KR100848791B1 - Tag data recording and acquisition method that enables security verification, tag data recording and acquisition device - Google Patents

Abstract

A tag data recording and acquisition method capable of security verification and a tag data recording and acquisition device are disclosed. The tag data recording method capable of security verification includes the steps of transmitting, by a service server unit, tag data to be recorded to a tag unit, the tag unit receiving the tag data and generating a first encryption key to generate the received tag data. Generating first encrypted data by encrypting information including the first encryption key and storing the first encrypted data and the first encryption key, wherein the first encryption key is accessed from the outside. Storing it in a hidden area so that it is impossible to do so. That is, during tag data recording, the tag data stored in the tag is encrypted using an encryption key hidden in the tag. When acquiring the tag data, the encrypted tag data is used for security verification in various forms. Therefore, it is possible to prevent the forgery and to greatly improve the security and reliability of the tag by blocking the possibility of external leakage of the encryption key at the source.

Description

Tag Data Recording and Obtaining Method Which Security Verification are Capable, Tag Data Recording and Obtaining Apparatus}

The present invention relates to a tag data recording and acquiring method capable of security verification, a tag data recording and acquiring device, and more particularly, to encrypts tag data stored in a tag through an encryption key hidden in the tag and acquires tag data. In the city, the encrypted tag data is used for security verification in various forms to prevent tampering by fundamentally blocking the possibility of leaking the encryption key, and to tag data recording and acquisition technology that can greatly improve the security and reliability of the tag. It is about.

In general, RFID (Radio Frequency Identification) technology refers to a radio recognition technology that can attach an electronic tag storing specific information to an article, and obtain the information of the article using the attached electronic tag. RFID technology can be seen as an area of Automatic Data Collection technology in that it collects and records information of items through radio frequency and makes available the necessary information.

An electronic tag used as an identification medium in an RFID system is a non-contact recognition medium that is composed of a micro IC chip and an antenna and obtains information on an article without direct contact. Therefore, RFID has a higher information recognition rate than a conventional barcode or magnetic card that acquires information through contact, and can recognize a plurality of tag information at the same time. It is not only easy to connect with other communication networks but also has high expandability. It has various advantages and is spotlighted as a core technology for building a ubiquitous environment.

The RFID system basically includes an RFID transponder that stores and provides information, and an RFID reader that reads and decodes information from the RFID transponder. In this case, the RFID transponder is referred to as an RFID tag as the aforementioned electronic tag. Although there are various types of RFID tags according to their purpose, size, and function, the RFID tag is generally classified into an active type that requires a separate driving power source and a passive type that outputs signals in a mutual induction method without a driving power source. Among them, the passive RFID tag has a wide range of applications due to the low cost and simple configuration compared to the active RFID tag.

The RFID tag stores unique information of an article that can recognize the article to which the RFID tag is attached, such as a unique ID, an article history, a production history, and the like, and its operating frequency is usually 860 MHz to 960 MHz. The RFID tag detects a radio signal within an operating frequency band from the RFID reader and transmits the unique information of the stored article to the RFID reader. Accordingly, the RFID reader can acquire the unique information of the article stored in the RFID tag. The unique information of the article acquired by the RFID reader can be variously used in distribution, management, positioning, remote processing, information exchange, etc. according to the purpose of the system.

However, since the RFID system transmits the information through wireless communication, if the information is not encrypted at the time of communication between the RFID reader and the RFID tag, there is a possibility that the communication content is exposed as it is and the information is leaked or copied and forged.

In fact, in the case of the 900MHz passive RFID system, since the signal transmitted from the RFID reader can be measured at a distance of 100M or more, a specific person with unintended intention uses the RFID reader to illegally acquire the contents of the RFID tag, and then duplicates or forges the tag. There may be a possibility of causing a privacy problem by exploiting this, or performing illegal location tracking through the acquired tag information.

Therefore, the RFID system should be equipped with an information protection function to protect the information stored in the RFID tag from illegal leakage, copying and forgery. In general, the information protection function of the RFID system may be classified into a physical method and a method using encryption.

The physical method may include a kill command method for deactivating a tag using a kill command, a faraday cage method for blocking a tag with a metallic thin film and preventing transmission of a wireless signal, and an illegal RFID reader by transmitting a strong disturbance signal. There is a jamming method that blocks access. However, these physical methods have low efficiency and reliability, are likely to degrade the quality of service, and there are some unrealistic problems to apply to a real system.

Encryption is a method of encrypting information of an RFID tag in order to provide services such as confidentiality and authentication of communication, and is considered to be a more realistic and efficient method than a physical method. Therefore, the conventional RFID system uses an algorithm that encrypts information using an encryption key (for example, a password) and stores the encryption key in a server or an RFID reader.

However, in the conventional case, when the stored encryption key is decrypted once or leaked due to intentional leakage, the encryption itself is likely to be useless, and thus the security of information is not completely guaranteed. For example, there is a rumor that the company is developing another chip because the tag encryption key value of Sony's FELICA (13.56 Class-C), which is currently used as an e-MONEY card in Japan, is released. There is a tendency to use smart cards, but it has also been proved by German mothers that they can be decrypted in just four days.

As such, the method of encrypting through a fixed encryption key and storing it in a server or a reader can be a very dangerous method in terms of reliability for security of the RFID system. Leaks as well as the infrastructure that has been built can be useless all over the world, potentially damaging.

The problem to be solved by the present invention is to encrypt the item information stored in the tag, that is, tag data through the encryption key hidden in the tag, and to use the encrypted tag data for security verification, to block the possibility of outside leakage of the encryption key The present invention provides a tag data recording method and apparatus, a tag data acquisition method and apparatus, and a tag data recording and acquisition method which can greatly improve security and reliability.

In order to solve this problem, the present invention provides a tag data recording method capable of security verification in one aspect. The tag data recording method includes: transmitting, by a service server unit, tag data to be recorded in a tag unit to a tag unit; Receiving, by the tag unit, the tag data, generating a first encryption key, and encrypting information including the received tag data by using the first encryption key to generate first encrypted data; And storing the first encrypted data and the first encryption key by the tag unit in a hidden area such that the first encryption key is not accessible from the outside.

The tag data recording method may include: transmitting, by the tag unit, the first encrypted data to the service server unit, receiving, by the service server unit, the first encrypted data, generating a security verification code, and the service server unit The method may further include writing the generated security verification code to the tag unit. The tag data recording method may further include the service server unit receiving the tag data from a user terminal.

The security verification code may be any one of a two-dimensional bar code and an ASCII code. In this case, the service server unit may print the security verification code on the outer surface of the tag unit.

The generating of the first encrypted data may include: receiving the tag data by the tag unit, generating the first encryption key, generating a serial number uniquely assigned to the tag unit, and And encrypting tag data and the serial number using the first encryption key to generate the first encrypted data. In this case, the tag data recording method includes the step of the tag unit storing the serial number in the hidden area, the tag unit transmitting the serial number to the service server unit and the service server unit receives the serial number, The method may further include writing to the tag unit.

On the other hand, in order to solve the above problems, the present invention provides a tag data acquisition method capable of security verification from another aspect. The tag data acquisition method includes: obtaining, by a reader, security verification data from a tag unit; Encrypting the obtained security verification data, and transmitting the encrypted security verification data to the tag unit; Acquiring, by the tag unit, the security verification data by decrypting the encrypted security verification data; Decrypting the obtained security verification data using a first encryption key hidden in the tag unit; Comparing at least one piece of information obtained by the decoding with at least one piece of information stored in the tag unit to determine whether the information is forged or not; And transmitting information including tag data or an error message to the reader unit according to the determination result.

In this case, the tag unit may store first encrypted data including tag data and a serial number encrypted using the first encryption key, and the security verification data may include the first encrypted data.

In this case, a security verification code generated from the security verification data is recorded in the tag unit, and in the step of obtaining the security verification data from the tag unit by the reader, the reader acquires the security verification data from the security verification code. It may include the step. The security verification code is, for example, any one of a two-dimensional bar code and an ASCII code may be printed and recorded on the outer surface of the tag portion.

The determining whether the forgery includes comparing the serial number included in the information obtained for the decoding with the serial number stored in the tag unit and determining whether the information is forged or not according to whether two pieces of information match each other. Can be. In this case, transmitting information including tag data or an error message to the reader unit may include transmitting an error message to the reader unit if the two pieces of information do not match, and transmitting the error message to the reader unit if the two pieces of information do not match. And transmitting the tag data. The transmitting of the information including the tag data or the error message to the reader may include transmitting at least one of the serial number and the synchronization time information to the reader if the two informations match. have.

The tag data obtaining method may further include displaying at least one of information including tag data transmitted from the tag unit by the reader unit.

Encrypting the obtained security verification data, and transmitting the encrypted security verification data to the tag unit, generating a synchronization time information through a real-time clock generator, and according to the generated synchronization time information Generating an encryption key, encrypting the obtained security verification data using the second encryption key to generate second encrypted data, and transmitting the generated second encrypted data to the tag portion; Can be.

The acquiring of the security verification data by decrypting the encrypted security verification data by the tag unit may include receiving the synchronization time information from the reader unit and the second encryption key according to the received synchronization time information. And decrypting the second encrypted data received from the reader unit by using the generated second encryption key as a decryption key.

On the other hand, in order to solve the above problem, the present invention provides a tag data recording and acquisition method in another aspect. The tag data recording and acquiring method includes encrypting tag data including article information to which the tag is attached using a first encryption key hidden in a tag and a serial number of the tag and storing the tag data in the tag, and encrypting the encrypted data. Writing a security verification code including tag data and the serial number to the tag; And performing the security verification for acquiring the tag data by using the recorded security verification code, and then acquiring the tag data.

On the other hand, in order to solve the above problems, the present invention provides a tag data recording apparatus in another aspect. The tag data recording apparatus may include a service server unit configured to transmit tag data; And when the tag data is received from the service server, generates a first encryption key, encrypts information including the tag data using the first encryption key, generates and stores first encrypted data, and 1 The encryption key includes a tag portion stored in a hidden area.

In this case, the tag unit may transmit the first encrypted data to the service server unit, and the service server unit may receive the first encrypted data to generate a security verification code and then record the security verification code in the tag unit. . In addition, the service server unit may print the security verification code on the outer surface of the tag unit.

The tag unit may generate a unique serial number of the tag unit, encrypt the tag data and the serial number using the first encryption key to generate the first encrypted data, and store the first encrypted data in the hidden area. The tag unit may transmit the serial number to the service server unit, and the service server unit may receive the serial number and record the serial number.

On the other hand, in order to solve the above problem, the present invention provides a tag data acquisition device in another aspect. The tag data recording apparatus may include: a tag unit configured to encrypt and store information including tag data as first encrypted data using a hidden first encryption key, and to provide security verification data including information of the first encrypted data. ; And a reader section for acquiring the tag data from the tag section. The reader unit obtains the security verification data from the tag unit, encrypts the obtained security verification data with second encrypted data, and transmits the encrypted verification data to the tag unit. The tag unit may receive the second encrypted data from the reader unit, restore the security verification data, decrypt the restored security verification data with the first encryption key, and then use the information obtained by the decryption. Judge. The information including the tag data may include the tag data and a serial number of the tag unit.

The tag unit decrypts the restored verification data with the first encryption key, and then compares at least one piece of information obtained by the decryption with at least one piece of information stored in the tag portion and the two pieces of information. The forgery can be determined according to whether or not.

The reader unit includes a real time clock generator for generating synchronization time information to generate a second encryption key according to the specific synchronization time information, and encrypts the security verification data using the generated second encryption key to generate the second encryption key. 2 You can create encrypted data. The tag unit may receive the synchronization time information from the reader to generate the second encryption key by itself, and decrypt the second encrypted data received from the reader using the second encryption key as a decryption key. Can be.

The security verification data may be at least one of a two-dimensional barcode and an ASCII code recorded in the tag unit. In this case, the reader unit may recognize at least one of the two-dimensional barcode and the ASCII code recorded in the tag unit to obtain the security verification data from the tag unit. On the other hand, the security verification data may be first encrypted data stored in the tag unit. In this case, the reader unit may acquire the first encrypted data stored in the tag unit in order to acquire the security verification data from the tag unit.

As described above, according to the present invention, the tag data stored in the tag is encrypted through an encryption key hidden in the tag, and the encrypted tag data is utilized for security verification in various forms. In the related art, even if the encryption key is stored in an external server or a reader or stored in a tag, there is a possibility of information leakage due to replication and update from the outside. However, in the case of the present invention, the encryption key cannot be generated and stored externally, and only a random code is automatically generated inside the tag and stored in a hidden area, thereby preventing the possibility of information leakage. Therefore, it is possible to eliminate the possibility of forgery and greatly improve the security and reliability of the tag.

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art may easily implement the present invention. In the preferred embodiment of the present invention described below, specific technical terms are used for clarity of content. However, the invention is not limited to the particular term selected, and it is to be understood that each specific term includes all technical synonyms that operate in a similar manner to achieve a similar purpose.

<Example 1>

1 is a block diagram showing the configuration of an RFID system for realizing a tag data recording method and a tag data acquisition method capable of security verification according to a first preferred embodiment of the present invention.

As shown in FIG. 1, the RFID system 100 includes a service server 20 provided on an RFID service provider side, and a tag 40 attached to an article to provide information about the article. And a reader section 60 for acquiring article information stored in the tag section. In this case, the service server unit may interwork with the user terminal 2 through a communication network, for example, a wired or wireless Internet.

The RFID system 100 has a security recording process for recording tag data, that is, article information, in the tag unit 40 to enable security verification, and attaches the tag unit 40 on which the tag data is recorded to the article. A security acquisition process for securely acquiring tag data stored in the tag unit 40 can be performed. In this case, the security recording process may be performed by the service server unit 20 and the tag unit 40, and the security acquisition process may be performed by the reader unit 60 and the tag unit 40.

FIG. 2 is a block diagram showing the detailed configuration of the service server unit 20 shown in FIG.

Referring to FIG. 2, the service server unit 20 includes a communication network interface unit 22, a login unit 23, a tag data editing unit 24, a tag writer / reader unit 25. And a security verification code recorder 26, a serial number recorder 27, a control unit 21 and a database unit 28.

The communication network interface unit 22 provides an interface function to allow access to an external communication network such as a wired or wireless Internet. The service server unit 20 may interwork with the user terminal 2 connected to the communication network through an interface function provided by the communication network interface unit 22.

The login unit 23 receives the user's unique information, for example, a user ID and a password, from the user terminal 2 connected to the communication network, and then checks the user information database 29 so that the user's unique information is not abnormal. In this case, log in the user. In addition, the login unit 23 may provide a member registration function. For example, the login unit 23 provides a function of requesting input of unique information for a user whose unique information does not exist in the user information database 29 and receiving the user's unique information and storing the user's unique information in the user information.

The tag data editing unit 24 performs a function of receiving item information, that is, tag data, to be stored in the tag unit 40 from the user terminal 2. To this end, the tag data editing unit 24 may provide a tag data editing window having various graphic interfaces to the user terminal 2 so that a user may easily input tag data. The tag data may include identification information and additional information for identifying an article to which the tag unit 40 is attached, such as an article name, article contents, authentication ID, issue date, and the like.

The tag writer / reader 25 performs a function of transmitting and receiving data with the tag unit 40. In particular, the tag writer / reader 25 transmits the tag data input from the tag data editer 24 to the tag 40. In this case, the transmitted tag data is encrypted through the first encryption key generated by the tag unit 40 and then stored in the tag unit. Hereinafter, tag data encrypted by the first encryption key will be referred to as first encrypted data. The first encrypted data may include a serial number of the tag unit 40 generated by the tag unit 40.

In addition, the tag writer / reader 25 receives the serial number and the first encrypted data of the tag 40 from the tag 40 and sends it to the serial number recorder 27 and the security verification code recorder 26. Send each one.

The security verification code recording unit 26 generates a security verification code by using the first encrypted data transmitted from the tag writer / reader unit 25 and records the generated security verification code in the tag unit 40. In addition, the security verification code recorder 26 may store the generated security verification code in the security verification information database 30 of the database unit 28.

The security verification code may be a two-dimensional barcode, an ASCII code, or the like. For example, the security verification code recorder 26 converts the received first encrypted data into a two-dimensional barcode or ASCII code, and then prints the converted two-dimensional barcode or ASCII code on one side of the tag 40. By doing so, the security verification code can be recorded in the tag unit 40. In this case, the security verification code recording unit 26 may include a printer capable of printing information on the outer surface of the tag unit 40. The printer may be constituted by an integrated device with the tag writer / reader 25 in hardware.

On the other hand, unlike the method of recording the security verification code, that is, two-dimensional bar code or ASCII code, etc. in the tag unit 40, the first encrypted data stored in the tag unit 40 may be used as security verification data. This will be described in detail through the second embodiment of the present invention to be described later.

The serial number recording unit 27 receives a serial number generated by the tag unit 40 from the tag writer / reader 25 and then records the received serial number in the tag unit 40. In addition, the serial number recording unit 40 may store the received serial number in the security verification information database 30. For example, the serial number recording unit 27 may record the serial number received on the tag unit 40 by printing the serial number received from the tag writer / reader unit 25 on the other side of the outer surface of the tag unit 40. . The serial number recording unit 27 may be configured to be included in the aforementioned printer.

The control unit 21 performs a function of controlling the data flow of the service server unit 20 and the interworking flow between the above-described units as a whole. For example, the cooperative operation of each unit 22 to 28 of the service server unit 20 in the security recording process may be controlled by the control unit 21.

The database unit 28 stores data that need to be stored when performing the security recording process and provides necessary data. The database unit 28 includes a user information database 29 and a security verification information database 30.

The user information database 29 performs a function of storing user information necessary for logging in of a user. The security verification information database 30 stores information of the security verification code stored by the security verification code recorder 26, information of the first encrypted data, information of the serial number stored by the serial number recorder 27, and the like. . In this case, the information stored in the security verification information database 30 may be provided to the user terminal 2 or the reader unit 60 through a communication network.

3 is a block diagram showing the detailed configuration of the tag portion 40 of the RFID system 100 shown in FIG.

As shown in FIG. 3, the tag unit 40 includes a wireless interface unit 42, a data storage unit 46, a first encryption key generator 43, a second encryption key generator 44, and a serial number. Generation section 45, arithmetic / control section 41, and the like. The tag unit 40 is preferably a passive tag that does not require a separate power supply. However, this is not a limitation and the present invention is also applicable to the active tag, of course.

The radio interface unit 42 receives a radio signal in an operating frequency band transmitted from the outside, for example, an RFID standard band, converts the signal into a signal that can be processed in the tag unit 40, and requires each unit 41. ~ 46). In addition, a function to convert a signal received from each of the parts (41 ~ 46) in the tag unit to a radio signal and to transmit to the outside. Although not shown, the air interface unit 42 may include an antenna, an RF processing circuit, and the like.

The data storage 46 performs a function of storing data necessary to perform the security recording process and the security acquisition process. The data storage unit 45 may include, for example, a memory device such as an electrically erasable and programmable read only memory (EEPROM), and may be configured using various memories according to an implementation environment.

The data storage unit 45 may include a first storage area 47 and a second storage area 48. In the first storage area 47, first encrypted data, that is, tag data encrypted through the first encryption key, is stored under the control of the operation / control unit 41. The first storage area 47 may be set to allow reading by the reader unit 60 from the outside. In contrast, the first storage key 48 stores the first encryption key, the serial number of the tag unit 40, and the like. The second storage area 48 is prohibited from reading and writing from the outside and can be used only within the tag portion, and is configured to be hidden outside.

The first encryption key generation unit 43 generates a first encryption key which is a random key in response to a request of the operation / control unit 41 and provides it to the operation / control unit 41. The first encryption key is used to encrypt tag data transmitted from the service server unit 20 to make the first encrypted data.

The second encryption key generation unit 44 generates a second encryption key in response to the synchronization time information transmitted from the reader unit 60. At this time, the second encryption key is the same key as the second encryption key generated by the reader unit 60, as will be described later. For example, the second encryption key generator 44 may include a real-time codebook that outputs a specific code according to a real-time clock. The real-time codebook may be the same codebook as the real-time codebook included in the reader unit 60. have. Therefore, the real-time codebook included in the tag unit 40 and the real-time codebook included in the reader unit 60 output the same encryption key if the time information is the same. Meanwhile, the second encryption key generated by the second encryption key generator 44 is provided to the operation / control unit 41.

The serial number generator 45 generates a unique serial number capable of identifying the tag unit 40 in response to a request from the operation / control unit 41. The serial number may partially include information set by a user, for example, some information of tag data. For example, a 16-digit serial number may include a first 8 digits set by a user and a later 8 digits as a random number. The serial number generated by the serial number generator 45 is stored in the data storage 46 and may be provided to the service server 20.

The operation / control unit 41 controls the operation of the tag unit 40 as a whole during the security recording process and the security acquisition process, and performs a predetermined operation. First, when the tag data transmitted from the service server unit 20 is received through the wireless interface unit 42 during the security recording process, the operation / control unit 41 receives the first encryption key generation unit 43 and the serial number generation unit ( 45) request to generate the first encryption key and the serial number, respectively, and when the first encryption key and the serial number are generated, the tag data and the serial number are encrypted using the first encryption key to the first encrypted data. Make. The first encrypted data is stored in the first storage area 47 of the data storage 46, and the first encryption key and serial number used for encrypting the tag data are stored in the second storage area of the data storage 46. While storing in 48, the first encrypted data and the serial number are transmitted to the service server unit 20 via the air interface unit 42.

Meanwhile, the operation / control unit 41 may receive second encrypted data transmitted from the reader unit 60 in the security acquisition process. In this case, the second encrypted data refers to security verification data encrypted by the reader unit 60 using the second encryption key. The operation / control unit 41 requests the second encryption key generator 44 to provide the second encryption key, and uses the second encryption key provided from the second encryption key generator 44 as the decryption key. Security verification data is acquired by decrypting 2nd encrypted data.

In addition, the operation control unit 41 decrypts the obtained security verification data using the first encryption key stored in the data storage unit 46, and stores the information of the decrypted security verification data in the data storage unit 46. The abnormality is determined by comparing with the information. For example, the operation / control unit 41 compares the serial number included in the information of the decrypted security verification data with the serial number stored in the data storage unit 46 to determine whether there is a match, or the data storage unit 46. After restoring the tag data by decrypting the first encrypted data stored in the first encryption key using the first encryption key, it may be determined whether or not abnormality is compared with the information included in the decrypted security authentication data. have.

On the other hand, the operation / control unit 41 transmits an error message to the reader unit 60 when there is an error as a result of determining whether there is an error, and when there is no error, the tag data, serial number, and synchronization time information together with the security verification success message. Information including the information may be transmitted to the reader unit 60.

4 is a block diagram showing a detailed configuration of the reader unit 60 of the RFID system 100 shown in FIG.

As shown in FIG. 4, the reader unit 60 includes a security verification data acquisition unit 64, a tag interface unit 63, a real time clock generator 62, a second encryption key generator 65, and a reader. The control unit 61, the display unit 66, the communication network interface unit 67 and the like. Although not shown, the reader unit 60 may include various additional components that a conventional RFID reader has, for example, a key input unit. However, this is not related to the gist of the present invention, so the illustration and description will be omitted.

The security verification data acquisition part 64 acquires security verification data from the security verification code recorded in the tag part 40. For example, the security verification data acquisition unit 64 can acquire security verification data from a two-dimensional bar code, an ASCII code, or the like printed on the outer surface of the tag unit 40. Preferably, the security verification data acquisition unit 64 may be configured as a module capable of acquiring information from a two-dimensional bar code or an ASCII code.

The tag interface unit 63 converts the internal data transmitted from each unit 61 to 67 in the reader unit 60 into a radio signal of an operating frequency band of the tag unit 40, for example, an RFID standard band, and transmits the tag. The wireless signal transmitted from the unit 40 is received, converted into a signal usable in the reader unit 60, and then provided to the units 61 to 67 that require the signal. That is, the tag interface unit 63 provides an interface function for wireless communication with the tag unit 40.

 The real time clock generator 62 continuously generates time information in real time. In addition, the real time clock generator 62 transmits the synchronization time information to the tag unit 40 and the second encryption key generator 65 at a specific time point in response to a request from the reader controller 61.

The second encryption key generator 65 generates a second encryption key in response to the synchronization time information transmitted from the real time clock generator 62. In this case, as described above, the second encryption key may have the same value as the second encryption key generated by the tag unit 40. For example, the second encryption key generator 65 may include a real-time codebook that outputs a specific code value according to a real-time clock, and the real-time codebook may be the same codebook as the real-time codebook provided with the tag unit 40. have. Meanwhile, the second encryption key generated by the second encryption key generation unit 65 is provided to the reader control unit 61.

The reader controller 61 encrypts the security verification data received from the security verification data acquisition unit 64 through the second encryption key. That is, the second encrypted data is generated. In addition, the reader controller 61 transmits the generated second encrypted data to the tag unit through the tag interface unit 63. The reader controller 61 may also perform a function of totally controlling the operation flow and the interoperation of the respective units 62 to 67 during the security acquisition process.

The display unit 66 performs a function of displaying various information in the security acquisition process. For example, the display unit 66 may display an error message transmitted from the tag unit 40 when the security verification fails, and when the security verification succeeds, the security verification success message, tag data, serial number, and synchronization time information. Etc. can be displayed.

The communication network interface 67 provides an interface function for connecting to a communication network, for example, a wired or wireless Internet. The reader unit 60 may be connected to the service server unit 20 through the communication network interface 67, or may perform online serial number verification through the service server unit 20.

In the above description, the system configuration capable of realizing the tag data recording method and the tag data acquisition method capable of security verification according to the first embodiment of the present invention has been described in detail. Hereinafter, the tag data recording and tag data acquisition techniques based on such a system will be described in a methodological approach.

5 is a flowchart showing the flow of a tag data recording method capable of security verification according to the first preferred embodiment of the present invention.

As shown in FIG. 5, the service server unit 20 and the tag unit 40 operate in the security recording process for recording the tag data in the tag unit 40 to enable security verification.

First, the user may access the service server unit 20 through the communication network using his own user terminal 2 to receive the tag data recording service. The service server unit 20 sends a login request to the user terminal 20 connected through a communication network and receives user login information, for example, a user ID and a password. Then, the user information is verified by querying the database, and the user is logged in (step: S1). In this case, if the user is not a registered user, the service subscription may be induced.

After logging in, the service server 20 requests the user terminal 2 to input tag data to be recorded in a tag to be attached to the article, and then receives the tag data (step: S2). In this case, the tag data includes information for identifying the article, such as the article name, the contents of the article, the authentication ID, the issue date. For example, when the article to which the tag unit is to be attached is an expensive artwork displayed in an art gallery, the tag data may include a name of a work, contents of a work, an authentication ID, a publication date, and the like. In order to input such tag data, the service server 20 may provide a tag data edit window having various graphic interfaces to the user terminal 2 so that a user may easily input article information.

When the input of the tag data is completed, the service server unit 20 transmits the input tag data to the tag unit 40 (step: S3). Then, the tag unit 40 generates a random number by generating a random number and generates a first encryption key, which is a random code, and generates a serial number uniquely assigned to the tag unit (step: S4). In this case, as described above, the serial number may partially include information set by a user, for example, some information of tag data.

Subsequently, the tag unit 40 generates the first encrypted data by encrypting the tag data and the serial number using the generated first encryption key (step S5), and then the first encrypted data, the first encryption key, and the serial number. Each number is stored (step S6). In this case, the first encryption key and the serial number are hidden from the outside to prevent access. The tag unit 40 transmits the first encrypted data and the serial number to the service server unit 20 (step: S7).

On the other hand, the service server unit 20 receives the first encrypted data transmitted from the tag unit 40 to generate a security verification code (step: S8). The security verification code refers to data in a form such as a two-dimensional barcode, an ASCII code, or the like, containing information of the first encrypted data. When the security verification code is generated, the service server unit 20 records the generated security verification code in the tag unit 40 (step: S9). For example, the service server unit 20 may print the security verification code generated on one side of the outer surface of the tag unit 40.

In addition, the service server unit 20 may receive the serial number transmitted from the tag unit 40 and record it in the tag unit 40 (step: S10). For example, the service server unit 20 may record the received serial number on the other side of the outer surface of the tag unit 40. In this case, the security verification code and the serial number are printed on the outer surface of the tag unit 40, respectively.

6 is a perspective view showing the shape of the tag portion 40 when the security verification code and the serial number are printed on the outer surface of the tag portion 40.

As shown in FIG. 6, it can be seen that a serial number is printed on the front side of the tag unit 40, and a security verification code in the form of a two-dimensional barcode is printed on the bottom side thereof. The tag unit 40 may be provided to the user, and the user may attach the provided tag unit 40 to the article. The article may be, for example, a work of art, a work of art, a masterpiece, a food, a vehicle part, a tire, a golf club, an emotional certificate, a qualification certificate, or the like.

Information or serial number associated with the security verification code may be stored and managed by the service server unit 20 (step: S11). After the service terminal 2 or the reader unit 60 is connected to the service server unit 20 and undergoes appropriate authentication, the service terminal 2 or the reader unit 60 may check the information related to the security verification code provided from the service server unit 20 and the serial number online. .

On the other hand, when the tag portion 40 is attached to the article, information of the article can be obtained through the tag portion 40. The reader unit 60 and the tag unit 40 are involved in a tag data acquisition process for acquiring tag data from the tag unit 40.

7 is a flowchart showing the flow of a tag data acquisition method capable of security verification according to the first preferred embodiment of the present invention.

As illustrated in FIG. 7, the reader unit 60 and the tag unit 40 operate in a security acquisition process for securely and stably obtaining tag data from the tag unit 40.

First, the reader unit 60 obtains security verification data from the security verification code recorded in the tag unit 40 attached to the article (step S21). For example, the reader unit 60 recognizes the two-dimensional barcode printed on the outer surface of the tag unit 40 and acquires the information contained in the two-dimensional barcode. In this case, since the security verification code is information containing the information of the first encrypted data, the security verification data acquired by the reader unit will be the same information as the first encrypted data if there is no forgery or tampering.

When the security verification data is acquired, the reader unit 60 generates synchronization time information for synchronizing with the tag unit 40 via a real time clock generator, and generates a second encryption key corresponding to the synchronization time information (step : S22). For example, the reader unit 60 includes a codebook for outputting a predetermined code corresponding to the time information generated by the real time clock generator, and outputs a second encryption key corresponding to the synchronization time information through the codebook. Can be. The synchronization time information is also provided to the tag unit 40.

When the second encryption key is generated, the reader unit 60 generates the second encrypted data by encrypting the obtained security verification data using the generated second encryption key (step: S23). The generated second encrypted data is transmitted to the tag unit 40 (step: S24).

When the second encryption data is received from the reader unit 60, the tag unit 40 generates a second encryption key according to the synchronization time information received from the reader unit 60 (step: S25). For example, the tag unit 40 may include a codebook that outputs the same code as that provided in the reader unit 60, and output a second encryption key according to the synchronization time information received from the reader unit 60. Can be.

Subsequently, the tag unit 40 decrypts the received second encrypted data using the generated second encryption key as a decryption key (step S26). The security verification data can then be restored. As mentioned above, since the security verification data should be the same information as the first encrypted data, it may be decrypted through the first encryption key. Therefore, the tag unit 40 decrypts the restored security verification data by using the first encryption key stored in the hidden storage area as the decryption key (step S27). Then, the same data as the tag data is restored.

The tag unit 40 compares at least one of the information included in the decrypted security verification data (that is, the same data as the tag data) with at least one of the information stored in the data storage unit 46 (step) (S28), it is determined whether the data is forged or not according to whether the two information match (step: S29). For example, the tag unit 40 may compare the serial number among the information of the decrypted security verification data with the serial number stored in the hidden storage area of the data storage unit 46 and determine whether the tag number matches. Alternatively, after decrypting the first encrypted data stored in the data storage unit 46 using the first encryption key, at least a portion of the decrypted information is compared with a corresponding portion of the information of the decrypted security verification data to determine whether there is a match. You may.

In the determination (step S29), the tag unit 40 may determine that the information is forgery when the two pieces of information do not match. In this case, the tag unit 40 transmits an error message to the reader unit 60 (step S31). The reader unit 60 then displays error information corresponding to the transmitted error message. For example, the reader unit 60 may display information such as "ERROR" or "Duplicated".

On the other hand, if the two pieces of information match, the tag unit 40 determines that the security verification is normally performed, and decrypts the first encrypted data to transmit the tag data to the reader unit (step: S30). In this case, the serial number, synchronization time information, etc. may be transmitted to the reader unit together with the tag data. Then, the reader unit 60 displays tag data transmitted from the tag unit 40, serial number, synchronization time information, and the like (step S32).

Therefore, a checker who wants to check the item information through the reader unit 60 may obtain the item information by checking the tag data displayed by the reader unit 60. In addition, the verifier may compare the serial number displayed by the reader unit 60 with the serial number printed on the outer surface of the tag unit 40, and access the service server unit 20 online to access the service server unit 20. It is also possible to check the serial number of the tag unit 40 stored and managed by the information, information of the security verification data, and the like.

The tag data recording method and the tag data acquisition method capable of security verification according to the first embodiment of the present invention have been described above. According to this first embodiment, the tag data is encrypted with the first encrypted data using the first encryption key, which is a hidden encryption key generated by the tag unit 40, and the security verification code generated from the first encrypted data is stored. It records in the tag part 40. FIG. When acquiring the tag data, it is possible to check whether the forgery is made through a security verification code recorded in the tag unit 40. Therefore, since security verification can be performed without leaking the encryption key of the tag data to the outside of the tag unit, the security of the tag data can be dramatically increased.

On the other hand, in the first embodiment described above, a security verification code (two-dimensional barcode or ASCII code, etc.) is generated and recorded in the tag unit 40, the security verification data is obtained from the recorded security verification code, and the tag data is secured. Although the technique of obtaining high has been described, the first encrypted data itself stored in the tag unit may be used as security verification data without generating a separate security verification code. This will be described with reference to the second embodiment below.

<Example 2>

According to the second embodiment of the present invention, an RFID system for realizing a tag data recording method and a tag data acquisition method capable of security verification may include a service server provided on an RFID service provider side as in the first embodiment. Server), a tag unit attached to the article for providing the article information, and a reader unit for acquiring the article information stored in the tag unit.

Such an RFID system may perform a security recording process for recording tag data in a tag unit so that security verification can be performed, and a security acquisition process for securely acquiring information recorded in the tag unit. The service recording portion and the tag portion are operated in the security recording process, and the reader portion and the tag portion are operated in the security acquisition process.

8 is a block diagram showing the detailed configuration of a service server unit according to the second preferred embodiment of the present invention.

As shown in FIG. 8, the service server unit 120 includes a communication network interface unit 122, a login unit 123, a tag data editing unit 124, a tag writer / reader unit 125, and a serial number recording unit 127. , A control unit 121 and a database unit 128.

In this case, the communication network interface 122, the login unit 123, and the tag data editing unit 124 have the same functions as the communication network interface unit 22, the login unit 23, and the tag data editing unit 24 illustrated in FIG. 2. Have Therefore, a separate description will be omitted.

The tag writer / reader 125 performs a function of transmitting and receiving data with the tag unit 140. In particular, the tag writer / reader 125 transmits tag data input from the tag data editing unit 124 to the tag unit 140. In this case, the transmitted tag data is encrypted through the first encryption key generated by the tag unit 140 and stored in the tag unit 140 in the form of the first encrypted data. The first encrypted data may include a serial number of a tag unit generated by the tag unit 140. In addition, the tag writer / reader 125 receives the serial number of the tag unit 140 from the tag unit 140 and transmits it to the serial number recording unit 127. Meanwhile, the tag writer / reader unit 125 may receive the first encrypted data from the tag unit 140 for online verification service, and store and manage the first encrypted data in the database unit 128.

The serial number recording unit 127 receives the serial number generated by the tag unit 141 from the tag writer / reader unit 125 and then records the received serial number in the tag unit 140. For example, the serial number recording unit 127 may record the serial number on the tag unit 140 by printing the received serial number on the outer surface of the tag unit 140. In addition, the serial number recording unit 127 may store the received serial number in the security verification information database 130 of the database unit 128.

The control unit 121 performs a function of controlling the data flow of the service server unit 120 and the interworking flow between the units 122 to 128 as a whole. For example, in the security recording process according to the second embodiment, the linking operation of the units 122 to 128 of the service server 122 may be controlled by the controller 121.

The database unit 128 stores data that need to be stored when performing the security recording process and provides necessary data. The database unit 128 stores and manages a user information database 129 and a serial number received through the tag write / reader unit 125 that perform the same functions as in the first embodiment. ). In the case of the security verification information database 130, the first encrypted data received by the tag write / reader 125 may be stored and managed for the online verification service.

As can be seen from the configuration of the service server 120 described above, the service server 120 according to the second embodiment of the present invention does not have a separate security verification code recorder. This is because in the second embodiment, the first encrypted data itself stored in the tag unit 140 is used as security verification data. Therefore, it is not necessary to perform the process of recording the security verification code in the tag unit 140.

On the other hand, in the case of the tag unit 140 according to the second preferred embodiment of the present invention is substantially the same as the components of the tag unit 40 shown in Figure 3 described above. However, in the second embodiment, since the security authentication code is not generated, the operation / control unit of the tag unit 140 does not have to transmit the generated encrypted data to the service server unit 120 after generation. However, according to the implementation environment, when the first encrypted data is used for the online verification service as the security verification data, the first encryption data may be provided from the tag unit 140 to the service server unit 120.

9 is a perspective view showing the outer surface shape of the tag portion 140 according to the second embodiment of the present invention.

As shown in FIG. 9, only the serial number is recorded on the front side of the tag unit 140, and the security authentication code is not recorded. Instead, the first encrypted data stored in the tag unit 140 is utilized as security authentication data.

10 is a block diagram showing a detailed configuration of a reader unit according to a second preferred embodiment of the present invention.

As illustrated in FIG. 10, the reader 160 may include a tag interface 163, a real time clock generator 162, a second encryption key generator 165, a reader controller 161, and a display 166. ) And the network interface unit 167 and the like. Among them, the real time clock generator 162, the second encryption key generator 165, the display unit 166, and the communication network interface unit 167 are the real time clock generator 62 shown in FIG. 2 The same function as the encryption key generator 65, the display 66, and the communication network interface 67 may be performed. Therefore, a separate description will be omitted.

Since the reader unit 161 according to the second embodiment does not include a separate security verification data acquisition unit, the first encrypted data stored in the tag unit 140 must first be acquired through the tag interface unit 163. do. The first encrypted data acquired by the tag interface unit 163 is used as security verification data. Therefore, hereinafter, the first encrypted data acquired by the tag interface unit 163 will be referred to as security verification data.

The reader controller 161 encrypts the first encrypted data acquired by the tag interface unit 163, that is, the security authentication data, through the second encryption key generated by the second encryption key generator 165. In other words, the information of the security verification data is converted into the second encrypted data. In addition, the reader controller 161 transmits the converted second encrypted data to the tag unit through the tag interface unit 163. The reader controller 161 may also perform a function of controlling overall operation flows and interoperation operations of the units 162 to 167 during the security acquisition process.

In the above description, the system configuration capable of realizing the tag data recording method and the tag data acquisition method capable of security verification according to the second embodiment of the present invention has been described in detail. Hereinafter, a methodological approach to tag data recording and tag data acquisition techniques based on such a system will be described.

11 is a flowchart showing the flow of a tag data recording method capable of security verification according to a second preferred embodiment of the present invention.

As shown in FIG. 11, the service server unit 120 and the tag unit 140 operate in a secure recording process for recording the tag data in the tag unit 140 to enable security verification.

First, a user may access the service server 120 through a communication network using his own user terminal device to receive a tag data recording service. The service server 120 sends a login request to a user terminal connected through a communication network to receive user login information, for example, a user ID and a password. Then, the user information is verified by querying the database and logging in the user (step S41). In this case, if the user is not a registered user, the service subscription may be induced.

After logging in, the service server 120 requests a user terminal to input tag data to be recorded in a tag to be attached to the article and receives the tag data in response (step S42). In this case, the tag data includes information for identifying the article, such as the article name, the contents of the article, the authentication ID, the issue date. In order to input such tag data, the service server 120 may provide a tag data edit window having various graphic interfaces to the user terminal so that a user may easily input article information.

When the input of the tag data is completed, the service server unit 120 transmits the input tag data to the tag unit 140 (step: S43). Then, the tag unit 140 generates a random number to generate a first encryption key, which is a random code, and generates a serial number uniquely assigned to the tag unit 140 (step: S44). In this case, as described above, the serial number may partially include information set by a user, for example, some information of tag data.

Subsequently, the tag unit 140 generates first encrypted data by encrypting the tag data and the serial number using the generated first encryption key (step S45). Next, the tag unit 140 stores the generated first encryption data, the first encryption key, and the serial number in the data storage unit (step S46). In this case, the first encryption key and the serial number are stored in a hidden storage area to prevent access from the outside. The tag unit 140 transmits the serial number to the service server unit 120 (step: S27).

The service server unit 120 receives the serial number transmitted from the tag unit 140 and records it in the tag unit 140 (step: S48). For example, the service server unit 120 may print the received serial number on one side of the outer surface of the tag unit 140 as shown in FIG. 9. The serial number may be stored and managed by the service server unit 120 (step S49).

In addition, the service server unit 120 may acquire, store, and manage first encrypted data from the tag unit 140. The service terminal or the reader unit may access the service server unit 120 to verify the first encryption data (ie, security verification data), a serial number, etc. provided from the service server unit after proper authentication.

On the other hand, when the tag unit 140 is attached to the article, the information of the article can be obtained through the tag unit 140. The reader unit 160 and the tag unit 140 are involved in a tag data acquisition process for acquiring tag data from the tag unit 140.

12 is a flowchart showing the flow of a tag data acquisition method capable of security verification according to a second preferred embodiment of the present invention.

As shown in FIG. 12, the reader unit 160 and the tag unit 140 operate in a security acquisition process for securely and securely obtaining tag data from the tag unit 140.

First, the reader unit 160 transmits a radio signal to the tag unit 140 to acquire first encrypted data stored in the tag unit 140 as security verification data (step: S51). When the security verification data is acquired, the reader unit 160 generates synchronization time information for synchronizing with the tag unit 140 through a real time clock generator, and generates a second encryption key corresponding to the synchronization time information (step : S52). For example, the reader unit 160 may include a codebook for outputting a predetermined code corresponding to the time information generated by the real time clock generator, and output a second encryption key corresponding to the synchronization time information through the codebook. Can be. The synchronization time information is also provided to the tag unit 140.

When the second encryption key is generated, the reader unit 160 generates the second encrypted data by encrypting the obtained security verification data using the generated second encryption key (step S53). The generated second encrypted data is transmitted to the tag unit 140 (step S54).

When the second encryption data is received from the reader unit 160, the tag unit 140 generates a second encryption key according to the synchronization time information received from the reader unit 160 (step S55). For example, the tag unit 140 includes the same codebook as the codebook included in the reader unit 160, and according to the synchronization time information received from the reader unit 160, the same second encryption as that of the reader unit 160. You can output the key.

Subsequently, the tag unit 140 decrypts the received second encrypted data using the generated second encryption key as a decryptor (step S56). The security verification data can then be restored. As mentioned in the first embodiment, since the security verification data should be the same information as the first encrypted data, it may be decrypted through the first encryption key. Therefore, the tag unit 140 decrypts the restored security verification data using the first encryption key stored in the hidden area as the decryption key (step S57). Then, the same data as the tag data is restored.

The tag unit 140 compares at least a portion of the information included in the decrypted security verification data with at least a portion of the information stored in the data storage unit (step S58), and determines whether the forgery is forgery based on whether the two pieces of information match. (Step S59). For example, the tag unit 140 may compare the serial number among the information of the decrypted security verification data with the serial number stored in the hidden storage area of the data storage unit, and determine whether the tag 140 matches. Alternatively, after decrypting the first encrypted data stored in the data storage unit using the first encryption key, at least some of the decrypted information may be compared with corresponding information of the decrypted security verification data to determine whether there is a match.

In the determination (step: S59), if the two pieces of information do not match, the tag unit 140 transmits an error message to the reader unit 160 (step: S61). The reader unit 160 then displays error information corresponding to the transmitted error message. On the other hand, if the security verification is normally performed as a result of the determination (step: S59), the tag unit 140 decrypts the first encrypted data and transmits the tag data to the reader unit 160 (step: S60). At this time, the serial number, synchronization time information, and the like may be transmitted to the reader unit 160 together with the tag data. Then, the reader unit 160 displays tag data transmitted from the tag unit 140, serial number, synchronization time information, and the like (step S62).

Therefore, a checker who wants to check the item information through the reader unit 160 may obtain the item information by checking the tag data displayed by the reader unit 160. In addition, the identifier may compare the serial number displayed by the reader unit 160 with the serial number printed on the outer surface of the tag unit 140. The identifier may be stored and managed by the service server unit by accessing the service server unit through a communication network. The serial number of the tag unit 140 may be checked online.

The tag data recording method and the tag data acquisition method capable of security verification according to the second preferred embodiment of the present invention have been described above. According to the second embodiment, since the tag data is encrypted using the first encryption key, which is a hidden encryption key generated by the tag unit 140, as the first encrypted data, and the first encrypted data is used as the security verification data. A concise process can do it.

Although the present invention has been described above with reference to its preferred embodiments, those skilled in the art will variously modify the present invention without departing from the spirit and scope of the invention as set forth in the claims below. And can be practiced with modification.

For example, in the above-described first embodiment, the security verification code is printed on the outer surface of the tag unit. However, the security verification code may be recorded in the form of storing the security verification code in the tag unit. In this case, the reader unit may first acquire the security verification code through the air interface and then acquire the security verification data. Also, some information may be used when encrypting tag data and using it as security verification data. Therefore, changes in the future embodiments of the present invention will not be able to escape the technology of the present invention.

1 is a block diagram showing the configuration of an RFID system for realizing a tag data recording method and a tag data acquisition method capable of security verification according to a first preferred embodiment of the present invention.

FIG. 2 is a block diagram showing the detailed configuration of the service server unit shown in FIG.

3 is a block diagram showing a detailed configuration of a tag portion of the RFID system shown in FIG.

4 is a block diagram showing the detailed configuration of a reader unit of the RFID system shown in FIG.

5 is a flowchart showing the flow of a tag data recording method capable of security verification according to the first preferred embodiment of the present invention.

Fig. 6 is a perspective view showing the shape of the tag portion when the security verification code and the serial number are printed on the outer surface of the tag portion.

7 is a flowchart showing the flow of a tag data acquisition method capable of security verification according to the first preferred embodiment of the present invention.

8 is a block diagram showing the detailed configuration of a service server unit according to the second preferred embodiment of the present invention.

9 is a perspective view showing the outer shape of the tag portion according to the second preferred embodiment of the present invention.

10 is a block diagram showing a detailed configuration of a reader unit according to a second preferred embodiment of the present invention.

11 is a flowchart showing the flow of a tag data recording method capable of security verification according to a second preferred embodiment of the present invention.

12 is a flowchart showing the flow of a tag data acquisition method capable of security verification according to a second preferred embodiment of the present invention.

<Description of the symbols for the main parts of the drawings>

2: user terminal

20: service server unit

40: tag part

60: leader

Claims (29)

Transmitting, by the service server unit, tag data to be recorded in the tag unit to the tag unit; Receiving, by the tag unit, the tag data, generating a first encryption key, and encrypting information including the received tag data by using the first encryption key to generate first encrypted data; And Storing the first encrypted data and the first encryption key by the tag unit, and storing the first encryption key in a hidden area to prevent access from the outside. Way. The method of claim 1, further comprising: transmitting, by the tag unit, the first encrypted data to the service server unit; The service server unit receiving the first encrypted data to generate a security verification code; And And recording, by the service server unit, the generated security verification code to the tag unit. The method of claim 2, wherein the security verification code is one of two-dimensional barcodes and ASCII codes. And the service server unit prints the security verification code on an outer surface of the tag unit. The method of claim 1, wherein the stored first encrypted data is used as security verification data when acquiring the tag data from the tag unit. The method of claim 1, further comprising receiving the tag data from the user terminal by the service server unit. The method of claim 1, wherein generating the first encrypted data comprises: The tag unit receiving the tag data; Generating the first encryption key; Generating a serial number uniquely assigned to the tag portion; And And encrypting the tag data and the serial number using the first encryption key to generate the first encrypted data. The method of claim 6, further comprising: storing the serial number in the hidden area by the tag unit; Transmitting, by the tag unit, the serial number to the service server unit; And And receiving the serial number by the service server unit and writing the serial number to the tag unit. Obtaining, by the reader unit, security verification data from the tag unit; Encrypting the obtained security verification data and transmitting the encrypted security verification data to the tag unit; Acquiring, by the tag unit, the security verification data by decrypting the encrypted security verification data; Decrypting the obtained security verification data using a first encryption key hidden in the tag unit; Comparing at least one piece of information obtained by the decoding with at least one piece of information stored in the tag unit to determine whether the information is forged or not; And And transmitting information including tag data or an error message to the reader according to the determination result. The method of claim 8, wherein the tag unit stores first encrypted data including a tag data and a serial number encrypted using the first encryption key, and the security verification data includes the first encrypted data. A tag data acquisition method capable of security verification characterized by the above-mentioned. The method of claim 9, wherein the tag unit is recorded with a security verification code generated from the security verification data, The reader unit obtaining the security verification data from the tag unit, And the reader unit obtaining the security verification data from the security verification code. 12. The method of claim 10, wherein the security verification code is one of a two-dimensional barcode and an ASCII code, and is printed and recorded on an outer surface of the tag portion. 10. The method of claim 9, wherein determining whether the forgery is, And comparing the serial number included in the information decrypted using the first encryption key with the serial number stored in the tag unit and determining whether the information is forged or not according to whether two pieces of information match each other. Tag data acquisition method with security verification. The method of claim 12, wherein the transmitting of the information including the tag data or the error message to the reader unit comprises: And transmitting an error message to the reader unit when the two pieces of information do not match, and transmitting the tag data to the reader unit when the two pieces of information coincide with each other. The method of claim 13, wherein the transmitting of the information including the tag data or the error message to the reader unit comprises: And transmitting the selected one of the serial number and the synchronization time information to the reader unit if the two pieces of information coincide with each other. 10. The method of claim 8, further comprising the step of displaying, by the reader unit, at least one of information including tag data transmitted from the tag unit. The method of claim 8, wherein encrypting the obtained security verification data and transmitting the encrypted security verification data to the tag unit include: Generating synchronization time information through a real time clock generator; Generating the second encryption key according to the generated synchronization time information; Generating second encrypted data by encrypting the obtained security verification data using the second encryption key; And And transmitting the generated second encrypted data to the tag unit. The method of claim 16, wherein the tag unit decrypts the encrypted security verification data to obtain the security verification data. Receiving the synchronization time information from the reader unit; Generating the second encryption key according to the received synchronization time information; And And decrypting the second encrypted data received from the reader unit by using the generated second encryption key as a decryption key. The tag data including the article information to which the tag is attached and the serial number of the tag are encrypted and stored in the tag using the first encryption key hidden in the tag, and the encrypted tag data and the serial number are included. Writing a security verification code to the tag; And And performing the security verification for acquiring the tag data by using the recorded security verification code, and then acquiring the tag data. A service server unit for transmitting tag data; And When the tag data is received from the service server, a first encryption key is generated, the information including the tag data is encrypted using the first encryption key to generate and store the first encrypted data, and the 1 And an encryption key comprises a tag portion for storing in a hidden area. 20. The apparatus of claim 19, wherein the tag unit transmits the first encrypted data to the service server unit, and the service server unit generates the security verification code by receiving the first encrypted data and sends the security verification code to the tag unit. The tag data recording apparatus, characterized by recording. 21. The tag data recording apparatus according to claim 20, wherein the service server unit prints the security verification code on an outer surface of the tag unit. 20. The method of claim 19, wherein the tag unit generates a unique serial number of the tag unit, encrypts the tag data and the serial number using the first encryption key to generate the first encrypted data, and then hides the hidden serial number. Tag data recording apparatus characterized in that the data is stored in the area. The tag data recording apparatus of claim 22, wherein the tag unit transmits the serial number to the service server unit, and the service server unit receives the serial number and records the serial number. A tag unit which encrypts and stores information including tag data with first encrypted data using a hidden first encryption key, and provides security verification data including information of the first encrypted data; And A reader unit for acquiring the tag data from the tag unit, The reader unit obtains the security verification data from the tag unit, encrypts the obtained security verification data with second encrypted data, and transmits the encrypted verification data to the tag unit. The tag unit receives the second encrypted data from the reader unit, restores the security verification data, decrypts the restored security verification data with the first encryption key, and uses the information obtained by the decryption. The tag data acquisition device, characterized in that for determining. 25. The apparatus of claim 24, wherein the information including the tag data includes the tag data and a serial number of the tag unit. 25. The method of claim 24, wherein the tag unit decrypts the restored verification data with the first encryption key, and then at least one of the information stored in the tag unit at least one of the information obtained by the decryption. And the forgery is determined according to whether two pieces of information coincide with each other. 25. The method of claim 24, wherein the reader unit comprises a real time clock generator for generating synchronization time information to generate a second encryption key according to the specific synchronization time information, and the security verification is performed using the generated second encryption key. Encrypting data to generate the second encrypted data, The tag unit may receive the synchronization time information from the reader to generate the second encryption key by itself, and decrypt the second encrypted data received from the reader using the second encryption key as a decryption key. The tag data acquisition device characterized by the above-mentioned. 25. The apparatus of claim 24, wherein the security verification data is one of two-dimensional barcodes and ASCII codes recorded in the tag portion, and the reader portion is recorded in the tag portion to obtain the security verification data from the tag portion. Tag data acquisition device, characterized in that for recognizing the one of the two-dimensional barcode, the ASCII code. 25. The apparatus of claim 24, wherein the security verification data is first encrypted data stored in the tag section, and the reader section acquires the first encrypted data stored in the tag section to obtain the security verification data from the tag section. The tag data acquisition device characterized by the above-mentioned.

Images