operation of starting the challenge value generation unit 303 and generating the challenge value in step S506 of FIG. 5 (steps S906 and S907). For this reason, before sending the challenge value (S907), it is necessary to search the RFID table 302 with the ID information and specify the record (S906). Further, after the authentication is completed, it is necessary to set a flag on the used record (S912).
  • the RFID system according to the second embodiment realizes extremely high robustness and safety against cracking by a malicious third party, like the RFID system 101 of the first embodiment, although the number of authentications is limited.
  • the difference between the first embodiment and the second embodiment is whether the challenge value, the response value, and the side channel model data are dynamically generated or statically held in the RFID table 302 and used.
  • step S407 of FIG. 4 describes “challenge value generation or acquisition”
  • “challenge value generation” indicates an operation of dynamically generating a challenge value by the challenge value generation unit 303 of the first embodiment.
  • “Challenge value acquisition” indicates an operation of statically acquiring a challenge value from the challenge value field of the RFID table 802 of the second embodiment.
  • the side channel signal has high uniqueness. If the characteristics of the side channel signal are used more actively, not only the role of the challenge response authentication of the main channel but also the identification and authentication of the device to be authenticated and authentication can be realized by the side channel alone. It was judged. Thus, an embodiment in which authentication is performed using only the side channel signal will be described.
  • FIG. 10 is a block diagram showing the overall configuration of an RFID system 1001 according to the third embodiment of the present invention.
  • the RFID 1002 used in the RFID system 1001 according to the third embodiment of the present invention does not include the modulation unit 115 and the sequence control unit 117.
  • the ROM 1021 stores a secret key but does not store ID information.
  • the RFID system 1001 according to the third embodiment of the present invention uses, instead of the RFID reader / writer 103 of the first embodiment, an RFID reader / writer 1003 that does not have a demodulator that reads the main channel from the RFID 1002.
  • the response value calculation unit 304 calculates the response value, but there is no modulation unit for transmitting the calculated response value on the main channel.
  • the response value is not transmitted on the main channel. Even if the RFID reader / writer 1003 transmits a response value, the RFID reader / writer 1003 does not receive a response value from the RFID 1002 on the main channel because there is no demodulator for receiving the response value. Further, since the RFID 1002 does not have a function of transmitting information to the RFID reader / writer 1003 through the main channel, the ID information cannot be transmitted. Accordingly, no ID information is stored in the ROM 1021.
  • FIG. 11A is a block diagram showing a hardware configuration of the RFID reader / writer 1003 according to the third embodiment of the present invention.
  • FIG. 11B is a block diagram showing software functions of the RFID reader / writer 1003 according to the third embodiment of the present invention.
  • the RFID reader / writer 1003 used in the RFID system 1001 according to the third embodiment of the present invention does not have the demodulation unit 207. Therefore, a main channel transmission circuit 1110 having only a transmission function for the main channel is provided instead of the main channel transmission / reception circuit 210 of the first embodiment.
  • FIG. 12A is a block diagram illustrating software functions of the authentication server 1004.
  • FIG. 12B is a diagram showing a field configuration of the RFID table 302.
  • the difference between the authentication server 1004 shown in FIG. 12A and the authentication server 104 of the first embodiment is that the verification processing unit 1207 does not include the main channel verification unit 308 and that the timer 1204 and the side channel model table 1202 are different. It is a point provided.
  • the timer 1204 measures a time sufficient for the RFID 1002 to calculate the response value.
  • the authentication server 104 of the first embodiment can clearly recognize that the RFID 102 has finished calculating the response value by receiving the response value.
  • the authentication server 1004 does not receive the main channel, and thus cannot clearly recognize that the RFID 1002 has finished calculating the response value. Therefore, the timer 1204 is used to obtain the timing for ending the reception of the side channel signal.
  • the RFID table 302 shown in FIG. 12B has the same field configuration as the RFID table 302 of the first embodiment.
  • the side channel model table 1202 has an ID information field, a side channel model data field, and a valid flag field.
  • the ID information field is the same as the field with the same name in the RFID table 302. Therefore, the side channel model table 1202 is linked to the RFID table 302 by the ID information field.
  • the side channel model data generated by the side channel data generation unit 305 is stored in the side channel model data field.
  • In the valid flag field a flag indicating whether or not the correlation coefficient between the side channel model data related to the record and the received side channel data stored in the side channel memory 306 exceeds the threshold 310 is stored.
  • FIG. 13 is a time chart showing the flow of authentication operation between the authentication server 1004, the RFID reader / writer 1003, and the RFID 1002.
  • the RFID reader / writer 1003 continues to transmit a query command until receiving a side channel signal corresponding to the query response from the RFID 1002 (S1301, S1302).
  • the RFID 1002 receives a query command (S403) issued by the RFID reader / writer 1003 and performs a process for returning a query response to the RFID reader / writer 1003 (S1304).
  • the RFID reader / writer 1003 issues a side channel signal in response to the query response return process.
  • the control unit 301 of the authentication server 1004 recognizes that the RFID 1002 exists in the vicinity of the RFID reader / writer 1003 by receiving a side channel signal corresponding to the query response from the RFID 1002 (S1305).
  • control unit 301 of the authentication server 1004 When the control unit 301 of the authentication server 1004 recognizes that the side channel signal corresponding to the query response has been received from the RFID 1002, it activates the challenge value generation unit 303 to generate a challenge value, and transmits the challenge value to the RFID 1002. To do. At this time, the timer 1204 is started (S1306). When the RFID 1002 receives this challenge value, the response value calculation unit 119 calculates a response value using the received challenge value and the secret key stored in the ROM (S1307).
  • the authentication server 1004 starts the operation of recording the received side channel data in the side channel memory 306 immediately after transmitting the challenge value to the RFID 1002 in step S1307. Further, based on the challenge value generated in step S1307, the side channel model data is calculated and recorded for the record in which the valid flag is set in the side channel model table 1202 (S1308).
  • the control unit 301 stops the timer 1204 and stops recording the received side channel data in the side channel memory 306.
  • the matching processing unit 1207 calculates a correlation coefficient between the side channel model data and the reception side channel data of the record for which the valid flag is set in the side channel model table 1202, and compares the correlation coefficient with the threshold 310.
  • step S1306 to step S1310 can hardly specify one record with a valid flag field of the side channel model table 1202 as one. Therefore, the processing from step S1306 to step S1309 is repeated (S1310 to S1313), the record of the side channel model table 1202 is finally specified, and the ID information and the result of the authentication determination are output to a predetermined host device (S1314). ).
  • FIG. 14 is a flowchart showing a flow of authentication operations in the authentication server 1004 and the RFID reader / writer 1003.
  • the RFID reader / writer 1003 transmits a query command (S1402).
  • the authentication server 1004 receives the side channel signal and confirms whether or not the side channel signal corresponding to the query response has been received (S1403). If the side channel signal corresponding to the query response cannot be received (NO in S1403), the authentication server 1004 causes the RFID reader / writer 1003 to transmit a query command again (S1402). That is, the authentication server 1004 and the RFID reader / writer 1003 repeat the transmission of the query command until the side channel signal corresponding to the query response can be received from the RFID 1002 (YES in S1403) (S1301 and S1302 in FIG. 13).
  • the control unit 301 monitors the timer 1204 to confirm whether or not the specified time has elapsed (S1408).
  • the control unit 301 stops the timer 1204 (S1409), and stops recording the received side channel data in the side channel memory 306 (S1410).
  • the control unit 301 activates the collation processing unit 1207.
  • the side channel matching unit 309 of the matching processing unit 1207 calculates the correlation coefficient between the side channel model data and the received side channel data of the record for which the valid flag is set in the side channel model table 1202, and compares it with the threshold 310. .
  • the flag in the valid flag field of the record that does not exceed the threshold 310 in the side channel model table 1202 is lowered (S1411).
  • the control unit 301 checks whether or not there are more than 1 records in the side channel model table 1202 in which the valid flag field is true (S1412). If there are two or more records in which the valid flag field is true (YES in S1412), the processing is repeated from the side step S1405. In this way, the processing from step S1405 to step S1412 is repeated until there is one record in the side channel model table 1202 where the valid flag field is true.
  • step S1405 to step S1412 there are only one case where the valid flag field of the side channel model table 1202 is true and there is no record at all.
  • the record is an RFID 1002 record, and that the RFID 1002 that has received the side channel signal is an authentic RFID. If there is no record in which the valid flag field of the side channel model table 1202 is true, it can be seen that the RFID 1002 that has received the side channel signal is not a genuine RFID.
  • the control unit 301 outputs the determination result to a predetermined host device (S1413), and ends a series of processing (S1414).
  • the side channel signal is an analog signal.
  • this analog signal is a signal waveform resulting from the time transition of power consumption generated by the calculation process of the response value calculation unit 304, and if the response value calculated by the response value calculation unit 304 has uniqueness, Channel signals are also inherently unique.
  • the matching processing unit 1207 calculates all correlation coefficients between the received side channel data and the side channel model data for all the records in the RFID table 302 and compares the correlation coefficient with the threshold 310. Since a correlation coefficient between analog signal waveforms is calculated, it is difficult to specify a record at one time. Therefore, this round robin and narrowing down are repeated several times to specify only one record in the RFID table 302. That is, the identification and authentication of the RFID 1002 can be performed in this way using only the side channel signal.
  • the RFID 1002 is specified and authenticated only by the side channel signal. As a premise of this, it is necessary to recognize that the RFID 1002 is close to the RFID reader / writer 1003, that is, a trigger to record the received side channel data in the side channel memory 306. In order to recognize that the RFID 1002 is close to the RFID reader / writer 1003 only by the side channel signal, a query command is used in the third embodiment.
  • the RFID reader / writer 1003 issues a query command, and the RFID reader / writer 1003 receives a side channel signal generated from the response value calculation unit 304 of the RFID 1002 in accordance with the query response calculation process, and the RFID 1002 is in proximity to the RFID reader / writer 1003 Recognized.
  • a challenge value itself for obtaining the side channel signal may be used in addition to the query command.
  • FIG. 15 is a time chart showing the flow of authentication operation between the authentication server 1004 and the RFID reader / writer 1003 and the RFID 1002 in the RFID system according to the fourth embodiment of the present invention.
  • a block diagram FIGS. 10, 11A showing a hardware configuration
  • a block diagram FIG. Since it is the same as the system, explanation with illustration is omitted.
  • the difference between the RFID system of the fourth embodiment and the RFID system 1001 of the third embodiment is that the method for recognizing that the RFID 1002 is close to the RFID reader / writer 1003 is different.
  • a query command is transmitted from the RFID reader / writer 1003 to recognize that the RFID 1002 has approached the RFID reader / writer 1003.
  • the RFID reader / writer 1003 transmits the challenge value from the RFID reader / writer 1003 instead of the query command, and verifies whether or not a valid side channel signal has been received. It is a point that recognizes the proximity. That is, the main channel data transmitted from the RFID reader / writer 1003 is only the challenge value.
  • the difference between the time chart shown in FIG. 15 and the time chart of the third embodiment shown in FIG. 13 is that a query command is transmitted in the third embodiment (S1301, S1302), whereas the fourth embodiment is different from the time chart shown in FIG. Then, the challenge value is transmitted.
  • the control unit 301 of the authentication server 1004 activates the challenge value generation unit 303 to generate a challenge value, transmits the challenge value through the RFID reader / writer 1003, and activates the timer 1204 (S1501).
  • the control unit 301 immediately starts an operation of recording the received side channel data in the side channel memory 306.
  • step S1502 side channel model data is calculated and recorded for the record in which the valid flag is set in the side channel model table 1202 (S1502). Then, the control unit 301 monitors the timer 1204 to check whether or not a specified time has elapsed. When the specified time has elapsed, the control unit 301 stops the timer 1204 and stops recording the received side channel data in the side channel memory 306 (S1503). At this time, if valid reception side channel data is not recorded in the side channel memory 306, the control unit 301 determines that the RFID 1002 is not in proximity to the RFID reader / writer 1003. Therefore, the processing is repeated from the generation of the challenge location again (S1504, S1505, S1506). The processing from step S1507 to S1515 is the same as the processing from step S1306 to S1314 in FIG.
  • FIG. 16 is a flowchart showing a flow of authentication operations in the authentication server 1004 and the RFID reader / writer 1003.
  • the flowchart shown in FIG. 16 differs from the flowchart of the third embodiment shown in FIG. 14 in that the third embodiment transmits a query command (S1402) and confirms reception of a side channel signal corresponding to the query response. (S1403), but this processing has been eliminated. Instead, after the recording of the reception side channel data in the side channel memory 306 is stopped (S1608), it is confirmed whether or not valid reception side channel data is recorded in the side channel memory 306 (S1609). Have been added. Steps S1602 to S1608 are the same as steps S1404 to S1410 in FIG. 14, and steps S1610 to S1613 are the same as steps S1411 to S1414 in FIG.
  • the RFID 1002 can be specified and authenticated only by the side channel signal.
  • a high computing capability is required for the authentication server.
  • the RFID table 302 is about several hundred thousand records, the calculation of the side channel model data for all records and the calculation of the correlation coefficient by brute force are performed on a commercially available personal computer. It was completed in about 1 second. Therefore, the RFID system according to the third embodiment and the fourth embodiment can be sufficiently realized by reinforcing the computing capability by the current cloud technology.
  • the method of emitting a side channel signal is not limited to electromagnetic waves. It is only necessary that the waveform of the current flowing through the response value calculation unit 304 can be transmitted in an analog manner.
  • the current flowing through the response value calculation unit 304 is detected and amplified by an operational amplifier or the like, and the obtained analog signal is converted into multi-color modulation such as intensity of light or color map, such as an LED or a liquid crystal display.
  • Light is emitted from the illuminant.
  • the side channel signal may be obtained by photographing the light emitted from the light emitter with a digital camera or the like. In the case of a contact type IC card having electrodes, the current can be easily detected from the power supply line.
  • a precise side channel signal can be detected by directly detecting a change in current.
  • the first calculation process includes setting the sampling frequency of the A / D converter 212 of the RFID reader / writer 1003 to a low one, reducing the number of sample bits of the A / D converter 212, and the like.
  • the time required for the arithmetic processing can be shortened.
  • the data amount of the received side channel data is reduced, it is necessary to apply the same treatment to the side channel model data.
  • the authentication server 104 of the first embodiment and the side channel data generation unit 305 in the authentication server 1004 of the third and fourth embodiments generate side channel data by simulation calculation using software.
  • the side channel data may be generated using hardware instead of simulation calculation. That is, the response value calculation unit 119 itself mounted on the actual RFID 102 is provided in the authentication server, current consumption of the response value calculation unit 119 is detected, A / D converted, and a predetermined value such as the quantization processing unit 211
  • the side channel model data is obtained through the filtering process.
  • the timing for ending the reception of the side channel signal is obtained using the timer 1204. Instead of this timer, it is also possible to confirm the start and end of reception of the side channel signal from the waveform pattern of the reception side channel data. If the waveform pattern recognition process is used, the timer 1204 becomes unnecessary.
  • the RFID system 101 receives the side channel signal emitted by the RFID 102 in order to confirm that the RFID 102 exists in the immediate vicinity of the RFID reader / writer 103. Then, the correlation coefficient between the received side channel data obtained by converting the side channel signal into a digital value and the side channel model data created by the arithmetic processing is taken and compared with the threshold 310. If the correlation coefficient is greater than or equal to the threshold value 310, it can be seen that the RFID 102 is a genuine RFID that exists in the immediate vicinity of the RFID reader / writer 103, so that cracking due to a relay attack can be prevented in advance.
  • the RFID system 1001 receives a side channel signal generated by the RFID 1002 in order to confirm that the RFID 1002 exists in the immediate vicinity of the RFID reader / writer 1003. Then, the correlation coefficient between the received side channel data obtained by converting the side channel signal into a digital value and the side channel model data for all records in the RFID table 302 is taken and compared with the threshold 310 in the round robin. By repeating this process, the record of the RFID table 302 is specified. Identification and authentication of the RFID 1002 are possible only with the side channel signal.
  • Each of the above-described configurations, functions, processing units, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit. Further, each of the above-described configurations, functions, and the like may be realized by software for interpreting and executing a program that realizes each function by the processor. Information such as programs, tables, and files for realizing each function is stored in a memory, a hard disk, a volatile or non-volatile storage such as an SSD (Solid State Drive), or a recording medium such as an IC card or an optical disk. be able to.
  • the control lines and information lines are those that are considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. Actually, it may be considered that almost all the components are connected to each other.
  • demodulator 210 ... main channel transmission / reception circuit, 211 ... quantization processor, 212 ... A / D converter, 215 ... side channel Signal receiving circuit, 216 ... control unit, 301 ... control unit, 302 ... RFID table , 303 ... Challenge value generation unit, 304 ... Response value calculation unit, 305 ... Side channel data generation unit, 306 ... Side channel memory, 307 ... Verification processing unit, 308 ... Main channel verification unit, 309 ... Side channel verification unit, 310 Threshold value 601 AND gate 802 RFID table 804 Authentication server 1001 RFID system 1002 RFID 1003 RFID reader / writer 1004 Authentication server 1021 ROM 1110 Main channel transmission circuit 1202 ... Side channel model table, 1204 ... Timer, 1207 ... Verification processing unit

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Toxicology (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Electromagnetism (AREA)
  • General Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention a pour objet de confirmer qu'une identification par radiofréquence (RFID) est présente à proximité d'un dispositif de lecture/écriture de RFID par la réception d'un canal latéral émis par la RFID et le calcul d'un coefficient de corrélation. Si le coefficient de corrélation est égal ou supérieur à un seuil prescrit, la RFID est déterminée comme étant une RFID authentique qui est effectivement présente à proximité du dispositif de lecture/écriture de RFID ; par conséquent, une craquelure peut être prévenue au moyen d'une attaque à relais.
PCT/JP2015/052576 2014-02-06 2015-01-29 Système d'authentification WO2015119043A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2015560958A JP6348914B2 (ja) 2014-02-06 2015-01-29 認証システム

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2014-020957 2014-02-06
JP2014020957 2014-02-06

Publications (1)

Publication Number Publication Date
WO2015119043A1 true WO2015119043A1 (fr) 2015-08-13

Family

ID=53777850

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2015/052576 WO2015119043A1 (fr) 2014-02-06 2015-01-29 Système d'authentification

Country Status (2)

Country Link
JP (1) JP6348914B2 (fr)
WO (1) WO2015119043A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017188855A (ja) * 2016-04-08 2017-10-12 キヤノン株式会社 検証装置及び被検証装置
JP2022528815A (ja) * 2019-04-16 2022-06-16 ホアウェイ・テクノロジーズ・カンパニー・リミテッド ユーザデバイスと車両との接続を認証するためのシステムおよび方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008204248A (ja) * 2007-02-21 2008-09-04 Nomura Research Institute Ltd 決済システムおよび決済方法
JP2009302848A (ja) * 2008-06-12 2009-12-24 Tokai Rika Co Ltd 暗号通信システム及び暗号鍵更新方法
JP2010152706A (ja) * 2008-12-25 2010-07-08 Fujitsu Ltd 生体認証装置
JP2010226603A (ja) * 2009-03-25 2010-10-07 Sony Corp 集積回路、暗号通信装置、暗号通信システム、情報処理方法、及び暗号通信方法
JP2011198317A (ja) * 2010-03-24 2011-10-06 National Institute Of Advanced Industrial Science & Technology 認証処理方法及び装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008204248A (ja) * 2007-02-21 2008-09-04 Nomura Research Institute Ltd 決済システムおよび決済方法
JP2009302848A (ja) * 2008-06-12 2009-12-24 Tokai Rika Co Ltd 暗号通信システム及び暗号鍵更新方法
JP2010152706A (ja) * 2008-12-25 2010-07-08 Fujitsu Ltd 生体認証装置
JP2010226603A (ja) * 2009-03-25 2010-10-07 Sony Corp 集積回路、暗号通信装置、暗号通信システム、情報処理方法、及び暗号通信方法
JP2011198317A (ja) * 2010-03-24 2011-10-06 National Institute Of Advanced Industrial Science & Technology 認証処理方法及び装置

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017188855A (ja) * 2016-04-08 2017-10-12 キヤノン株式会社 検証装置及び被検証装置
JP2022528815A (ja) * 2019-04-16 2022-06-16 ホアウェイ・テクノロジーズ・カンパニー・リミテッド ユーザデバイスと車両との接続を認証するためのシステムおよび方法
JP7192122B2 (ja) 2019-04-16 2022-12-19 ホアウェイ・テクノロジーズ・カンパニー・リミテッド ユーザデバイスと車両との接続を認証するためのシステムおよび方法

Also Published As

Publication number Publication date
JPWO2015119043A1 (ja) 2017-03-23
JP6348914B2 (ja) 2018-07-04

Similar Documents

Publication Publication Date Title
US10177816B2 (en) Devices and methods for identification, authentication and signing purposes
US10735391B2 (en) Instruction information transmission and reception methods and devices thereof
US10600298B1 (en) Exit-code-based RFID loss-prevention system
RU2016146744A (ru) Системы и способы замены или удаления секретной информации из данных
RU2007119574A (ru) Система и способ проведения транзакций
US10878651B2 (en) Systems and methods for secure read-only authentication
US10049317B1 (en) RFID tags with public and private inventory states
US20180375661A1 (en) Device
CN105913106A (zh) 一种指纹加密eid金融卡及实现方法
JP6348914B2 (ja) 認証システム
RU182969U1 (ru) Считыватель криптографических меток
CN104579673B (zh) Rfid卡与读卡器之间的交互认证方法
CN110276423A (zh) 一种高加密的用于芯片指纹的rfid认证系统
CN106779672A (zh) 移动终端安全支付的方法及装置
KR102010764B1 (ko) 스마트폰 인증 기능을 이용한 컴퓨터 보안 시스템 및 방법
CN203490738U (zh) 基于rfid的紫砂壶防伪识别系统
EP3361419A1 (fr) Code barres infalsifiable, système et méthode pour générer et authentifier les autorisations sur la base du dit code
Silberschneider et al. Access without permission: a practical RFID relay attack
Kasper Security analysis of pervasive wireless devices: Physical and protocol attacks in practice
CN107292608A (zh) 一种指纹加密的eID移动交易装置
CN107680218B (zh) 基于多生物特征识别与瞬时证照技术的安检方法及系统
Krumnikl et al. EM410x RFID cloned card detection system
Celiano Overclocking proximity checks in contactless smartcards
KR102284170B1 (ko) 우대용 앱 카드 관리 시스템 및 방법
JP5432004B2 (ja) 認証情報入力装置および認証情報入力方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15746397

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
ENP Entry into the national phase

Ref document number: 2015560958

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15746397

Country of ref document: EP

Kind code of ref document: A1