[go: up one dir, main page]

HK1162805B - Communication apparatus, communication method and communication system - Google Patents

Communication apparatus, communication method and communication system Download PDF

Info

Publication number
HK1162805B
HK1162805B HK12102756.6A HK12102756A HK1162805B HK 1162805 B HK1162805 B HK 1162805B HK 12102756 A HK12102756 A HK 12102756A HK 1162805 B HK1162805 B HK 1162805B
Authority
HK
Hong Kong
Prior art keywords
data
communication
writer
reader
wireless tag
Prior art date
Application number
HK12102756.6A
Other languages
Chinese (zh)
Other versions
HK1162805A1 (en
Inventor
根岸正树
赤井田彻郎
Original Assignee
索尼公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from JP2010133180A external-priority patent/JP5521803B2/en
Application filed by 索尼公司 filed Critical 索尼公司
Publication of HK1162805A1 publication Critical patent/HK1162805A1/en
Publication of HK1162805B publication Critical patent/HK1162805B/en

Links

Description

Communication apparatus, communication method, and communication system
Technical Field
The present invention relates to a communication apparatus, a communication method, and a communication system, and particularly relates to a communication apparatus, a communication method, and a communication system, which are capable of achieving size reduction and cost reduction of a wireless tag while ensuring security with respect to a wireless tag such as an IC card or an IC chip that performs proximity communication with, for example, a reader/writer.
Background
In recent years, proximity communication using an IC (integrated circuit) card or the like to perform wireless communication without contact at a short distance is used for, for example, an electronic commuter ticket, electronic money, or the like, and a mobile phone device having an electronic commuter ticket or an electronic money function using the proximity communication is also widely used.
Proximity communication has been standardized, for example, in ISO/IEC 14443 and ISO/IEC 18092 (hereinafter referred to as NFC (near field communication)).
Here, among communication devices that perform proximity communication such as communication based on the NFC standard, a communication device such as an IC card or an IC chip that performs proximity communication with a reader/writer that outputs an RF (radio frequency) signal in a format responsive to a signal from the reader/writer is referred to as a wireless tag.
For example, the wireless tag provides various types of services by incorporating a nonvolatile memory such as an EEPROM (electrically erasable programmable read only memory) and reading and writing data in the nonvolatile memory that is exchanged with a reader/writer using proximity communication.
In the reader/writer and the wireless tag, in order to prevent tampering of data stored in a nonvolatile memory built in the wireless tag by proximity communication with a fraudulent device (froudenttdevice), mutual authentication is performed, for example, according to a symmetric cryptographic algorithm (for example, japanese unexamined patent application publication No. 2009) 276916).
In mutual authentication according to a symmetric cryptographic algorithm, one of a reader/writer and a wireless tag, for example, the reader/writer generates a random number RA, and by encrypting the random number RA using a public key KA, encrypted data { RA }of the random number RA is generatedKAAnd transmits it to the wireless tag.
The wireless tag receives the encrypted data { RA }from the reader/writerKAAnd decrypts the encrypted data { RA } using the public key KAKA. In addition, the encrypted data { RA } is encrypted by using the public key KBKAGenerates the encrypted data { RA' } of the decryption result RAKBAnd transmits it to the reader/writer through the wireless tag.
The reader/writer receives the encrypted data { RA' }from the wireless tagKBAnd decrypts the encrypted data { RA' }using the public key KBKB. Then, the reader/writer encrypts the data { RA' }by encrypting itKBThe decryption result RA "of (a) is compared with the random number RA to perform verification whether or not the wireless tag is a legitimate device (legitimated device).
I.e. in the encrypted data { RA' }KBIn the case where the decryption result RA ″ of (a) and the random number RA match each other, the reader/writer recognizes that the wireless tag is a legitimate device because the wireless tag has the public keys KA and KB (authentication of the wireless tag succeeds).
In addition, in the mutual authentication according to the symmetric cryptographic algorithm, the other of the reader/writer and the wireless tag, for example, the wireless tag, generates the random number RB and performs processing by performing the same manner as in the case where the reader/writer authenticates the wireless tag, which performs authentication of whether or not the reader/writer is a legitimate device.
Then, when the authentication of the reader/writer is successful in the wireless tag, in the reader/writer and the wireless tag, encryption keys are generated using the random numbers RA and RB, and data is encrypted using the encryption keys, and data exchange is performed.
Thus, between the reader/writer and the wireless tag, which have succeeded in mutual authentication, since encrypted data obtained by encrypting data using the encryption key is exchanged, it is possible to prevent eavesdropping of data.
Disclosure of Invention
As above, in the case of performing mutual authentication between the reader/writer and the wireless tag according to the symmetric cryptographic algorithm, a circuit (random number generation circuit) that generates a random number is necessary in both the reader/writer and the wireless tag.
However, providing the random number generation circuit in the wireless tag hinders size reduction and cost reduction of the wireless tag.
On the other hand, in the case where the random number generation circuit is not provided in the wireless tag, authentication of whether or not the reader/writer is a legitimate device cannot be performed from the wireless tag in mutual authentication according to a symmetric cryptographic algorithm.
Here, with regard to wireless tags, there is an increasing expectation for use in services such as tickets for events such as concerts held for a given day or short period of time, such as days.
With respect to a service (hereinafter referred to as a short-term service) in which a valid period (period in which a ticket or a multi-pass can be used) of a ticket other than an event such as a multi-pass at a theme park or the like is limited to a short period, even if an analysis of a legitimate wireless tag has been performed since a fraudulent wireless tag is used, since the valid period has elapsed before the analysis is completed, it is not necessary to have as strong security as required for a service having no valid period such as electronic money.
As described above, regarding the wireless tag used for the short-term service, it is not necessary to have security as strong as that required for the service without the effective period, but even then, it is necessary to ensure security to such an extent that the analysis of the wireless tag is difficult in the effective period of the short-term service.
It is desirable to enable size reduction and cost reduction of a wireless tag while ensuring security with respect to the wireless tag.
A communication apparatus according to a first embodiment of the present invention is provided with: a communication device that performs proximity communication with the reader/writer; a storage device that stores data and a serial number, a value of the serial number being regularly updated each time the data is written into the storage device; and a control device that controls writing of data into the storage device in accordance with a command from the reader/writer; wherein the communication means transmits the serial number stored in the storage means to the reader/writer, and receives, from the reader/writer, first encrypted data generated by the reader/writer using a value based on the serial number and write target data as the write target data written in the storage means; and the control means generates second encrypted data using a value based on the serial number and write target data received by the communication means, writes the write target data received by the communication means into the storage means, and updates the serial number stored in the storage means, in a case where the first encrypted data and the second encrypted data match.
According to a communication method of a communication apparatus according to a first embodiment of the present invention, the communication apparatus is provided with: a communication device that performs proximity communication with the reader/writer; a storage device that stores data and a serial number, a value of the serial number being regularly updated each time the data is written into the storage device; and a control device that controls writing of data into the storage device in accordance with a command from the reader/writer, the method comprising the steps of: transmitting the serial number stored in the storage device to the reader/writer, and receiving, from the reader/writer, first encrypted data generated by the reader/writer using a value based on the serial number and the write target data, and write target data that is target data written into the storage device, and second encrypted data generated using a value based on the serial number and the write target data received by the communication device, and in a case where the first encrypted data and the second encrypted data match, writing the write target data received by the communication device into the storage device, and updating the serial number stored in the storage device.
In the first embodiment of the present invention, the communication means transmits the serial number stored in the storage means to the reader/writer, and receives, from the reader/writer, first encrypted data generated by the reader/writer using a value based on the serial number and write target data as target data to be written in the storage means. Then, the control means generates second encrypted data using a value based on the serial number and write target data received by the communication means, and writes the write target data received by the communication means into the storage means and updates the serial number stored in the storage means in the case where the first encrypted data and the second encrypted data match.
A communication apparatus according to a second embodiment of the present invention is provided with: a communication device that performs proximity communication with a wireless tag having a storage device that stores data and a serial number, a value of the serial number being regularly updated each time data is written into the storage section; and generating means for generating first encrypted data using a value based on the sequence number transmitted from the wireless tag and write target data that is target data to be written into the storage means; wherein the communication means transmits the first encryption data and the write target data to the wireless tag.
According to a communication method of a communication apparatus of a second embodiment of the present invention, the communication apparatus is provided with: a communication device that performs proximity communication with a wireless tag having a storage device that stores data and a serial number, a value of the serial number being regularly updated each time data is written into the storage device; and generating means for generating first encrypted data using a value based on the sequence number transmitted from the wireless tag and write target data that is target data to be written in the storage means, the method including the steps of: generating the first encrypted data; and transmitting the first encrypted data and the write target data to the wireless tag.
In the second embodiment of the present invention, the first encrypted data is generated using the value based on the sequence number transmitted from the wireless tag and the write target data that is the target data written into the storage device, and the first encrypted data and the write target data are transmitted to the wireless tag.
A communication system according to a third embodiment of the present invention is provided with: a reader/writer and a wireless tag that perform proximity communication; wherein the reader/writer has: a first communication means that performs proximity communication with the wireless tag, the wireless tag having a storage means that stores data and a serial number, a value of the serial number being regularly updated each time data is written into the storage means; and generating means for generating first encrypted data using a value based on a sequence number transmitted from the wireless tag and write target data that is target data written into the storage means, wherein the first communication means transmits the first encrypted data and the write target data to the wireless tag; and the wireless tag has: a second communication device that performs proximity communication with the reader/writer; a storage device; and a control device that controls writing of data to a storage device in accordance with a command from the reader/writer, wherein the second communication device transmits a serial number stored in the storage device to the reader/writer and receives first encrypted data and write target data transmitted from the reader/writer, and the control device generates second encrypted data using a value based on the serial number and the write target data received by the second communication device, and writes the write target data received by the second communication device into the storage device and updates the serial number stored in the storage device in a case where the first encrypted data and the second encrypted data match.
A communication method of a communication system according to a third embodiment of the present invention is a communication method of a communication system provided with a reader/writer and a wireless tag that perform proximity communication, wherein the reader/writer has: a first communication means that performs proximity communication with the wireless tag, the wireless tag having a storage means that stores data and a serial number, a value of the serial number being regularly updated each time data is written into the storage means; and generating means for generating first encrypted data using a value based on the sequence number transmitted from the wireless tag and write target data that is target data to be written in the storage means, and the wireless tag has: a second communication device that performs proximity communication with the reader/writer; a storage device; and a control device that controls writing of data to the storage device in accordance with a command from the reader/writer, the method comprising the steps of: transmitting the first encrypted data and the write target data to the wireless tag; transmitting the serial number stored in the storage means to the reader/writer, and receiving first encrypted data and write target data transmitted from the reader/writer; generating second encryption data using a value based on the sequence number and write target data received by the second communication device; and writing the write target data received by the second communication device into the storage device and updating the serial number stored in the storage device, in a case where the first encrypted data and the second encrypted data match.
In the third embodiment of the present invention, the wireless tag transmits the serial number stored in the storage device to the reader/writer, and receives the first encrypted data generated by the reader/writer using the value based on the serial number and the write target data, and the write target data. Further, the wireless tag generates second encrypted data using the value of the serial number and the received write target data, and writes the received write target data into the storage device and updates the serial number stored in the storage device in the case where the first encrypted data and the second encrypted data match.
Here, the communication device may be a stand-alone device or may be an internal block configuring one device.
According to the first to third embodiments of the present invention, with respect to a wireless tag which is a communication device that performs proximity communication with a reader/writer, it is possible to achieve size reduction and cost reduction of the wireless tag while ensuring security.
Drawings
Fig. 1 is a block diagram illustrating a configuration example of a communication system according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating an example of a logical format of a memory component;
FIG. 3 is a diagram depicting the writing of data to a memory component;
FIG. 4 is a diagram depicting a means for memory corruption;
fig. 5 is a diagram illustrating information required for one-side authentication stored in a memory part of a reader/writer and a memory part of a wireless tag;
fig. 6 is a diagram for describing processing of the reader/writer and the wireless tag in the case where the reader/writer performs one-side authentication;
fig. 7 is a diagram for describing processing of the reader/writer and the wireless tag in the case where the reader/writer performs one-side authentication and the wireless tag performs authentication of the reader/writer using the one-side authentication;
fig. 8 is a diagram for describing processing of the reader/writer and the wireless tag in the case where the reader/writer performs one-side authentication and the wireless tag performs authentication of the reader/writer using the one-side authentication; and
fig. 9 is a diagram illustrating another example of a logical format of a memory component.
Detailed Description
Communication system according to an embodiment of the present invention
Fig. 1 is a block diagram illustrating a configuration example of a communication system (the system refers to a logical set of a plurality of devices, regardless of whether each constituent device is in the same housing) according to an embodiment of the present invention.
In fig. 1, a communication system is constituted by a reader/writer 10 and a wireless tag 20.
The reader/writer 10 performs proximity communication with the wireless tag 20 without contact by outputting an RF signal from the antenna 11, and data is stored (written) in (the memory section 24 built in) the wireless tag 20 or data is read out from the wireless tag 20.
That is, the reader/writer 10 has an antenna 11, an RF section 12, a CPU (central processing unit) 13, a memory section 14, and a random number generation section 15.
The antenna 11 is constituted by a resonance circuit formed of, for example, a coil and a capacitor (condenser), and transmits an RF signal from the RF section 12.
The RF section 12 performs proximity communication with the wireless tag 20.
That is, the RF section 12 transmits a command and data to the wireless tag 20 by outputting a modulated signal obtained by modulating a carrier wave as an RF signal according to the command and data from the CPU 13 from the antenna 11.
Further, the RF section 12 outputs a carrier wave as an RF signal from the antenna 11, and the wireless tag receives data or the like transmitted by load modulation of the carrier wave as the RF signal.
The CPU 13 performs control and other processing for each block constituting the reader/writer 10 by executing a program stored in the memory section 14.
The memory section 14 stores programs executed by the CPU 13. In addition, the memory section 14 stores data read from the wireless tag 20, data written in the wireless tag 20, and the like.
The random number generation section 15 generates a random number used in one-side authentication in which there is authentication of whether or not the wireless tag 20 (of the reader/writer 10) is a legitimate device.
When the wireless tag 20 is brought close to the reader/writer 10, the wireless tag 20 starts to operate with the RF signal output from the antenna 11 by the reader/writer 10 as a power source, and performs proximity communication with the reader/writer 10.
In proximity communication, the reader/writer 10 transmits data by modulating an RF signal according to the data, and the wireless tag 20 receives the data transmitted by the reader/writer 10 using the RF signal and writes the data into the built-in memory section 24.
In addition, the wireless tag 20 reads out data stored in the memory section 24 and transmits the data to the reader/writer 10 by load modulation of an RF signal transmitted from the reader/writer 10.
That is, the wireless tag 20 has an antenna 21, an RF section 22, a command sequencer section 23, and a memory section 24.
The antenna 21 receives an RF signal from the reader/writer 10 through a resonant circuit configuration formed of, for example, a coil and a capacitor, and supplies the RF signal to the RF section 22.
The RF section 22 performs proximity communication with the reader/writer 10.
That is, when receiving an RF signal from the reader/writer 10 using the antenna 21, the RF section 22 obtains power as a power source from the RF signal and supplies the power to a necessary block, since the reader/writer 10 and the wireless tag 20 are brought into proximity.
In addition, the RF section 22 demodulates an RF signal from the reader/writer 10 into a command and data, and supplies the command and data to the command sequencer section 23.
Further, the RF section 22 transmits data to the reader/writer 10 by load modulation of the RF signal from the reader/writer 10 in accordance with the data supplied from the command sequencer section 23.
The command sequencer section 23 performs control such as data reading and writing to the memory section 24 by performing sequence control in accordance with a command from the reader/writer 10 supplied from the RF section 22.
That is, in the case where the command from the reader/writer 10 is a write command requesting to write data, the command sequencer section 23 writes data, which is transmitted from the reader/writer 10 together with the write command and supplied from the RF section 22, into the memory section 24.
In addition, in the case where the command from the reader/writer 10 is a read command requesting to read out data, the command sequencer section 23 reads out data from the memory section 24 and supplies the data to the RF section 22.
The memory section 24 is, for example, a nonvolatile memory such as an EEPROM or the like, and stores data under the control (management) of the command sequencer section 23.
Here, as described above, the reader/writer 10 has the random number generating section 15 that generates the random number used in authentication of the wireless tag 20, but the wireless tag does not have a circuit that generates the random number used in authentication of the reader/writer 10.
Therefore, it is possible to reduce the size of the wireless tag 20 and to reduce the cost of the wireless tag 20 to the extent that the wireless tag 20 does not have a circuit for generating random numbers.
Here, since the wireless tag 20 does not have a circuit for generating a random number, the wireless tag 20 cannot authenticate the reader/writer 10 using the random number.
However, in the wireless tag 20, it is not preferable in terms of security that authentication of the reader/writer 10 is not performed at all.
Therefore, the wireless tag 20 restricts access from a fraudulent reader/writer by performing authentication of the reader/writer 10 using an authentication method which may be referred to as simplified, which will be described later, and accordingly, more security than minimum necessary is ensured.
Logical format of the memory component 24
Fig. 2 is a diagram describing a logical format of the memory section 24 of the wireless tag 20 of fig. 1.
A part of the storage area of the memory section 24 is a user block as a storage area that can be allocated to a minimum unit such as commuter tickets, electronic money managed by some service providers, or services such as ticketing for an event.
In the memory section 24, one or more user blocks are provided.
Here, one or more user blocks are allocated for the service, and data for providing the service is stored in the one or more user blocks.
The user block has a number of units of M +1 as a complex number (M is an integer of 1 or more).
Data for providing a service is written into each cell. However, one of the M +1 units configuring the user block functions as a buffer that buffers data written into the user block.
As described above, since one unit configuring the user block functions as a buffer, the user block has a number of units of M +1 as a plurality, which is the total of one unit functioning as a buffer and one or more M units storing data for providing a service.
Here, a unit functioning as a buffer among the M +1 units configuring the user block is hereinafter referred to as a buffer unit, and a unit that is not a buffer unit is a data unit.
In fig. 2, the M +1 th unit among the M +1 units configuring the user block is a buffer unit, and the first to M-th units are data units.
Here, when data writing in the user block is performed, the unit as the buffer unit is changed, but a description thereof will be described later.
The unit has K pages whose number is 1 or more.
A page is a memory area of the smallest unit capable of writing to the memory section 24, and in fig. 2, a page is a memory area having N bits.
Here, in fig. 2, one of the pages of the unit is used as a page (management page) that stores management information for managing the memory area of the memory section 24.
That is, in fig. 2, one predetermined page among the K pages configuring the unit is a management page in which management information for managing the unit is stored.
Thus, in fig. 2, since one or more pages (data pages) storing data and one management page are required in a unit, the number K of pages configuring the unit is a complex number.
Here, in fig. 2, the K-th page of the K pages configuring the unit is a management page. The page as the management page is not changed (similar to the buffer unit) and is a fixed page.
The unit number, the sequence number(s), and the error detection code are written into the management page as unit management information.
The unit number is information that specifies a unit having a management page in which the unit number is written.
The sequence number is a value that is regularly updated each time data is written into the memory section 24, and for example, an output value or the like determined using a table in which there is a value that is incremented or decremented by a predetermined value such as 1 with respect to a previous value, a value determined by calculating a predetermined function with the previous value as a parameter, a link between the input value and the output value can be employed.
In addition, here, a value incremented by 1 each time data is written into the memory section 24 is set to be used as a sequence number, for example.
The error detection code is a code for error detection for detecting an error in data written into a cell, and is, for example, CRC (cyclic redundancy check) or the like.
Control of writing of data to the memory unit 24
Fig. 3 is a diagram describing control of writing of data to the memory section 24 using the command sequencer section 23.
In fig. 3, a user block having a unit in which data is written has M +1 units #1, # 2.
Then, in fig. 3, before data writing (before writing), for example, the M +1 th cell # M +1 of the cells #1 to # M +1 is a buffer cell, and the other 1 st to M-th cells #1 to # M are data cells.
In addition, in fig. 3, the unit number S _ PAD of the data unit # m before writing is the value m.
Here, the unit number S _ PAD is not given to the buffer unit, but in fig. 3 (and in a similar manner in fig. 5 described later), the unit number S _ PAD of the unit # M +1 as the buffer unit is set to 0 as a value indicating the buffer unit for convenience.
In addition, in fig. 3, the unit number SEQ of the data unit #1 before writing is the value X. The diagrammatic representation of the sequence numbers SEQ of the other data units #2 to # M is omitted.
Here, one cell # m is configured by K pages. Here, the first page of the unit #1 of the first unit block is set as the first page, and the unit # m is configured by K pages of (m-1) th K +1 th to mK th pages. Then, the mK-th page, which is the last page of each unit # m, is a management page.
Here, for example, with respect to the reader/writer 10 and the wireless tag 20, a write command requesting data writing to a unit in which the unit number S _ PAD has a value of 1 is set to be transmitted together with data.
In this case, the command sequencer section 23 writes data transmitted together with the write command to the unit # M +1 as a buffer unit in accordance with the write command from the reader/writer 10, and does not write to a target unit of the unit as a target to be written, that is, the unit #1 whose unit number S _ PAD has a value of 1 (the unit having the unit number S _ PAD requested to be written by the write command).
Further, the command sequencer section 23 writes the same unit number S _ PAD-1 as the unit number S _ PAD-1 of the unit #1 as the target unit, the sequence number SEQ updated to the predetermined value Y, and the error detection code to the management page of the unit # M +1 as the buffer unit.
Here, in fig. 3 (and in a similar manner in fig. 4 described later), a diagrammatic representation of the error detection code is omitted.
In addition, in fig. 3, the sequence number SEQ having the value Y written in the management page of the unit # M +1 as the buffer unit is a value X +1 updated by incrementing the sequence number SEQ ═ X written in the management page of the unit #1 as the target unit by only 1.
As described above, by writing the unit number S _ PAD whose value is 1, the sequence number SEQ updated to the predetermined value Y, and the error detection code into the management page of the unit # M +1 as a buffer unit, the unit # M +1 becomes a data unit whose unit number S _ PAD has the value 1 and is not a buffer unit.
As a result, at this point in time, the unit having the unit number S _ PAD of the value 1 becomes two units of the unit #1 and the unit # M + 1.
Here, the sequence number SEQ ═ Y of the unit # M +1 becomes a value updated from the sequence number SEQ ═ X of the unit #1, that is, a value X +1 in which the sequence number SEQ ═ X has been updated.
Thus, with respect to two units of the unit #1 and the unit # M +1 whose unit numbers S _ PAD have a value of 1, it is possible to distinguish between the unit # M +1 to which the last data has been written and the unit #1 to which data has been previously written (a unit storing data written immediately before the last data among data written in the unit whose unit numbers S _ PAD have a value of 1) by referring to the sequence number SEQ.
Here, in the case where there are two units having the same unit number S _ PAD, of the two units, the unit in which the last data is written (the unit having the larger sequence number in this embodiment) is referred to as a new unit, and the unit in which data is written in the past (the unit having the smaller sequence number in this embodiment) is referred to as an old unit.
After that, the command sequencer section 23 erases the management page of the older unit of the two units of the unit #1 and the unit # M +1 having the value 1, that is, the unit #1 as the target unit, and completes the write processing of writing data into the memory section 24 having the unit #1 as the new buffer unit by in the erased state.
Here, as described above, the unit number S _ PAD is not given to the buffer unit, but in fig. 3, the unit number S _ PAD of the unit #1 as a new buffer unit is set to a value 0 indicating the buffer unit.
As described above, the command sequencer section 23 writes data into the unit # M +1 as a buffer unit in accordance with a write command from the reader/writer 10, the unit number S _ PAD of the unit #1 as a target unit is written as the unit number of the buffer unit, and data writing to the unit # M +1 as a result of the unit #1 being set as a new buffer unit and the unit number S _ PAD of the target unit being a value 1 is performed.
As a result, in the memory section 24, regarding the data stored in the unit whose unit number S _ PAD is a value of 1, since the last data (data written into the unit # M +1 in fig. 3) is written while the immediately preceding (previous) data (data written into the unit #1 in fig. 3) is left as it is, it is possible to cope with a case where the data stored in the memory section 24 does not coincide due to memory corruption, that is, separation of the wireless tag 20 from the reader/writer 10 during, for example, access to the memory section 24 or the like.
Fig. 4 is a diagram describing a means for memory corruption.
In fig. 4, before writing, in the same manner as the case of fig. 3, the M +1 th cell # M +1 is a buffer cell, and the first to M-th cells #1 to # M are data cells.
In addition, before writing, the unit number S _ PAD of the data unit # M is a value M, and the unit number S _ PAD of the unit # M +1 as a buffer unit is a value 0 indicating the buffer unit.
Here, for example, in the same manner as in fig. 3, with respect to the wireless tag 20 from the reader/writer 10, a write command requesting data writing to a target unit as a unit whose unit number S _ PAD has a value of 1 is set to be transmitted together with data.
In this case, as described in fig. 3, the command sequencer section 23 writes data transmitted together with the write command into the unit # M +1 (unit whose unit number S _ PAD is a value 0) as a buffer unit in accordance with the write command from the reader/writer 10.
Further, as shown in fig. 3, the command sequencer section 23 writes the same unit number S _ PAD 1 as the unit number S _ PAD 1 of the unit #1 as the target unit, the sequence number SEQ having the value Y _ X +1 in which the sequence number SEQ of the unit #1 as the target unit has been updated, and the error detection code to the management page of the unit # M +1 as the buffer unit, and after that, erases the management page of the unit #1 as the target unit, and completes the write processing by writing data in the erased state into the memory section 24 having the unit #1 as the new buffer unit.
Here, during the writing process, that is, for example, during the unit number S _ PAD is 1, the sequence number SEQ in which the predetermined value Y has been updated, and the error detection code are being written into the management page of the unit #1 as the buffer unit, the wireless tag 20 is separated from the reader/writer 10, and the required power is not supplied to the wireless tag 20 (power supply is off).
In this case, next, when power is supplied and activated due to bringing the reader/writer 10 and the wireless tag 20 close (next activation), the command sequencer section 23 restores the stored contents of the memory section 24.
That is, for example, when the power supply is turned off after at least the unit number S _ PAD 1 and the sequence number SEQ having the predetermined value Y among the unit number S _ PAD 1, the sequence number SEQ in which the predetermined value Y has been updated, and the error detection code are written into the management page of the unit # M +1 as the buffer unit, there are two units of the unit #1 and the unit # M +1 whose unit numbers S _ PAD are the same, that is, whose values are 1.
As described in the figure, with respect to two units of the unit #1 and the unit # M +1 whose unit numbers S _ PAD have a value of 1, it is possible to distinguish between the unit (new unit) #1M +1 to which the last data has been written and the unit (old unit) #1 to which data has been written in the past by referring to the sequence numbers SEQ.
At the next activation, the command sequencer section 23 performs error detection using CRC as an error detection code of the management page of the unit # M +1 which is a new unit, and in the case where no error is detected (in the case where the error detection code is normal), as the data writing to the unit # M +1 which is a new unit has been completed normally, the management page of the unit #1 which is an old unit is erased, and the unit #1 is set as a buffer unit by being in an erased state (the unit number S _ PAD is set to a value 0 indicating a buffer unit in fig. 4).
Then, after that, as described in fig. 3, new data writing into the buffer unit is performed.
On the other hand, in the case where an error is detected as error detection using a CRC as an error detection code of the management page of the unit # M +1 that is a new unit (in the case where there is an error in the error detection code), the command sequencer section 23 returns the state of the memory section 24 to, for example, the previous state proceeding to data writing in the unit # M +1 that is a new unit, as data writing to the unit # M +1 that is a new unit has not been completed normally.
That is, the command sequencer section 23 erases the management page of the unit # M +1 as a new unit, and by being in the erased state (the unit number S _ PAD is set to the value 0 indicating the buffer unit in fig. 4), the unit # M +1 is set as the buffer unit.
Then, after that, as described in fig. 3, writing of new data into the buffer unit is performed.
One-sided authentication
Fig. 5 is a diagram for describing one-side verification.
Here, as described in fig. 1, the reader/writer 10 has the random number generating section 15 that generates the random number used in authentication of the wireless tag 20, but the wireless tag 20 does not have a circuit that generates the random number used in authentication of the reader/writer 20.
Therefore, the reader/writer 10 having the random number generation section 15 performs one-side authentication in which the wireless tag 20 is authenticated by a so-called challenge (challenge) and response method using the random number generated by the random number generation section 15.
As a result, the memory section 14 of the reader/writer 10 and the memory section 24 of the wireless tag 20 store information necessary for one-side authentication.
Fig. 5 is a diagram illustrating information necessary for one-side authentication stored in the memory part 14 of the reader/writer 10 and the memory part 24 of the wireless tag 20.
A unique key KG, which is a key unique to a service provided by the reader/writer 10, is stored in the memory section 14 of the reader/writer 10.
On the other hand, an individual ID (UID), which is an ID of the unique ID, is stored in the memory section 24 of the wireless tag 20 as discrimination information for discriminating the wireless tag 20.
Further, an individual key UCK, which is a key unique to the wireless tag 20, is stored in the memory section 24 of the wireless tag 20.
The individual key UCK is generated using the individual ID and the unique key KG. That is, the individual key UCK is generated by subjecting the individual ID to processing corresponding to the unique key KG (e.g., encryption of the individual ID using the unique key KG).
Thus, when the process corresponding to the unique key KG is defined by { }KGWhen indicated, the individual key UCK is given by the equation UCK ═ { UID }KGAnd (4) indicating.
Here, in the case where the wireless tag 20 is used in a plurality of services, only the number of individual keys UCK of the plurality of services is stored in the memory part 24 of the wireless tag 20.
Hereinafter, for the sake of simplifying the description, there is only one user block in the memory part 24 of the wireless tag 20, and thus, there is only one service capable of using the wireless tag 20.
Fig. 6 is a diagram describing processing of the reader/writer 10 and the wireless tag 20 in the case where the reader/writer 10 performs one-side authentication in which the reader/writer 10 authenticates the wireless tag 20 and the wireless tag 20 does not perform authentication of the reader/writer 10.
For example, when proximity communication between the reader/writer 10 and the wireless tag 20 is started in a state where the reader/writer 10 and the wireless tag 20 are brought close by holding the wireless tag 20 over the reader/writer 10.
Then, in step S11, the random number generating section 15 of the reader/writer 10 generates a random number R and supplies the random number R to the RF section 12.
In step S12, the RF section 12 transmits the random number R from the random number generation section 15 to the wireless tag 20 via the antenna 11, and the RF section 22 of the wireless tag 20 receives the random number R from the RF section 12 of the reader/writer 10 via the antenna 21 and supplies the random number R to the command sequencer section 23.
At step S21, the command sequencer section 23 generates a session key KS for use in a session between the reader/writer 10 and the wireless tag 20 using the random number from the RF section 22 and the individual key UCK stored in the memory section 24.
That is, the command sequencer section 23 generates the session key KS ═ { R }by performing processing corresponding to the individual key UCK on the random number RUCK
After that, in step S22, the command sequencer section 23 sends a response notifying that the random number R has been received from the RF section 22 to the reader/writer 10 by controlling the RF section 22.
The RF section 12 of the reader/writer 10 receives a response from (the RF section 22 of) the wireless tag 20. Then, at step S13, the CPU 13 of the reader/writer 10 transmits a read command requesting the individual ID of the wireless tag 20 to be UID and, for example, a MAC (message authentication code) value as encrypted data of the individual ID for verifying the legitimacy of the individual ID to the wireless tag 20 by controlling the RF section 12.
In the wireless tag 20, the RF section 22 receives a read command from (the RF section 12 of) the reader/writer 10 and supplies the read command to the command sequencer section 23.
In step S23, the command sequencer section 23 reads out the individual ID UID from the memory section 24 in accordance with the read command from the RF section 22, and generates the MAC value T MAC (KS, UID) as encrypted data of the individual ID (third encrypted data) using the individual ID and the session key KS generated immediately before.
Then, the command sequencer section 23 supplies the individual ID UID and the MAC value T generated using the individual ID to the RF section 22.
In step S24, the RF section 22 transmits the individual ID UID and the MAC value T from the command sequencer section 23 to the reader/writer 10.
Here, as a method of generating the MAC value T ═ MAC (KS, UID) using the individual ID ═ UID and the session key KS, a method of encrypting the individual ID ═ UID with a predetermined encryption format such as DES (data encryption standard) using the session key KS, a method of calculating a predetermined hash function using the individual ID ═ UID and the session key KS, or the like can be employed.
Here, since it is sufficient if the MAC value T can verify (in this case, the individual ID — UID) that the message has not been tampered with, it is not necessary to be able to decrypt the original information (the individual ID — UID and the session key KS).
Thus, for example, a one-way function can be used in the generation of the MAC value T.
The RF section 12 of the reader/writer 10 receives the individual ID UID and the MAC value T from (the RF section 22 of) the wireless tag 20, and supplies the individual ID UID and the MAC value T to the CPU 13.
In step S14, the CPU 13 reads out the unique key KG from the memory section 14, and generates the individual key UCK { UID } of the wireless tag 20 using the unique key KG and the individual ID UID from the RF section 12KG
Then, in step S15, the CPU 13 generates a session key KS ═ { R }in the same manner as the wireless tag 20, using the individual key UCK and the random number R generated immediately before by the random number generation section 15UCK
After that, at step S16, the CPU 13 generates a MAC value T' ═ MAC (KS, UID) as encrypted data (fourth encrypted data) of the individual ID ═ UID using the session key KS and the individual ID ═ UID from the RF section 12 in the same manner as the wireless tag 20.
Then, in step S17, the CPU 13 compares the MAC value T' generated as above with the MAC value T from the RF section 12.
As a result of the comparison of the MAC values T 'and T, in the case where the MAC values T' and T are not equal, the CPU 13 performs predetermined error processing (for example, processing of displaying on a display (not shown) that authentication has failed) that has failed based on the authentication of the wireless tag 20, and the processing ends.
Thus, in the case where the authentication has failed, the reader/writer 10 does not perform access to the wireless tag 20.
On the other hand, when the MAC value T' is equal to T, the CPU 13 writes data to the wireless tag 20 as necessary in the following manner based on the authentication of the wireless tag 20 having succeeded.
As described above, the reader/writer 10 uses a random number, and in the case of performing one-side authentication, it is possible to prevent a legitimate reader/writer 10 from accessing a fraudulent wireless tag.
However, access to a legitimate wireless tag 20 by a fraudulent reader/writer cannot be prevented by performing only one-side authentication by the reader/writer 10.
Therefore, the wireless tag 20 performs authentication of the reader/writer 20 by a simplified authentication method using one-sided authentication performed by the reader/writer 10.
Authentication of reader/writer 10 by wireless tag 20
Fig. 7 is a diagram describing processing of the reader/writer 10 and the wireless tag 20 in a case where the reader/writer 10 performs one-side authentication for the wireless tag 20 and the wireless tag 20 performs authentication for the reader/writer 10 using the one-side authentication.
For example, when in a state where the reader/writer 10 and the wireless tag 20 are brought close by holding the wireless tag 20 above the reader/writer 10, proximity communication between the reader/writer 10 and the wireless tag 20 is started.
Then, in step S51, the random number generating section 15 of the reader/writer 10 generates a random number R and supplies the random number R to the RF section 12.
In step S52, the RF section 12 transmits the random number R from the random number generation section 15 to the wireless tag 20, and the RF section 22 of the wireless tag 20 receives the random number R from the RF section 12 of the reader/writer 10 and supplies the random number R to the command sequencer section 23.
At step S71, the command sequencer section 23 generates the session key KS using the random number R from the RF section 22 and the individual key UCK stored in the memory section 24.
After that, in step S72, the command sequencer section 23 sends a response notifying that the random number R has been received from the RF section 23 to the reader/writer 10 by controlling the RF section 22.
The RF section 12 of the reader/writer 10 receives a response from (the RF section 22 of) the wireless tag 20. Then, at step S53, the CPU 13 of the reader/writer 10 transmits a read command requesting (reading of) the individual ID of the wireless tag 20, the MAC value for checking the validity of the individual ID, and the serial number SEQ to the wireless tag 20 by controlling the RF section 12.
Here, the logical format of the memory section 24 is as shown in fig. 2, and there is a management page storing the management information of each unit, so that, in the case where there is a sequence number SEQ included in the management information of each unit, the sequence number SEQ requested by the CPU 13 using the read command is the sequence number SEQ of the target unit to which data writing is performed at step S53.
In the wireless tag 20, the RF section 22 receives a read command from (the RF section 12 of) the reader/writer 10 and supplies the read command to the command sequencer section 23.
In step S73, the command sequencer section 23 reads out the individual ID UID and the serial number SEQ of the target unit from the memory section 24 in accordance with the read command from the RF section 22.
Further, at step S73, the command sequencer section 23 generates the MAC value T ═ MAC (KS, UID) as encrypted data (third encrypted data) of the individual ID ═ UID using the individual ID read out from the memory section 24 and the session key KS generated immediately before.
Then, the command sequencer section 23 supplies the individual ID ═ UID, the serial number SEQ ═ X, and the MAC value T to the RF section 22.
In step S74, the RF section 22 transmits the individual ID and the serial number SEQ and the MAC value T from the command sequencer section 23 to the reader/writer 10.
The RF section 12 of the reader/writer 10 receives the individual ID UID, the serial number SEQ ═ X, and the MAC value T from (the RF section 22 of) the wireless tag 20, and supplies the individual ID UID, the serial number SEQ ═ X, and the MAC value T to the CPU 13.
At step S54, the CPU 13 reads out the unique key KG from the memory section 14 and generates the individual key UCK { UID } of the wireless tag 20 using the unique key KG and the individual ID UID from the RF section 12KG
Then, at step S55, the CPU 13 generates a session key KS ═ { R }in the same manner as the wireless tag 20, using the individual key UCK and the random number R generated by the random number generation section 15 immediately beforeUCK
After that, in step S56, the CPU 13 generates a MAC value T' ═ MAC (KS, UID) as encrypted data (fourth encrypted data) of the individual ID ═ UID using the session key KS and the individual ID ═ UID from the RF section 12.
Then, in step S57, the CPU 13 compares the MAC value T' generated as above with the MAC value T from the RF section 12.
As a result of the comparison of the MAC values T 'and T, in the case where the MAC values T' and T are not equal, the CPU 13 performs predetermined error processing based on that the authentication of the wireless tag 20 has failed, and the processing ends.
Thus, in the case where the authentication has failed, the reader/writer 10 does not perform access to the wireless tag 20.
On the other hand, in the case where the MAC value T' is equal to T, the CPU 13 generates, for example, a MAC value W as encrypted data used in authentication of the reader/writer 10 by the wireless tag 20, based on the authentication of the wireless tag 20 having succeeded.
That is, the CPU 13 generates, for example, a MAC value W as encrypted data (first encrypted data) based on the value of the sequence number SEQ ═ X and the write target data D, using the value based on the sequence number SEQ ═ X from the wireless tag 20 and the write target data D as the target data written into the target unit.
Specifically, the CPU 13 generates, for example, the session key KS, the unit number S _ PAD ═ m of the target unit, the sequence number SEQ ═ X from the wireless tag 20, and the MAC value W ═ MAC of the write target data D (KS, S _ PAD ═ m, SEQ ═ X, D), as encrypted data based on the value of the sequence number SEQ ═ X and the write target data D.
Then, the CPU 13 supplies a write command requesting writing of the write target data D, the unit number S _ PAD ═ m of the target unit, and the MAC value W ═ MAC (KS, S _ PAD ═ m, SEQ ═ X, D) to the RF section 12.
In step S59, the RF section 12 of the reader/writer 10 transmits a write command from the CPU 13, the write target data D, the unit number S _ PAD ═ m of the target unit, and the MAC value W to the wireless tag 20.
In the wireless tag 20, a write command from (the RF section 12 of) the reader/writer 10, write target data D, a unit number S _ PAD ═ m of a target unit, and a MAC value W are received by the RF section 22 and supplied to the command sequencer section 23.
In step S75, the command sequencer section 23 generates the MAC value W' using the value based on the sequence number SEQ ═ X sent immediately before to the reader/writer 10 and the write target data D received by the RF section 22 as the encrypted data (second encrypted data) based on the value of the sequence number SEQ ═ X and the write target data D received by the RF section 22.
That is, the command sequencer section 23 generates, as encrypted data based on a value of the sequence number SEQ ═ X and the write target data D, the session key KS generated immediately before, the unit number S _ PAD ═ m of the target unit, the sequence number SEQ ═ X transmitted immediately before to the reader/writer 10, and the MAC value W ═ MAC (KS, S _ PAD ═ m, SEQ ═ X, D) of the write target data D received by the RF section 22.
Then, at step S76, the command sequencer section 23 compares the MAC value W' generated as above with the MAC value W from the RF section 22.
As a result of the comparison of the MAC values W 'and W, in the case where the MAC values W' and W are not equal, the command sequencer section 23 ends the processing based on the authentication of the reader/writer 10 having failed.
Thus, in this case, the wireless tag 20 does not perform writing of the write target data D from the reader/writer 10, and does not respond to an access from the reader/writer 10 after that.
On the other hand, in the case where the MAC value W' is equal to W, based on the authentication of the reader/writer 10 having succeeded, the command sequencer section 23 of the wireless tag 20 writes (as) the write target data D received by the RF section 22 (i.e., the write target data D transmitted from the reader/writer 10) into (a buffer unit of) the target unit at step S77.
After that, in step S78, the command sequencer section 23 performs a process of updating the management information (i.e., the unit number S _ PAD as the management information of the target unit) and the sequence number SEQ ═ X of the management page (as (the buffer unit of) the target unit, and calculating the error detection code.
Then, at step S79, the command sequencer section 23 sends a response notifying that the writing has been completed from the RF section 22 to the reader/writer 10 by controlling the RF section 22.
The RF section 12 of the reader/writer 10 receives a response from (the RF section 22 of) the wireless tag 20.
As described above, the RF section 22 of the wireless tag 20 transmits the sequence number SEQ ═ X to the reader/writer 10, and the CPU 13 of the reader/writer 10 generates the MAC value W ═ MAC (KS, S _ PAD ═ m, SEQ ═ X, D) (first encrypted data) using the value based on the sequence number SEQ transmitted from the wireless tag 20 and the write target data D written into the memory section 24 of the wireless tag 20.
Further, the RF section 12 of the reader/writer 10 transmits the MAC value W and the write target data D to the wireless tag 20, and the RF section 22 of the wireless tag 20 receives the MAC value W and the write target data D.
In addition, the command sequencer section 23 of the wireless tag 20 generates a MAC value W ═ MAC (KS, S _ PAD ═ m, SEQ ═ X, D) (second encrypted data) using a value based on the sequence number SEQ (transmitted to the reader/writer 10) and the write target data D received by the RF section 22.
Then, the command sequencer section 23 of the wireless tag 20 writes the write target data D received by the RF section 22 into (the target unit of) the memory section 24 only when the MAC values W' and W match, and updates the sequence number SEQ (in the target unit) stored in the memory section 24.
Thus, the wireless tag 20 can perform authentication as to whether or not the reader/writer 10 is a legitimate device by comparing the MAC values W' and W, and further, in the case where the authentication is successful, can write the write target data D into the memory section 24.
As a result, with the wireless tag 20, security, that is, prevention of a fraudulent reader/writer from fraudulently rewriting data in the memory section 24 can be ensured.
In addition, the time required for the reader/writer 10 to write data into the wireless tag 20 (the time from when the reader/writer 10 and the wireless tag 20 start proximity communication until the write target data D is written into the memory section 24) can be shortened as compared with the case of performing mutual authentication.
That is, in the case of performing mutual authentication between the reader/writer 10 and the wireless tag 20, mutual authentication requiring two transaction transactions (transactions) is performed: the reader/writer 10 performs a transaction for authentication of the wireless tag 20 and a transaction for authentication of the reader/writer 10 by the wireless tag 20, and after mutual authentication is successful, the write target data D is transmitted from the reader/writer 10 to the wireless tag 20 and written into the memory section 24 of the wireless tag 20.
On the other hand, as shown in fig. 7, in the case where the reader/writer 10 performs authentication of the wireless tag 20 using one-sided authentication and the wireless tag 20 performs authentication of the reader/writer 10 by a simplified authentication method using one-sided authentication (authentication between the reader/writer 10 and the wireless tag 20 in this way is hereinafter referred to as simplified authentication), after the reader/writer 10 performs one-sided authentication, the write target data D and the MAC value W are transmitted from the reader/writer 10 to the wireless tag 20.
Then, in the wireless tag 20, verification of the sequence number SEQ used in the generation of the MAC value W and the write target data D (comparison of the MAC values W and W ') is performed using the MAC value W, and if there is no problem with the sequence number SEQ and the write target data D (if the MAC values W and W' match), the write target data D is written into the memory section 24 based on that the write target data D has not been tampered with and that the verification of the reader/writer 10 is successful.
Thus, since the write target data D is transmitted from the reader/writer 10 to the wireless tag 20 as data used in authentication of the reader/writer 10 by the wireless tag 20 (and verification of the write target data D), the write target data D does not need to be transmitted from the reader/writer 10 to the wireless tag 20 after authentication of the reader/writer 10 by the wireless tag 20 is successful.
In this way, in the simplified authentication, the time required for the reader/writer 10 to write data into the wireless tag 20 can be shortened as compared with the case where the write target data D is transmitted from the reader/writer 10 to the wireless tag 20 after the mutual authentication succeeds.
In addition, since the sequence number SEQ used in the generation of the MAC values W and W 'regularly updates the values each time data is written into the memory section 24 of the wireless tag 20, even if there is wiretapping of the MAC value W transmitted from the reader/writer 10 to the wireless tag 20 and replay attack (replay attack) on the wireless tag 20 is performed using the MAC value W, the MAC value W used in the replay attack does not match the MAC value W' generated using the sequence number SEQ after update in the wireless tag 20.
Thus, replay attacks can be prevented.
In addition, in fig. 7 (and in the same manner as in fig. 8 described later), the session key KS, the unit number S _ PAD ═ m of the target unit, the sequence number SEQ ═ X, and the write target data D are used in the generation of the MAC values W and W ', but the MAC values W and W' can be generated using the session key KS, the sequence number SEQ ═ X, and the write target data D without using the unit number S _ PAD ═ m of the target unit.
However, also using the unit number S _ PAD ═ m of the target unit, by generating the MAC values W and W', it is possible to prevent tampering from outside with the unit number S _ PAD ═ m, i.e., fraudulent changes of the write-destination unit to which the write target data D is written.
Fig. 8 is a diagram describing another process of the reader/writer 10 and simplified authentication by the wireless tag 20.
In the process of simplified verification of fig. 7, the sequence number SEQ ═ X itself is used as the value based on the sequence number SEQ used in the generation of the MAC values W and W ', but, as the value based on the sequence number SEQ used in the generation of the MAC values W and W', in addition, the sequence number SEQ ═ X +1 after update can be employed.
However, in the case where the MAC values W and W' are generated using the updated sequence number SEQ ═ X +1, it is necessary to carry out an update rule of the sequence number SEQ in which the value is regularly updated each time data is written into the memory section 24 (an update rule that causes the reader/writer 10 to recognize the sequence number SEQ) in the reader/writer 10.
In fig. 8, in steps S101 to S109, the reader/writer 10 performs processing in the same manner as each of steps S51 to S59 in fig. 7, and in steps S121 to S129, the wireless tag 20 performs processing in the same manner as each of steps S71 to S79 in fig. 7.
However, in step S108 corresponding to step S58 in fig. 7, the reader/writer 10 determines an updated sequence number SEQ ═ X +1 in which the sequence number SEQ ═ X from the wireless tag 20 is updated, and generates a MAC value W ═ MAC (KS, S _ PAD ═ m, SEQ ═ X +1, D) using the updated sequence number SEQ ═ X +1 in place of the sequence number SEQ ═ X itself.
In addition, in step S125 corresponding to step S75 in fig. 7, the wireless tag 20 determines an updated sequence number SEQ ═ X +1 in which the sequence number SEQ ═ X of the target unit is updated, and generates a MAC value W ═ MAC (KS, S _ PAD ═ m, SEQ ═ X +1, D) using the updated sequence number SEQ ═ X +1 in place of the sequence number SEQ ═ X itself.
As described above, in the case where the MAC values W and W ' are generated using the updated sequence number SEQ ═ X +1, even if there is eavesdropping of the sequence number SEQ ═ X, since the MAC value W matching the MAC value W ' generated in the wireless tag 20 cannot be generated if the update rule of the sequence number SEQ is not known, the security can be improved more than in the case where the MAC values W and W ' are generated using the sequence number SEQ itself.
Another embodiment of the logical format of the memory component 24
Fig. 9 is a diagram describing another embodiment of the logical format of the memory section 24 of the wireless tag 20 of fig. 1.
The logical format of fig. 9 has: as in the case of fig. 2, one component of the memory area of the memory component 24 is one or more user blocks allocated to the service.
However, the logical format of fig. 9 differs from the case of fig. 2 in that: another part of the memory area of the memory part 24 is a management block that stores management information, which is stored in a page (management page) in the case of fig. 2.
Here, in fig. 2, the unit is configured by a plurality of pages because it is necessary to have one or more pages (data pages) storing data and one management page in the unit, and in fig. 9, because management information is stored in a management block and management pages are not required, it is possible to configure the unit by one or more pages.
In fig. 9, the cells are configured by one page.
Thus, in fig. 9, the cell is equivalent to a page.
In addition, in fig. 9, data and CRC as an error detection code of the data are stored in units of a user block (which is equivalent to a page).
The management block is configured by, for example, M' units (or pages in fig. 9) in a number twice the number of user blocks.
Thus, the memory section 24 is set to have one user block and the management block has two units.
The management information of each user block is stored in the management block. The management information of one user block is stored in two units of the management block.
Here, the two units of the management block storing the management information of one user block are two units of the management block corresponding to the user block.
Here, a certain user block is focused, and in each of two units (pages) of a management block corresponding to the certain user block focused, a unit number S _ PAD of M +1 units configuring the certain user block, one sequence number, and a CRC as an error detection code (of the unit number S _ PAD of the M +1 units and the one sequence number) are stored as management information of the certain user block.
In this case, in the two units of the management block corresponding to the certain user block, every time data is written in the certain user block, the management information of the certain user block is alternately written after the data is written.
Thus, in one of the two units of the management block corresponding to the certain user block, the latest management information of the certain user block is stored, and in the other unit, the management information immediately before the latest management information is written is stored.
As described above, a means for memory corruption is possible because the latest management information of a certain user block and the management information written immediately before the latest management information are stored by alternately writing the management information of the certain user block into two units of the management block corresponding to the certain user block each time data is written into the certain user block.
Here, the memory area storing the unit number S _ PAD of M +1 units in each of the two units (pages) of the management block corresponding to the certain user block is divided into M +1 memory areas (hereinafter referred to as unit number areas) storing information (hereinafter referred to as unit number specifying information) for specifying the unit number S _ PAD configuring the M +1 units of the certain user block.
Then, the value M is taken as the unit number designation information of the M-th unit among the M +1 units #1 to # M +1 configuring a certain user block, and the unit number designation information # M of the unit # M whose unit number S _ PAD is the value i is stored in the i-th unit number area from the front among the M +1 unit number areas.
Thus, in the case where the unit number designation information # M is stored in the i-th unit number area from the front among the M +1 unit number areas, the unit number S _ PAD of the M-th unit # M is the value i among the M +1 units #1 to # M +1 configuring a certain user block.
As described above, in fig. 9, since the unit number S _ PAD of the unit # m is specified as the value i by the unit number specifying information # m of the unit # m written in the i-th unit number area, in practice (equivalently), the unit number S _ PAD # i of the unit # m can be included in the management information.
Here, in fig. 9, as described above, since one sequence number SEQ is included in the management information of a certain user block, the sequence number SEQ is updated even when data is written in any unit of the certain user block.
That is, in fig. 2, since management information of each unit exists and one sequence number SEQ is included in the management information, the sequence number SEQ included in the management information of a given unit is updated every time data is written in the given unit.
On the other hand, in fig. 9, since management information of each user block exists and one sequence number SEQ is included in the management information, even if data is written in any unit of the user block, the sequence number SEQ included in the management information of a given unit block is updated (updated each time data is written in the user block).
Here, only one sequence number SEQ can be provided with respect to the memory component 24. In this case, even if data is written to any unit of any user block of the memory section 24, the sequence number SEQ, which is provided with only one with respect to the memory section 24, is updated.
In the case where the memory section 24 has the logical format of fig. 9, the command sequencer section 23 performs control of writing of data to the memory section 24 in the same manner as in the case of fig. 2.
That is, for example, immediately before data writing (before writing), of M +1 units #1 to # M +1 of a certain user block, for example, the M +1 th unit # M +1 is a buffer unit and the 1 st to M th units #1 to # M are data units.
In addition, the unit number S _ PAD of the data unit # m is set to a value m, and the sequence number SEQ (included in the management information) of the certain user block is set to a value X.
Then, here, for example, a write command requesting data writing to a unit whose unit number S _ PAD (of the certain user block) is a value of 1 is transmitted from the reader/writer 10 to the wireless tag 20 together with the data.
In this case, the command sequencer section 23 writes data transmitted together with the write command in the unit # M +1 as a buffer unit and not in the target unit as the unit targeted for writing, that is, the unit #1 whose unit number S _ PAD has a value of 1 (the unit with the unit number S _ PAD which is requested to be written by the write command) according to the write command from the reader/writer 10.
After that, the command sequencer section 23 updates the management information of the certain user block.
That is, as the management information of a certain user block, the latest management information (hereinafter referred to as the latest management information) and the management information immediately before the latest management information is written (hereinafter referred to as the previous management information) are stored in the memory section 24, as described above.
Here, the management information C # t is set to be stored in the memory section 24 as the latest management information of a certain user block, and the management information C # t-1 is set to be stored in the memory section 24 as the previous management information of a certain user block.
The command sequencer section 23 updates the management information C # t such that the unit number S _ PAD of the unit # M +1 as the buffer unit is set to the same unit number S _ PAD as 1 as the unit number S _ PAD of the unit #1 as the target unit, and the unit number S _ PAD of the unit #1 set as the new buffer unit is set to a value 0 indicating the buffer unit.
Further, the command sequencer section 23 updates the sequence number SEQ including the management information C # t and calculates a new error detection code.
Then, when the management information obtained as a result of the above is set to indicate the management information C # t +1, the command sequencer section 23 writes the management information C # t +1, which is the previous management information of the memory section 24, in a format in which the management information C # t-1 is rewritten as the management information of the certain user block.
As a result, the management information C # t +1 becomes the latest management information of the certain user block, and the management information C # t becomes the previous management information of the certain user block.
Here, the embodiments of the present invention are not limited to the above-described embodiments, and various modifications are possible within a scope not departing from the concept of the present invention.
That is, for example, in each embodiment, an EEPROM is employed as the memory section 24 which is a nonvolatile memory, but a nonvolatile memory such as an FeRAM (ferroelectric random access memory) other than an EEPROM can be employed as the memory section 24.
In addition, in the embodiments, a buffer unit other than the data unit is provided in the memory section 24, but the buffer unit may not be provided. However, without providing a buffer unit, it is difficult to have a means for memory corruption.
Here, in the mutual authentication according to the symmetric cryptographic algorithm, the reader/writer transmits a dedicated authentication command that is a dedicated command for performing processing such as causing the wireless tag to generate a random number and transmitting encrypted data in which the random number is encrypted to the reader/writer.
Thus, the wireless tag is required to translate such a dedicated command.
In addition, in the case of performing mutual authentication according to a symmetric cryptographic algorithm, data is encrypted using an encryption key generated by using a random number and exchanged between the reader/writer and the wireless tag after the mutual authentication in order to prevent eavesdropping.
Since there is also decryption of data in the case where data is encrypted and exchanged, it is necessary to have a separate command in the case where data is exchanged (in plain text) without decryption.
That is, in the case where data is encrypted and exchanged, a dedicated encrypted read command and write command for data exchange for data decryption and a normal read command and write command for data exchange for data non-decryption are required.
In this regard, since data is exchanged between the reader/writer 10 and the wireless tag 20 in plain text without mutual authentication according to a symmetric cryptographic algorithm, a dedicated authentication command and a dedicated encrypted read command and write command are not required.
Thereby, the number of commands to be interpreted by the wireless tag 20 can be reduced, and as a result, as the command sequencer section 23 of the wireless tag 20, a PLC (programmable logic controller) can be employed without employing a high-level processor such as a CPU.
This application contains subject matter related to the subject matter disclosed in japanese priority patent application JP 2010-133180 filed at 10.2010 at the japanese patent office, the entire contents of which are incorporated herein by reference.
It should be understood by those skilled in the art that various modifications, combinations, partial combinations and alterations may occur depending on design requirements and other factors as long as they are within the scope of the appended claims or their equivalents.

Claims (17)

1. A communication device, comprising:
a communication device that performs proximity communication with the reader/writer;
a storage device that stores data and a serial number, a value of which is regularly updated each time data is written to the storage device; and
a control device that controls writing of data to the storage device in accordance with a command from the reader/writer,
wherein the communication means transmits the serial number stored in the storage means to the reader/writer, and receives first encrypted data and write target data as target data written into the storage means from the reader/writer, the first encrypted data being generated by the reader/writer using a value based on the serial number and the write target data, and
the control means generates second encrypted data using the value based on the sequence number and the write target data received by the communication means, and writes the write target data received by the communication means into the storage means and updates the sequence number stored in the storage means in the case where the first encrypted data and the second encrypted data match.
2. The communication device according to claim 1, wherein,
wherein the sequence number based value is a sequence number itself or an updated sequence number.
3. The communication device according to claim 1, wherein,
wherein the reader/writer generates a random number and transmits the random number to the communication device,
the communication means receives a random number transmitted from the reader/writer,
the control means generates a session key used in a session with the reader/writer using an individual key unique to the communication device generated by using discrimination information that discriminates the communication device and a random number received by the communication means, and generates third encrypted data using the discrimination information and the session key,
the communication means transmits the discrimination information and the third encrypted data to the reader/writer, and
the reader/writer generates the individual key using the discrimination information transmitted from the communication apparatus, generates the session key using the individual key and the random number, generates fourth encrypted data using the discrimination information transmitted from the communication apparatus and the session key, performs one-side authentication for authenticating the communication apparatus by comparing the third encrypted data and the fourth encrypted data, and transmits the first encrypted data and the write target data to the communication apparatus if the one-side authentication is successful.
4. The communication device according to claim 1, wherein,
wherein only one serial number is provided in the storage means.
5. The communication device according to claim 1, wherein,
wherein a part of the storage area of the storage device is a user block which is a storage area capable of being allocated to a minimum unit of a service,
the user block has a plurality of cells,
the unit has one or more pages that are pages of a memory region of a predetermined unit in which writing is performed,
configuring one of the plurality of units of the user block as a buffer unit functioning as a buffer that buffers data written into the user block,
the storage device stores management information for managing a storage area of the storage device,
the management information includes a unit number specifying a unit, an
The control means performs writing of data to a target unit by writing the unit number of the target unit as the unit number of the buffer unit and sets the target unit as a new buffer unit, the target unit being a unit that is a target to which data is to be written.
6. The communication device according to claim 5, wherein,
wherein the cell is configured to have one page,
another part of the storage area of the storage device is a management block that stores management information of each user block,
the management information of the user block includes a unit number and a sequence number of each of the plurality of units of the user block, an
The control means updates a sequence number included in the management information of the user block having the unit in which the write target data is written.
7. The communication device according to claim 5, wherein,
wherein the cells are configured from a plurality of pages,
one of the plurality of pages of one unit is a management page storing management information of each unit,
the management information of a unit includes a unit number and a serial number of the unit, an
The control means updates a sequence number included in the management information of the unit in which the write target data is written.
8. The communication device according to claim 5, wherein,
wherein the first encrypted data and the second encrypted data are generated using the value based on the sequence number, write target data, and a unit number of a target unit.
9. A communication method of a communication apparatus, the communication apparatus being provided with: a communication device that performs proximity communication with the reader/writer; a storage device that stores data and a serial number, a value of which is regularly updated each time data is written to the storage device; and a control device that controls writing of data into the storage device in accordance with a command from the reader/writer, the method comprising the steps of:
transmitting the serial number stored in the storage means to the reader/writer using the communication means, and receiving first encrypted data and write target data as target data written into the storage means from the reader/writer, the first encrypted data being generated by the reader/writer using a value based on the serial number and the write target data, and
generating, using the control means, second encrypted data using the value based on the sequence number and the write target data received by the communication means, and in a case where the first encrypted data and the second encrypted data match, writing the write target data received by the communication means into the storage means, and updating the sequence number stored in the storage means.
10. A communication device, comprising:
communication means for performing proximity communication with a wireless tag having storage means for storing data and a serial number, the value of the serial number being regularly updated each time data is written in the storage means; and
generating means for generating first encrypted data using a value based on the sequence number transmitted from the wireless tag and write target data that is target data to be written in the storing means,
wherein the communication means transmits the first encryption data and the write target data to the wireless tag, and
wherein the wireless tag generates second encrypted data using the value based on the serial number and write target data from the communication device, and writes the write target data into the storage device and updates the serial number stored in the storage device in a case where the first encrypted data and the second encrypted data match.
11. The communication device according to claim 10, wherein,
wherein the sequence number based value is a sequence number itself or an updated sequence number.
12. The communication device of claim 10, further comprising:
a random number generation means that generates a random number used by the communication device to authenticate the wireless tag,
the communication device transmits the random number to the wireless tag,
the wireless tag receiving a random number transmitted from the communication apparatus, generating a session key used in a session with the communication device using an individual key unique to the wireless tag generated by using discrimination information that discriminates the wireless tag and the random number, generating third encrypted data using the discrimination information and the session key, and transmitting the discrimination information and the third encrypted data to the communication device,
the generation means generates the individual key using the discrimination information transmitted from the wireless tag, generates the session key using the individual key and the random number, generates fourth encrypted data using the discrimination information transmitted from the wireless tag and the session key, and performs one-side authentication for authenticating the wireless tag by comparing the third encrypted data and the fourth encrypted data, and
in a case where the one-side authentication is successful, the communication device transmits the first encrypted data and the write target data to the wireless tag.
13. A communication method of a communication apparatus, the communication apparatus being provided with: communication means for performing proximity communication with a wireless tag having storage means for storing data and a serial number, the value of the serial number being regularly updated each time data is written in the storage means; and generating means for generating first encrypted data using a value based on the sequence number transmitted from the wireless tag and write target data that is target data to be written in the storage means, the method including the steps of:
generating the first encrypted data using the generating means; and
transmitting the first encryption data and the write target data to the wireless tag using the communication means,
wherein the wireless tag generates second encrypted data using the value based on the serial number and write target data from the communication device, and writes the write target data into the storage device and updates the serial number stored in the storage device in a case where the first encrypted data and the second encrypted data match.
14. A communication system, comprising:
a reader/writer and a wireless tag, performs proximity communication,
wherein the reader/writer has: first communication means for performing proximity communication with the wireless tag, the wireless tag having storage means for storing data and a serial number, a value of the serial number being regularly updated each time data is written in the storage means; and generating means for generating first encrypted data using a value based on the sequence number transmitted from the wireless tag and write target data that is target data to be written in the storage means,
the first communication means transmits the first encrypted data and the write target data to the wireless tag,
the wireless tag has: a second communication device that performs proximity communication with the reader/writer; a storage device; and a control device that controls writing of data to the storage device in accordance with a command from the reader/writer,
the second communication means transmits the serial number stored in the storage means to the reader/writer, and receives the first encrypted data and the write target data transmitted from the reader/writer, and
the control means generates second encrypted data using the value based on the serial number and the write target data received by the second communication means, and writes the write target data received by the second communication means into the storage means and updates the serial number stored in the storage means in the case where the first encrypted data and the second encrypted data match.
15. A communication method of a communication system provided with a reader/writer and a wireless tag that perform proximity communication, wherein the reader/writer has: first communication means for performing proximity communication with the wireless tag, the wireless tag having storage means for storing data and a serial number, a value of the serial number being regularly updated each time data is written in the storage means; and generating means for generating first encrypted data using a value based on the sequence number transmitted from the wireless tag and write target data that is target data to be written in the storage means, and the wireless tag has: a second communication device that performs proximity communication with the reader/writer; a storage device; and a control device that controls writing of data to the storage device in accordance with a command from the reader/writer, the method comprising the steps of:
transmitting the first encrypted data and the write target data to the wireless tag using the first communication device;
transmitting, using the second communication means, the serial number stored in the storage means to the reader/writer, and receiving the first encrypted data and the write target data transmitted from the reader/writer;
generating second encryption data using the value based on the sequence number and write target data received by the second communication device; and
in the case where the first encrypted data and the second encrypted data match, writing, using the control means, the write target data received by the second communication means into the storage means, and updating the serial number stored in the storage means.
16. A communication device, comprising:
a communication section that performs proximity communication with the reader/writer;
a storage section that stores data and a serial number, a value of which is regularly updated each time data is written in the storage section; and
a control section that controls writing of data to the storage section in accordance with a command from the reader/writer,
wherein the communication section transmits the serial number stored in the storage section to the reader/writer, and receives first encrypted data and write target data as target data written in the storage section from the reader/writer, the first encrypted data being generated by the reader/writer using a value based on the serial number and the write target data, and
the control means generates second encrypted data using the value based on the sequence number and the write target data received by the communication portion, writes the write target data received by the communication means into the storage means in a case where the first encrypted data and the second encrypted data match, and updates the sequence number stored in the storage means.
17. A communication device, comprising:
a communication section that performs proximity communication with a wireless tag having a storage section that stores data and a serial number, a value of the serial number being regularly updated each time data is written in the storage section; and
a generation section that generates first encrypted data using a value based on the sequence number transmitted from the wireless tag and write target data that is target data to be written in the storage section,
wherein the communication section transmits the first encryption data and the write target data to the wireless tag, and
wherein the wireless tag generates second encrypted data using the value based on the serial number and write target data from the communication device, and writes the write target data into the storage device and updates the serial number stored in the storage device in a case where the first encrypted data and the second encrypted data match.
HK12102756.6A 2010-06-10 2012-03-20 Communication apparatus, communication method and communication system HK1162805B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2010-133180 2010-06-10
JP2010133180A JP5521803B2 (en) 2010-06-10 2010-06-10 COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION SYSTEM

Publications (2)

Publication Number Publication Date
HK1162805A1 HK1162805A1 (en) 2012-08-31
HK1162805B true HK1162805B (en) 2016-10-21

Family

ID=

Similar Documents

Publication Publication Date Title
US8804959B2 (en) Communication device, communication method, and communication system
US12327244B2 (en) Payment system
US11847640B2 (en) Payment system for authorizing a transaction between a user device and a terminal
US8762742B2 (en) Security architecture for using host memory in the design of a secure element
CN101727603B (en) Information processing apparatus, method for switching cipher and program
US7886970B2 (en) Data communicating apparatus and method for managing memory of data communicating apparatus
JP4834748B2 (en) Information storage medium, medium authentication device, medium authentication system, and IC card
US20090184799A1 (en) Information storage medium and information storage medium processing apparatus
JP5467315B2 (en) Information processing apparatus, information processing method, and program
JP5692441B2 (en) Information processing apparatus, information processing method, and program
HK1162805B (en) Communication apparatus, communication method and communication system
KR200401587Y1 (en) Smart Card leader system for the one time password creation
JPWO2017033766A1 (en) COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION SYSTEM
EP2940647A1 (en) Method for processing issuance of mobile credit card
JP4284237B2 (en) Authentication method, mobile communication terminal device and card type device
KR100727866B1 (en) Smart card reader device for one-time password generation