JP2009211448A - Product certification system - Google Patents

Abstract

An object of the present invention is to provide a product authentication system capable of determining unauthorized use of each component of a system and authenticating the authenticity of the product.
A product authentication system (1) includes a reader (300), an authentication means (400), and a storage means (500) for recording proper genuine reader identification information (301) and previous reader history information (302). If the currently transmitted reader identification information 301 matches the regular reader identification information 301 in the storage means 500, the means 400 obtains the transmission source location of the current reader identification information 301 from the current address information, and Using the previous reader history information 302 related to the same reader identification information 301 as that of the previous reader identification information 301, the previous reader identification information 301 at the time of authentication is within the elapsed time from the authentication of the previous reader identification information 301. When the current reader identification information 301 is transmitted from outside the movable range based on the location of the transmission source, at least one of the current reader or the previous reader 300 is authenticated as not authentic.
[Selection] Figure 2

Description

  The present invention relates to a product authentication system that authenticates the authenticity of a product using a non-contact tag attached to the product.

  Conventionally, for products on the market, RFID tags (Radio Frequency Identification Tags) with unique ID (Identification) tag IDs are embedded in the product, the tag ID in the product is read by a reader, and the product is sent through the Internet. There is a system for discriminating whether a product is genuine or counterfeit.

In order to prevent unauthorized use of the system in an authentication system for confirming whether or not the product is genuine from the tag ID of the RFID tag attached to this product, as described in Patent Document 1, information on the RFID tag is used. ID is given to the reader that reads the ID, and authentication is performed based on whether the ID of the reader matches the ID registered in the database in advance before using the system, so that an unauthorized reader cannot use the system. There is technology to make.
Japanese Patent Application No. 2006-502442 (paragraphs 0053, 0066, 0071, FIG. 1, FIG. 4, etc.)

By the way, in the said system, if the reader itself is forged, the system may be used illegally. In addition, leakage of passwords, replication of RFID tags themselves, and the like can be considered.
For example, even if an attempt is made to record a reader ID on a reader so that an unauthorized reader cannot use the system, it is not technically difficult to duplicate the reader together with the reader ID, and the system is assumed to be used illegally. The

On the other hand, an authentication system is known in which a user is authenticated by a password so that the reader cannot be used even if the reader is duplicated (see Patent Document 1). However, if a password is leaked, it is impossible to prevent the unauthorized user from using the system with an unauthorized reader.
Further, when the tag ID itself is duplicated, there is a problem that it is determined that all products to which the duplicated RFID tag is attached are authentic.
In view of the above circumstances, an object of the present invention is to provide a product authentication system capable of determining unauthorized use of each component of the system and authenticating the authenticity of the product.

In order to achieve the above object, a product authentication system according to the first aspect of the present invention is a product authentication system that authenticates the authenticity of a product with a non-contact tag in which unique tag identification information is recorded. Reader that reads tag identification information of a contact tag, authentication means connected to the reader via a communication network, unique regular reader identification information of a regular reader, and reader identification information of a regular reader that was previously authenticated Storage means for recording the previous reader history information at the time of authenticating the authenticity of the reader when sent to the authentication means via the communication network, and the authentication means is transmitted via the communication network this time If the reader identification information matches the regular reader identification information recorded in the storage means, the source location of the current reader identification information is the address information related to the current transmission. Using the previous reader history information stored in the storage means related to the same reader identification information as the current reader identification information, and the previous reader identification within the elapsed time from the authentication of the previous reader identification information. When the current reader identification information is transmitted from outside the movable geographical range based on the location obtained from the address information of the transmission source at the time of information authentication, at least either the current reader or the previous reader is Authenticates that it is not a legitimate reader.
According to the first aspect of the present invention, it is possible to authenticate whether or not the reader is a regular reader.

A product authentication system according to the second aspect of the present invention is a product authentication system that authenticates the authenticity of a product with a non-contact tag in which unique tag identification information is recorded, and includes tag identification information of the non-contact tag. A communication network includes a reader to be read, an authentication unit connected to the reader via a communication network, a unique regular tag identification information of a regular non-contact tag, and a tag identification information of a regular non-contact tag that has been previously authenticated. Storage means for recording the previous tag history information at the time of authenticating the authenticity of the non-contact tag when sent to the authentication means via the authentication means, the authentication means this time the tag identification transmitted via the communication network If the information matches the regular tag identification information recorded in the storage means, the source location of the current tag identification information is obtained from the address information related to the current transmission, and the current tag identification information is obtained. Using the previous tag history information recorded in the storage means related to the same tag identification information as the information, the sender at the time of authentication of the previous tag identification information within the elapsed time from the authentication of the previous tag identification information When the current tag identification information is transmitted from outside the movable geographical range based on the location obtained from the address information of at least one of the current non-contact tag and the previous non-contact tag Authenticates that it is not a contact tag.
According to the second aspect of the present invention, it is possible to authenticate whether or not the contactless tag is a regular contactless tag.

A product authentication system according to a third aspect of the present invention is a product authentication system that authenticates the authenticity of a product with a non-contact tag in which unique tag identification information is recorded, and includes tag identification information of the non-contact tag. A reader to be read, an authentication means connected via a communication network to a reader or input means to which user identification information is input, and an authorized user identification information and a previous reader or input necessary to use an authorized reader Storage means for recording previous user identification history information at the time of authentic authentication of the user identification information when the legitimate user identification information input from the means is sent to the authentication means via the communication network; The authenticating means includes the regular user identification information, which is recorded in the storage means at this time, which is input from the reader or the input means and transmitted via the communication network. , The storage means related to the same user identification information as the current user identification information is obtained from the address information related to the current transmission. Location obtained from the address information of the sender at the time of authentication of the previous user identification information within the elapsed time from the authentication of the previous user identification information using the previous user identification history information recorded in When the user identification information input this time is transmitted from outside the movable geographical range based on the above, at least one of the current user identification information or the previous user identification information is determined by the authorized user. Authenticates that it was not entered.
According to the third aspect of the present invention, it is possible to authenticate whether or not the user identification information has been input by an authorized user.

  According to the present invention, it is possible to realize a product authentication system capable of determining unauthorized use of each component of the system and authenticating the authenticity of the product.

Embodiments of the present invention will be described below with reference to the accompanying drawings.
<< Outline of Product Authentication System 1 >>
The product authentication system 1 (see FIG. 1) according to the embodiment of the present invention embeds an RFID tag in which a tag ID unique to a product on the market is recorded, reads the tag ID of the RFID tag in the product from a reader, and transmits it through the Internet. It is a system that discriminates whether a product is genuine or counterfeit, and identifies unauthorized use of each component of the system from the history information of authentication data such as reader ID, user password, tag ID, etc. And authenticate the authenticity of the product.
FIG. 1 is a conceptual diagram illustrating a hardware configuration of a product authentication system related to product distribution management using the RFID tag according to the embodiment.

<< Overall configuration of product authentication system 1 >>
The product authentication system 1 includes an authentication server 400 that stores a program for executing processing of the system, and a database (hereinafter referred to as DB) that is connected to the authentication server 400 and stores various data such as a reader ID usage history. 500 and a plurality of readers 300 connected to the authentication server 400 via the Internet 600 and reading information of the RFID tag. The product 100 has an RFID tag 200 embedded therein.

<Authentication server 400>
The authentication server 400 is a computer having a CPU (Central Processing Unit), a storage device, an input / output device and the like, and a hard disk, which is an auxiliary storage device, stores a program for executing product authentication system processing described later. The product authentication system processing is performed by the CPU loading the corresponding program into the main memory and executing it. For example, the authentication server 400 returns an authentication result to the reader 300 via the Internet 600 in response to various authentication inquiries from the reader 300 in the product authentication system process.

<Product 100>
The product 100 is, for example, an expensive brand bag, which is a brand product, and is used when determining the authenticity of the RFID tag 200 in the memory of an IC (Integrated Circuit) chip of the RFID tag 200 embedded in the product 100. A unique tag ID 201 is electronically recorded.

<Reader 300>
The reader 300 includes an RF (Radio Frequency) circuit, a microcomputer that stores firmware and performs read control, an interface circuit, and the like, and is a device that receives and reads information from the RFID tag 200. A unique reader ID 301 used to determine authenticity is electronically recorded in a ROM (Read Only Memory) of the microcomputer.

The reader 300 has means for connecting directly to the Internet 600 or indirectly to the Internet 600 via a PC, a mobile phone, a PDA (Personal Digital Assistants), a POS (Point Of Sales system), or the like. Connected to the authentication server 400 via the Internet. The Internet 600 to the reader 300 may be connected using a WAN (Wide Area Network), a LAN (Local Area Network), or the like.
The reader 300 is hand-held and may be carried by an individual such as a user 350, a salesperson of a store handling the product 100, or may be a gate type installed in a store handling the product 100, and is particularly limited. It is not a thing.

<DB500>
The DB 500 shown in FIG. 1 includes a regular unique tag ID 201 for identifying the RFID tag 200, a regular unique reader ID 301 for identifying the reader 300, and a regular unique name given to the user 350 of the reader 300. The password 351 of the user identification information is recorded in advance.
Further, the DB 500 includes history information 202 when the tag ID 201 is used for authentication of the previous product, history information 302 when the reader ID 301 is used for previous authentication, and history information when the previous password 351 is used for authentication. 352 and product information 101 of the product 100 in which the tag ID 201 is embedded are recorded. The tag ID 201, the reader ID 301, and the password 351 are search keys for searching for data.

Here, the history information 202 of the tag ID 201 is position information that can be recognized from an IP address (Internet Protocol Address) that is address information of the Internet when the information of the tag ID 201 of the RFID tag 200 is transmitted to the authentication server 400 for authentication. Time information at the time of authentication and the like.
The history information 302 of the reader ID 301 is position information that can be recognized from the IP address of the transmission source Internet when the reader 300 transmits information to the authentication server 400 for authentication, time information at the time of the authentication, and the like.

The history information 352 of the password 351 is position information that can be recognized from the IP address of the Internet when the information of the password 351 given to the user 350 is transmitted to the authentication server 400 for authentication, time information at the time of the authentication, etc. . The user 350 is given a unique password 351 recorded in the DB 500 as an authorized person who is permitted to use or manage the reader 300.
Further, the product information 101 of the product 100 includes an actual image of the genuine product 100, a serial number, a manufacturing date, a manufacturer name, a material used, a store selling the product 100, and the like.
The DB 500 may be composed of one or more, but one is preferable because one is easier to manage. The DB 500 may be configured in the authentication server 400, or may be configured separately in a DB server or the like outside the authentication server 400.

<< Product authentication system processing >>
Next, the product authentication system process will be described with reference to FIG. FIG. 2 is a diagram showing the flow of the product authentication system process, and shows that the process is performed after a lapse of time from the top to the bottom of the page of FIG.
This product authentication system process is for confirming whether or not the product 100 is a genuine product when the user 350 purchases the product 100, and the program stored in the authentication server 400 is executed. It is done by.
When the user 350 checks whether the product 100 such as a brand bag is a genuine product that is not a counterfeit product, the user ID 350 reads the tag ID 201 of the RFID tag 200 shown in FIG. Confirmation is received.

<Authentication of reader 300 authenticity>
First, as first authentication, authentication of the reader 300 to be used is authenticated.
In S01 of FIG. 2, when the user 350 presses a start button, a read button, or the like of the reader 300, the reader 300 uses its reader ID 301 directly or using a PC, a mobile phone, or the like by the firmware function. To the authentication server 400 via the Internet 600.
Upon receiving the reader ID 301, the authentication server 400 searches the DB 500 with the transmitted reader ID 301 to determine whether or not the transmitted reader ID 301 matches the regular reader ID 301 registered in the DB 500 in S02 of FIG. .

When it is recognized that a regular reader ID that matches the transmitted reader ID 301 is registered (S03 in FIG. 2), the position information, time information, etc. used by the previous reader 300 (see FIG. 1) for authentication from the DB 500 History information 302 is received (S04 in FIG. 2). As described above, the position information of the history information 302 can be acquired from the IP address of the Internet when the reader ID 301 last performed inquiry authentication to the authentication server 400 via the Internet.
Subsequently, in S05 of FIG. 2, the authentication server 400 that has received the history information 302 compares the IP address of the transmission source to which the reader ID 301 has been transmitted this time with the location information of the previous transmission source of the history information 302. It is determined whether or not the current reader ID 301 is transmitted within a geographical range that can be moved from the location recorded in the history information 302.

Here, whether or not it is within the movable range is determined by, for example, using the route search method, which is a route search algorithm that can be moved in the shortest time, the previous and current Internet in which the authentication server 400 was inquired. The previous and current geographical locations are ascertained from the IP addresses of the respective servers, the elapsed time is obtained from the previous and current times when the inquiry was made to the authentication server 400, and the previous inquiry was made within this elapsed time. Judgment is made based on whether or not it is possible to move from the place to the place where the inquiry is made this time by the shortest route using the shortest possible transportation.
In addition to this, for example, a reference speed of a reference value of the moving speed such as 40 km / hr is set, and a time is obtained by dividing the linear distance on the map between the previous and current points by the reference value of the moving speed. In addition, a simple method may be used in which a time difference is obtained from the previous time and the current time and a determination is made based on the magnitude relationship.
In addition, since the moving speed of moving means such as walking, automobile, high-speed rail, and airplane increases as the distance between the two points increases, the reference speed of the reference value of the moving speed increases as the distance between the two points increases.

  If the authentication server 400 determines that the reader ID 301 is transmitted this time within the geographical range that can move within the elapsed time from the previous authentication time to the current authentication time from the position information of the previous history information 302, the reader 300 In response to this, it is transmitted that the reader 300 is properly registered, and the user is prompted to enter the password 351 (S06 in FIG. 2). On the other hand, if it is determined that the reader ID 301 has not been transmitted this time within the geographical range in which the authentication server 400 can move within the elapsed time from the previous position information of the history information 302 to the current time, the transmission is performed. The performed reader ID 301 is determined to be an illegal reader, and a countermeasure is taken such as setting a bit indicating fraud in the data of the reader ID 301 and making the reader ID 301 unusable.

<Authentication of password 351 to confirm whether or not authorized user 350>
Subsequently, as the second authentication, whether or not the user 350 is an authorized user 350 who uses the reader 300 is authenticated as follows.
In addition, since the regular password 351 is given to the regular user 350, if the regular password 351 is not entered, the user 350 is an unauthorized user to use the reader 300. If there is, it can be confirmed.

In S07 of FIG. 2, a password 351 manually transmitted by the user 350 using the numeric keypad of the reader 300 of the input means is transmitted to the authentication server 400. Note that the password 351 may be input using a numeric keypad of a mobile phone, PC, PDA, or the like connected to the reader 300 as an input means.
In S08 of FIG. 2, the authentication server 400 searches the DB 500 with the input password 351 to determine whether or not the input password 351 is registered in the DB 500, and whether or not a matching regular password 351 is recorded. Inquire by

When the matching regular password 351 is registered in the authentication server 400 (S09 in FIG. 2), in S10 in FIG. 2, the authentication server 400 searches the DB 500 with the password 351 and stores the record of this password 351. History information 352 such as position information and time information that was previously used for authentication of this password 351 is acquired.
On the other hand, if the regular password 351 that matches the entered password 351 is not recorded in the DB 500, the user 350 who entered the password 351 can be recognized as an unauthorized user. Measures such as informing the store can be taken.

In S11 of FIG. 2, the authentication server 400 that has received the previous authentication history information 352 of the password 351 obtains the IP address of the transmission source from which the password 350 is transmitted this time and the previous transmission source IP address of the history information 352. Whether or not the password 352 is currently manpowered within the geographical range that can be moved from the previous geographical location of the history information 352 within the elapsed time from the previous time to the current time. Judging.
Here, whether or not it is within the movable range is determined by using the route search method in the same way as described above, grasping the previous and current geographical positions from the previous and current Internet IP addresses, respectively. Then, the elapsed time is obtained from the current time, and within this elapsed time, it is determined whether or not it is possible to move from the position where the previous inquiry is made to the position where the current inquiry is made by the shortest route. Of course, instead of the route search method, it may be determined simply from the straight line distance.

If the authentication server 400 determines that the password 352 has been transmitted this time within the movable range from the position information and time information of the previous history information 352, the authentication server 400 is properly registered with the reader 300. The password 352 is transmitted (S12 in FIG. 2), and in S13 in FIG. 2, the tag ID 201 of the RFID tag 200 (see FIG. 1) is read and transmitted.
In S01 of FIG. 2, instead of starting processing by the user 350 pressing the start button, reading button, etc. of the reader 300, the reader 300 starts processing to read the tag ID 201 of the RFID tag 200. It is good also as an opportunity to do. In this case, since the tag ID 201 of the RFID tag 200 has already been read by the reader 300, in S13 of FIG. 2, the reader 300 is urged to transmit the tag ID 201 already read and stored.

<Authentication authentication of RFID tag 200>
As the third authentication, authentication of the RFID tag 200 is performed.
2 reads the tag ID 201 (see FIG. 1) of the RFID tag 200 by the function of the firmware, and in S15 of FIG. 2, reads the tag ID 201 in the authentication server. Sent to 400.
The authentication server 400 that has received the read tag ID 201 searches the DB 500 with the read tag ID 201 to check whether the regular tag ID 201 that matches the read tag ID 201 is registered in the DB 500 in S16 of FIG. An inquiry is made depending on whether an ID exists.

When the matching regular tag ID 201 is registered (S17 in FIG. 2), in S18 in FIG. 2, the authentication server 400 stores history information 202 such as position information and time information from which the previous tag ID 201 was read from the DB 500. get.
The authentication server 400 that has received the history information 202 is obtained in S19 of FIG. 2 from the IP address of the transmission source that has transmitted the current tag ID 201 and the IP address of the transmission source that has transmitted the previous tag ID 201 of the history information 202. The position information is compared, and it is determined whether or not the current tag ID 201 is read from the location within the range where the history information 202 can move within the elapsed time from the previous authentication from the location of the previous transmission source.

  In S20 of FIG. 2, if the authentication server 400 determines that the current tag ID 201 is transmitted within the geographical range that can be moved from the location obtained from the IP address of the previous transmission source of the history information 202, the reader 300 is informed. On the other hand, it transmits that the RFID tag 200 is properly registered.

<Transmission of product information 101 of genuine product 100>
If it is determined by the above authentication that there is no problem with the reader 300, the password 351, and the RFID tag 200, a final confirmation of the product using the product information 101 of the genuine product 100 by the user 350 is performed.
In S21 of FIG. 2, the authentication server 400 sends to the DB 500 the actual image of the authentic product 100, which is the product information 101 of the product 100 to which the RFID tag 200 having the transmitted tag ID 201 is attached, the serial number, Requests the date of manufacture, manufacturer name, material used, and the store where the product 100 is sold, and reads and acquires the product information 101 of the authentic product 100 of the record with the tag ID 201 from the DB 500 (see FIG. 2 S22).

Upon receiving the product information 101 of the authentic product 100, the authentication server 400 transmits the product information 101 of the authentic product 100 to the reader 300 and displays it in S23 of FIG.
The user 350 confirms the product information 101 of the genuine product 100 on the display of the reader 300, and can confirm the authenticity of whether or not the product 100 being confirmed is an authentic product from the product information 101.
The product information 101 transmitted to the reader 300 may be configured to be printed, or may be configured to be recorded in a recording unit such as a USB memory of the user 350.
The above is the flow of product authentication system processing.

<< Verification of unauthorized use in product authentication system processing >>
Next, a case where an attempt is made to illegally use the product authentication system 1 is verified.
<First case: Use of unauthorized reader 300 '>
As a first case, a case where an illegal reader 300 'is used is verified.
When the authentication server 400 is accessed by the unauthorized reader 300 ′, it is assumed that the unauthorized reader 300 ′ does not have the reader ID 301 or has the unauthorized reader ID 301 ′.

When the unauthorized reader 300 ′ does not have the reader ID 301, the reader ID 301 is not transmitted from the reader 300 ′ to the authentication server 400, so that it can be determined that the reader 300 ′ is unauthorized.
Further, when the DB500 is searched with the unauthorized reader ID 301 ′ of the unauthorized reader 300 ′, the regular reader ID 301 that matches the unauthorized reader ID 301 ′ is not registered in the DB 500, so that the process proceeds to the subsequent authentication process. Unable to use it and discovers that it is unauthorized use.

<Second case: unauthorized duplication of reader 300 with reader ID 301>
As a second case, the case where the reader 300 is illegally copied together with the reader ID 301 is verified.
When the reader 300 is duplicated together with the reader ID 301, the duplicated reader 300 ′ and the original regular reader 300 that is the original exist simultaneously. Therefore, when the regular reader 300 and the duplicated reader 300 ′ are used at the same timing in different locations, from the previous position information and time information of the history information 302 registered in the DB 500, If the current reader ID 301 is authenticated at a place where it cannot move within the elapsed time up to the usage time, it is determined that unauthorized use has occurred.

FIG. 3 is a diagram illustrating a product authentication system process for verifying a case where the reader 300 is forged together with the reader ID 301.
For example, as shown in FIG. 3, if the reader ID 301 ′ is authenticated in Tokyo at 20:10, 10 minutes after being authenticated in London at 20:00, the reader ID 301 ′ is moved from London to Tokyo in 10 minutes. Since it is impossible, it can be determined that the reader ID 301 ′ in Tokyo has been forged.
In this case, it can be seen that at least one of the readers 300 that have been authenticated last time or this time has been illegally copied.

  When it is determined that the reader ID 301 has been duplicated, the duplicated reader ID 301 ′ is deactivated, and the cause of the illegal duplication of the reader ID 301 is investigated, thereby preventing or suppressing the illegal duplication of the reader 300. be able to.

<Third case: leakage of password 351>
As a third case, a case where the password 351 is leaked and an unauthorized user 350 ′ other than the regular user 350 can use it is verified. This includes a case where an unauthorized user 350 ′ other than the regular user 350 can use the password 351 by guessing or guessing.
Since there are two or more users who know the same regular password 351 at the same time, if the same password 351 is used at the same time in another place, the previous history information 352 used earlier registered in the DB 500 From the position information and the time information, it is determined that the password 351 has been leaked when the password 351 is used for later authentication in a place where it cannot move within the elapsed time from the previous time.

FIG. 4 is a diagram showing a product authentication system process for verifying a case where there is a user 350 ′ who has illegally acquired the password 351.
For example, as shown in FIG. 4, if the password 351 is used in Tokyo at 20:10, 10 minutes after the password 351 was used at 20:00 in London, it is not possible to move from London to Tokyo in 10 minutes. Therefore, it can be determined that the password 351 is leaked.
In this case, it can be understood that at least one of the password input last time or the password input this time is input by an unauthorized user 350 ′ other than the authorized user 350, and is unauthorized use.

  If it is determined that the password 351 has been leaked, this password 351 is suspended, and a new password is issued to the authorized user 350 and registered in the DB 500. Use can be prevented or suppressed.

<Fourth case: unauthorized duplication of RFID tag 200 with tag ID 201>
As a fourth case, a case where the RFID tag 200 is illegally copied together with the tag ID 201 (see FIG. 1) is verified.
When the RFID tag 200 is duplicated together with the tag ID 201, the duplicated RFID tag 200 'and the original regular RFID tag 200 are simultaneously present. Therefore, when the RFID tag 200 and the duplicated RFID tag 200 ′ are used at the same timing in different locations, the position information and time information of the previous history information 202 registered in the DB 500 are used to determine from the previous time. When the tag ID 201 is used for authentication this time in a place where it cannot move within the elapsed time, it is determined that the RFID tag 200 is illegally copied together with the tag ID 201.

FIG. 5 is a diagram showing a product authentication system process for verifying a case where the RFID tag 200 is illegally copied together with the tag ID 201.
For example, as shown in FIG. 5, if the tag ID 201 is authenticated in Tokyo at 20:10, 10 minutes after the tag ID 201 is authenticated from London at 20:00, it will move from London to Tokyo in 10 minutes. Therefore, it can be determined that the tag ID 201 has been forged.

In this case, it can be understood that at least one of the RFID tag used last time or the RFID tag used this time is illegal use.
When it is determined that the tag ID 201 has been duplicated, the use of the tag ID 201 is stopped, and by investigating the cause of the illegal duplication of the tag ID 201, unauthorized duplication of the RFID tag can be prevented or suppressed. .

<Fifth case: Replacing RFID tag 200>
As a fifth case, the case where the RFID tag 200 is removed from the product 100 and replaced with a lower priced product will be verified.
When there is no problem with the reader ID 301 and the password 351, the tag ID 201 of the RFID tag 200 is read, the DB 500 is searched by the authentication server 400, and when the same tag ID exists and the read tag ID 201 is determined to be a regular tag ID Thus, the product information 101 of the product 100 with the read tag ID 201 is transmitted from the DB 500 to the reader 300 via the authentication server 400. Then, the user 350 can check the product information 101 of the read tag ID 201.

Here, the user 350 can determine whether or not the product information 101 of the genuine product 100 is different from the product to which the RFID tag 200 is attached.
Therefore, if the product to which the RFID tag 200 is affixed is different from the product information 101, it can be determined that the product has been illegally replaced with the RFID tag 200, and the purchase of the fraudulent product can be avoided. Can do.

<< Summary >>
In this embodiment, history information 302, 352, 202 when the reader ID 301, password 351, and tag ID 201 were previously authenticated are recorded in the DB 500, and the place where the previous authentication was performed within the elapsed time from the previous time Whether or not authentication is currently performed in a place that can be moved from is used as a reference for authentication.
When authentication is performed, the authentication server not only confirms that the transmitted reader ID 301, tag ID 201, and password 351 match the regular one recorded in the DB 500, but also the location information from which the IP address is transmitted this time And the location history information when the previous authentication was performed, and whether or not the location where the current authentication was performed is within a geographical range that can be moved within the elapsed time since the previous authentication. By adding to the authentication conditions, unauthorized use of the system due to duplication of each ID 301 and 201, leakage of the password 351, and the like can be prevented.

Therefore, even when the reader ID 301, the tag ID 201, etc. are duplicated or the password 351 is leaked, it can be detected, and unauthorized use thereof can be suppressed.
Therefore, by identifying unauthorized use of each component of the system from the history information of the authentication data, a product authentication system that makes it difficult to use the component even if it is counterfeited is prevented while preventing forgery of each component of the system it can.
In the embodiment, the Internet has been described as an example of a communication network. However, a communication network other than the Internet can be applied as long as address information of a transmission source corresponding to an IP address in the Internet can be attached. is there.
In the present embodiment, the DB is exemplified as the storage unit. However, a data file other than the DB may be applied as long as the storage unit can record and retrieve data.

  The present invention has high added value such as branded bags, wallets, clothes, watches, and the like, but imitations are easily available, but the applicability is high in a system for determining authenticity.

It is a conceptual diagram which shows the hardware constitutions of the product authentication system regarding the distribution management of the product using the RFID tag of embodiment concerning this invention. It is a figure which shows the flow of the product authentication system process of embodiment. It is a figure which shows the product authentication system process which verifies the case where a reader is forged for every reader ID. It is a figure which shows the product authentication system process which verifies the case where the user who acquired the password fraudulently. It is a figure which shows the product authentication system process which verifies the case where an RFID tag is illegally copied with tag ID.

Explanation of symbols

1 Product certification system
100 products
101 Product information
200 RFID tags (contactless tags)
201 Tag ID (tag identification information)
202 History information when tag ID was last sent (tag history information)
300 reader (input means)
301 Reader ID (Reader identification information)
302 History information when reader ID was last sent (reader history information)
350 users
351 Password (User identification information)
352 History information when password was last sent (user identification history information)
400 Authentication server (authentication means)
500 database (storage means)
600 Internet (communication network)

Claims (7)

A product authentication system that authenticates authenticity of a product with a contactless tag in which unique tag identification information is recorded,
A reader for reading tag identification information of the contactless tag;
Authentication means connected to the reader via a communication network;
At the time of authenticating the authenticity of the reader at the time when the authentic authentic reader identification information of the authentic reader and the reader identification information of the authentic reader that was previously authenticated are sent to the authenticating means via the communication network. Storage means for recording the previous reader history information,
When the reader identification information transmitted this time via the communication network matches the regular reader identification information recorded in the storage unit, the authentication unit determines the location of the transmission source of the current reader identification information. At the time of authentication of the previous reader identification information using the previous reader history information obtained from the address information related to the current transmission and recorded in the storage means related to the same reader identification information as the current reader identification information When the current reader identification information is transmitted from outside the movable geographical area based on the location obtained from the address information of the transmission source at the time of authentication of the previous reader identification information within the elapsed time from Either of the current reader or the previous reader authenticates that it is not a regular reader. A product authentication system that authenticates authenticity of a product with a contactless tag in which unique tag identification information is recorded,
A reader for reading tag identification information of the contactless tag;
Authentication means connected to the reader via a communication network;
The unique contact tag identification information of the contactless tag and the contact identification tag of the contactless tag that has been previously authenticated are sent to the authentication means via the communication network. Storage means for recording the previous tag history information at the time of authentication of authenticity,
If the tag identification information transmitted this time via the communication network matches the regular tag identification information recorded in the storage unit, the authentication unit determines the source location of the current tag identification information. At the time of authentication of the previous tag identification information using the previous tag history information recorded in the storage means related to the same tag identification information as the current tag identification information, obtained from the address information related to the current transmission When the tag identification information of this time is transmitted from outside the movable geographical range based on the location obtained from the address information of the transmission source at the time of authentication of the previous tag identification information within the elapsed time from Either the current non-contact tag or the previous non-contact tag authenticates that it is not a regular non-contact tag. A product authentication system that authenticates authenticity of a product with a contactless tag in which unique tag identification information is recorded,
A reader for reading tag identification information of the contactless tag;
Authentication means connected via a communication network to the reader or input means to which user identification information is input;
When the legitimate user identification information necessary for using the legitimate reader and the legitimate user identification information previously input from the reader or the input means are sent to the authentication means via the communication network Storage means for recording previous user identification history information at the time of authentic authentication of the user identification information,
If the user identification information input from the reader or input means and transmitted via the communication network matches the regular user identification information recorded in the storage means this time, the authentication means The location of the input source of the entered user identification information is obtained from the address information related to the current transmission and is recorded in the storage means related to the same user identification information as the current user identification information. Using the user identification history information, the location obtained from the address information of the transmission source at the time of authentication of the previous user identification information within the elapsed time from the time of authentication of the previous user identification information is used as a reference When the user identification information input this time is transmitted from outside the movable geographical range, at least one of the current user identification information or the previous user identification information is valid Product authentication system characterized by authentication that was not entered by the use's. The product authentication system according to claim 3, wherein the user identification information is a password. When it is authenticated as normal in claim 1, claim 2, and claim 3, product information of the genuine product recorded in the storage means is transmitted to the reader via the communication network. Product certification system. The product authentication system according to claim 5, wherein the product information of the authentic product transmitted is displayed, printed, or recorded. Whether or not the geographical area is movable is determined by the distance between the previous transmission source location and the current transmission source location, and the larger the distance between the two points, the larger the value. The product authentication system according to any one of claims 1 to 6, wherein the determination is performed using a reference speed to be determined.

Images