[go: up one dir, main page]

WO2012027898A1 - Method and device for radio frequency identification(rfid) access control - Google Patents

Method and device for radio frequency identification(rfid) access control Download PDF

Info

Publication number
WO2012027898A1
WO2012027898A1 PCT/CN2010/076580 CN2010076580W WO2012027898A1 WO 2012027898 A1 WO2012027898 A1 WO 2012027898A1 CN 2010076580 W CN2010076580 W CN 2010076580W WO 2012027898 A1 WO2012027898 A1 WO 2012027898A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
tag
user password
password
storage area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2010/076580
Other languages
French (fr)
Chinese (zh)
Inventor
李海峰
张钊锋
张南平
杨纯异
郁迅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZISTUN TECHNOLOGY Co Ltd
Original Assignee
ZISTUN TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZISTUN TECHNOLOGY Co Ltd filed Critical ZISTUN TECHNOLOGY Co Ltd
Priority to CN2010800687911A priority Critical patent/CN103080949A/en
Priority to PCT/CN2010/076580 priority patent/WO2012027898A1/en
Publication of WO2012027898A1 publication Critical patent/WO2012027898A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/08Methods or arrangements for sensing record carriers, e.g. for reading patterns by means detecting the change of an electrostatic or magnetic field, e.g. by detecting change of capacitance between electrodes
    • G06K7/082Methods or arrangements for sensing record carriers, e.g. for reading patterns by means detecting the change of an electrostatic or magnetic field, e.g. by detecting change of capacitance between electrodes using inductive or magnetic sensors
    • G06K7/083Methods or arrangements for sensing record carriers, e.g. for reading patterns by means detecting the change of an electrostatic or magnetic field, e.g. by detecting change of capacitance between electrodes using inductive or magnetic sensors inductive
    • G06K7/084Methods or arrangements for sensing record carriers, e.g. for reading patterns by means detecting the change of an electrostatic or magnetic field, e.g. by detecting change of capacitance between electrodes using inductive or magnetic sensors inductive sensing magnetic material by relative movement detecting flux changes without altering its magnetised state

Definitions

  • the present invention relates to the field of RFID technologies, and in particular, to an RFID access control method and apparatus. Background technique
  • RFID Radio Frequency Identification
  • RFID technology is a collection of basic technologies, including microchip manufacturing technology, antenna technology, radio frequency technology, communication technology, data exchange and data coding technology.
  • UHF RFID systems means; operating frequency is 840 ⁇ 845 ⁇ ⁇ , 920 ⁇ 925 ⁇ ⁇ (UHF band) of
  • the simplest UHF RFID system consists of a tag, a reader, and an antenna.
  • the receiving card reader sends a signal to the tag.
  • the obtained energy sends the relevant information of the product stored in the chip (Passive Tag) or the passive tag to the card reader.
  • the card reader After reading the tag information and decoding the card reader, the card reader sends the tag information to the central information system.
  • Passive Tag the relevant information of the product stored in the chip
  • the card reader After reading the tag information and decoding the card reader, the card reader sends the tag information to the central information system.
  • other hardware and software support is needed in practical applications.
  • the air interface communication protocol uses the "kill" and "Access” password access control mechanisms to solve the data security problem in the media access control layer custom command, the state machine and the memory design of the tag integrated circuit. Without considering The difference between the special user data and the general user data, and the security of the user storage block data itself, the general user card reader can easily read the sensitive data of the special user, and therefore, there is a great security risk.
  • the embodiment of the invention provides an RFID access control method and device, which is used to solve the problem that the data stored in the tag is not secure enough in the prior art, and cannot be accessed separately by the user.
  • An embodiment of the present invention provides an RFID access control method, including:
  • the reader establishes a connection with the tag
  • the reader/writer sends a user password to the tag
  • the tag matches the user password in a user password area including at least two users, and matches the user storage area corresponding to the user password;
  • the tag executes the received control command according to the authority and the user storage area.
  • the tag communicates with the reader/writer in an encrypted manner.
  • the method further includes: the tag determining whether the tag of the tag is a specific value, if the tag is The specific value matches the user password in the user password area including at least two users, and matches the user storage area corresponding to the user password.
  • the rights include read rights and write rights.
  • the embodiment of the invention further provides a label access control method in an RFID system, comprising: establishing a connection with an external device;
  • the received control command is executed according to the authority and the user storage area.
  • the tag when the tag transmits data to an external device, the transmitted data is encrypted, and when the tag receives the external device data, the received data is decrypted.
  • the method further includes: determining whether the identifier bit of the label is a specific value, and if the identifier bit is a specific value, at a user password area including at least two users. The right to match the user password and match the user storage area corresponding to the user password.
  • An embodiment of the present invention further provides a label in an RFID system, including,
  • a radio unit for connecting to an external device and receiving a user password
  • a user data area which includes at least two user storage areas for storing user data; a user password area for storing passwords and rights of at least two users;
  • a matching unit configured to match the user password in the user password area, and match the user storage area corresponding to the user password
  • An execution unit configured to execute the received control command according to the permission and the user storage area.
  • an encryption unit and a decryption unit are further included, which are respectively connected to the radio frequency unit and the matching unit, for encrypting data sent by the tag and decrypting the received data.
  • the method further includes: an identifier unit, respectively connected between the radio frequency unit and the matching unit, configured to identify whether the identifier bit in the label is a specific value, if the identifier bit is specific The value informs the matching unit of the right to match the user password in the user password area, and matches the user storage area corresponding to the user password.
  • An embodiment of the present invention further provides an RFID system, including
  • a reader configured to establish a connection with the tag, and send a user password to the tag
  • the tag configured to receive the user password; in a user password area including at least two users The user's password is matched and the user storage area corresponding to the user password is matched; and the received control command is executed according to the authority and the user storage area.
  • the security access to the data in the tag can be achieved by the embodiment of the present invention, and the data security for different users is high.
  • FIG. 1 is a flowchart of an RFID system access control method according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a label access control method in an RFID system according to an embodiment of the present invention
  • FIG. 4 is a structural diagram of a tag in an RFID system according to an embodiment of the present invention.
  • Fig. 5 is a block diagram showing the structure of an RFID system according to an embodiment of the present invention. detailed description
  • FIG. 1 is a flowchart of an RFID system access control method according to an embodiment of the present invention.
  • the reader establishes a connection with the tag.
  • the connection between the reader and the tag can be established by using an access password in the prior art.
  • Step 102 The reader/writer sends a user password to the tag.
  • Different readers send their own specific user passwords, or a reader/writer can send different user passwords to the tags according to the user's choice.
  • the user passwords can be divided into read passwords and write passwords, where the read
  • the password or password can be a 32-bit password.
  • the user password is used to distinguish the user's identity. Users with different identities can get different data content from the label. For example, confidential data content can only be obtained by The reader who inputs the secret user password reads or writes.
  • the ordinary data content can be read or written by the reader who inputs the ordinary user password. If the user has the write permission, the corresponding user storage area can be performed. In addition to the written permissions, there is permission to read the user store.
  • the tag further has an identifier bit for identifying whether the tag supports a mode of the multi-user storage area. If the identifier bit is a specific value, the received user password is matched with multiple user passwords in the user password area, otherwise directly In the prior art, the process of not distinguishing the user's access, such as matching the access password, and then accessing the tag.
  • Step 103 The tag matches the user password in a user password area including at least two users, and matches a user storage area corresponding to the user password.
  • the read password and the write password of all users are included in the user password area of the tag, wherein each user's read password and write password can be 32 bits long, in this example 15 user passwords, each Each user password has a read password and a write password.
  • the block of the user password area is B0 ⁇ B15.
  • OOrTlFn is the read password block of user ⁇ 0
  • 20rT3Fn is the write password of user B0. (Write Password) Memory block.
  • the user storage area corresponding to the user password is matched. For example, if the input user password matches the read password of the user B1, the reader/writer has read permission for the storage area of the user B1 of the label.
  • Step 104 The tag executes the received control command according to the authority and the user storage area.
  • the control command includes: if the permission of the user password is a read permission, sending data in a user storage area corresponding to the user password to the reader/writer; if the permission of the user password is a write permission, And allowing the reader/writer input data to be written into the user storage area corresponding to the user password and/or reading data of the corresponding user storage area; if the user password does not match any one of the user passwords in the label, This control command performs operations on any user memory area.
  • the reader/writer communicates with the tag in an encrypted manner.
  • the encryption method may be a Data Encryption Algorithm (DEA) or an Advanced Encryption Standard (AES).
  • FIG. 2 is a flow chart of a method for controlling tag access in an RFID system according to an embodiment of the present invention.
  • connection between the reader and the reader through the radio frequency method can be the connection method of the reader/writer and the label in the prior art; or the label can be connected to the computer through a reader/writer, etc., for setting the label parameter and reading. Take or write data.
  • Step 202 Receive a user password.
  • Step 203 Match the user password in the user password area including at least two users, and match the user storage area corresponding to the user password.
  • Step 204 Execute the received control command according to the permission and the user storage area.
  • the user password area includes a read password and a write password of a plurality of users, and the user password matches the read password or the write password, and the user has read permission or write permission to the corresponding user storage area of the label.
  • the tag When the tag communicates with the external device, including transmitting the RF signal and receiving the RF signal, it can be transmitted by encryption. It can be encrypted by DEA or AES.
  • the method further includes: determining whether the identifier of the label is a specific value, and if the identifier is a specific value, matching in a user password area including at least two users. The user password is matched with the user storage area corresponding to the user password. Otherwise, the process of not distinguishing the user's access process, such as matching the access password, and then accessing the label, is directly performed.
  • FIG. 3 is a structural diagram of a label storage area in an embodiment of the present invention.
  • the user area (USER) of the tag has 16 storage areas, each of which is a user-specific storage area, and each user's storage area address is, for example, 00 h to 0f h .
  • Tag Configure Control This setting is used to control the read/write status of the specified block of the tag memory and the address pointer of the corresponding block.
  • User Password Defines the read/write password for a special user memory block.
  • the block of the user password area is ⁇ ( ⁇ 15, representing different users, OOrTlFn is the read password block of user ⁇ 0, 20rT3Fn is the write password storage block of user B0, and so on.
  • ⁇ ⁇ lFFn Defines the read/write password for a special user memory block.
  • the block of the user password area is ⁇ ( ⁇ 15, representing different users
  • OOrTlFn is the read password block of user ⁇ 0
  • 20rT3Fn is the write password storage block of user B0, and so on.
  • ⁇ ⁇ lFFn Defines the read/write password for a special user memory block.
  • the block of the user password area is ⁇ ( ⁇ 15, representing different users
  • OOrTlFn is the read password block of user ⁇ 0
  • 20rT3Fn is the write password storage block of user B0, and so on.
  • the tag identification number (TID) area of the tag is used to store the factory information of the tag and the like.
  • the EPC area of the tag is used to store EPC codes, as well as protocol files and parameters.
  • the tag setting control has an identifier bit for identifying whether the tag supports a multi-user storage area. If the identifier bit is a specific value, for example, the tag supports a multi-user storage area, and the received user password is matched. Multiple user passwords in the user password area. Otherwise, the process of accessing the user without distinguishing the access process, such as matching the access password, and then accessing the label, is directly performed.
  • the label setting control field in the reserved area of the label is defined as follows in Table 1.
  • Table 1 defines only one example of implementing the method of the present invention, and It should not be construed as limiting the embodiments of the invention.
  • the label setting control field mentioned above may also include definitions of radio frequency parameters, as shown in Table 2.
  • the User Memory Control field in Figure 3 is defined as Table 3, which is used to store the parameters of the user memory area.
  • IJ 002:2 Bytes; 012:4
  • IJ 002:16 Bytes; 012:32 Bytes; 102:64 Bytes; 112: 128 Bytes.
  • Fig. 4 is a structural diagram of a tag in an RFID system according to an embodiment of the present invention.
  • the radio unit 401, the user data area 402, the user password area 403, the matching unit 404, and the executing unit 405 are included.
  • the radio frequency unit 401 is configured to connect with an external device and receive a user password.
  • the user data area 402 includes at least two user storage areas for storing user data.
  • the user password area 403 is configured to store passwords and permissions of at least two users.
  • the matching unit 404 is configured to match the user password in the user password area, and match the user storage area corresponding to the user password.
  • the executing unit 405 is configured to execute the received control command according to the authority and the user storage area.
  • an encryption unit 406 and a decryption unit 407 may be further included between the radio unit 401 and the matching unit 404 for encrypting data sent by the label and decrypting the received data.
  • the identifier unit 408 is further connected between the radio frequency unit and the matching unit 404, and is used to identify whether the identifier bit in the label is a specific value, and if the identifier bit is a specific value, notify the matching unit of the user password. The user in the area matches the user password and matches the user storage area corresponding to the user password. Otherwise, the process of not distinguishing the user's access process, such as matching the access password, and then accessing the label, is directly performed.
  • FIG. 5 is a schematic structural diagram of an RFID system according to an embodiment of the present invention.
  • the reader/writer 501 establishes a connection with the tag 502.
  • the tag 502 determines whether the tag supports the secure access of the multi-user. If not, the tag access process is entered in the prior art. This will not be repeated here.
  • the reader can know whether the tag supports secure access by multiple users. If the multi-user secure access is supported, the reader sends the user password, and the tag receives the user password and the user. The user password in the password area is matched. If the received user password matches a user password in the user password area, the user storage area that the connected user can access is determined. For example, the received user password is the user Bl. Then, the user can access the user storage area of the user B1, and confirm the access right of receiving the user password. For example, if the received user password matches the write permission password of B1 in the user password area, the connected user is allowed to access. The user storage area B1, and the user can perform a write operation in the user storage area B1. When receiving the operation command of the reader/writer, the label reads or writes to the corresponding storage area according to the permission of the user password. operating.
  • the user's secure access mechanism can be implemented in one tag, and the data security of the existing RFID system can be enhanced.
  • the present invention can be implemented by hardware or by software plus a necessary general hardware platform.
  • the technical solution of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (can be a CD-ROM, a U disk, a mobile hard disk) And the like, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the technical field of Radio Frequency Identification (RFID), particularly to a method and device for RFID access control, wherein, the method includes that: a reader establishes a connection with a tag; said reader sends a user password to said tag; said tag matches the permission of said user password in the user password area which contains at least two users, and matches the user storage area corresponding to said user password, and according to the permission and the user storage area, said tag performs a received control instruction. The embodiment of the present invention enables the safe access to the data in the tag thus ensuring high data security for different users.

Description

一种 RFID访问控制方法及装置  RFID access control method and device

技术领域 本发明涉及 RFID技术领域, 特别是关于一种 RFID访问控制方法及装置。 背景技术 TECHNICAL FIELD The present invention relates to the field of RFID technologies, and in particular, to an RFID access control method and apparatus. Background technique

RFID (Radio Frequency Identification)是一禾中通过无线射频方式进行 非接触双向数据通信对目标加以识别的技术。 RFID技术是多项基础技术的集 合, 包括微芯片制造技术、 天线技术、 无线射频技术、 通信技术、 数据交换 与数据编码技术等。  RFID (Radio Frequency Identification) is a technology for identifying targets by non-contact two-way data communication through radio frequency. RFID technology is a collection of basic technologies, including microchip manufacturing technology, antenna technology, radio frequency technology, communication technology, data exchange and data coding technology.

UHF RFID系统是指; 工作频率为 840〜845ΜΗΖ、 920〜925ΜΗΖ (超高频段) 的UHF RFID systems means; operating frequency is 840~845ΜΗ Ζ, 920~925ΜΗ Ζ (UHF band) of

RFID系统。 最简单的 UHF RFID系统是由标签 (Tag) 、 读卡器 (Reader) 和天 线 (Antenna) 三部分组成: 当标签进入磁场区域后, 接收的读卡器向标签发 出信号, 标签凭借感应电流所获得的能量, 向读卡器发送出存储在芯片中的 产品的相关信息 (Passive Tag―无电源标签或称被动标签) , 读卡器读取 到标签信息并译码后, 送至中心信息系统进行有关的处理, 在实际应用中需 要其它的软硬件支持。 RFID system. The simplest UHF RFID system consists of a tag, a reader, and an antenna. When the tag enters the magnetic field, the receiving card reader sends a signal to the tag. The obtained energy sends the relevant information of the product stored in the chip (Passive Tag) or the passive tag to the card reader. After reading the tag information and decoding the card reader, the card reader sends the tag information to the central information system. For related processing, other hardware and software support is needed in practical applications.

基于 RFID技术对互联网络支撑的特性, 将对社会的智能化、 信息化、 生 产模式将产生深刻影响, 因此, 其应用的重要意义将关乎国家经济发展与国 防建设进程, 涉及国家信息安全和国家利益。  The characteristics of RFID-based support for the Internet will have a profound impact on the society's intelligence, information, and production models. Therefore, the significance of its application will be related to the country's economic development and national defense construction process, involving national information security and the state. interest.

目前, 就国际 EPC global C1G2、 ISO/IEC 18000 _6C标准中所涉及的核 心技术而言, 在系统中仅考虑 EPC编码、 传输与远程认证, 没有全面考虑数 据在通讯过程及不同应用的特殊要求, 其空口通讯协议在媒体访问控制层自 定义命令, 标签集成电路的状态机、 存储器的设计中只采用了 " Kill " 、 "Access (访问)"密码的访问控制机制来解决数据的安全性问题, 而没有考虑 特殊用户数据与一般用户数据的区别, 以及用户存储区块数据本身的安全, 一般用户读卡器可以轻易读取到特殊用户的敏感数据, 因此, 存在极大的安 全隐患。 At present, in terms of the core technologies involved in the international EPC global C1G2 and ISO/IEC 18000 _6C standards, only EPC coding, transmission and remote authentication are considered in the system, and the special requirements of data in the communication process and different applications are not fully considered. The air interface communication protocol uses the "kill" and "Access" password access control mechanisms to solve the data security problem in the media access control layer custom command, the state machine and the memory design of the tag integrated circuit. Without considering The difference between the special user data and the general user data, and the security of the user storage block data itself, the general user card reader can easily read the sensitive data of the special user, and therefore, there is a great security risk.

发明内容 Summary of the invention

本发明实施例提供一种 RFID访问控制方法及装置, 用于解决现有技术中 标签中存储数据不够安全, 不能实现按用户分别访问的问题。  The embodiment of the invention provides an RFID access control method and device, which is used to solve the problem that the data stored in the tag is not secure enough in the prior art, and cannot be accessed separately by the user.

本发明实施例提供了一种 RFID访问控制方法, 包括:  An embodiment of the present invention provides an RFID access control method, including:

读写器与标签建立连接;  The reader establishes a connection with the tag;

所述读写器向所述标签发送用户密码;  The reader/writer sends a user password to the tag;

所述标签在至少包括两个用户的用户密码区中匹配所述用户密码的权 限, 并匹配出该用户密码对应的用户存储区;  The tag matches the user password in a user password area including at least two users, and matches the user storage area corresponding to the user password;

所述标签根据权限和用户存储区, 执行接收到的控制命令。  The tag executes the received control command according to the authority and the user storage area.

根据本发明实施例的一个进一歩的方面, 所述标签与所述读写器之间采 用加密方式通信。  According to a further aspect of the embodiments of the present invention, the tag communicates with the reader/writer in an encrypted manner.

根据本发明实施例的再一个进一歩的方面, 在所述读写器向所述标签发 送用户密码中还包括, 所述标签判断该标签的标识位是否为特定值, 如果所 述标识位为特定值则在至少包括两个用户的用户密码区中匹配所述用户密码 的权限, 并匹配出该用户密码对应的用户存储区。  According to still another aspect of the embodiments of the present invention, the method further includes: the tag determining whether the tag of the tag is a specific value, if the tag is The specific value matches the user password in the user password area including at least two users, and matches the user storage area corresponding to the user password.

根据本发明实施例的另一个进一歩的方面, 所述权限包括读权限和写权 限。  According to another aspect of the embodiments of the present invention, the rights include read rights and write rights.

本发明实施例还提供了一种 RFID系统中标签访问控制方法, 包括, 建立与外界设备的连接;  The embodiment of the invention further provides a label access control method in an RFID system, comprising: establishing a connection with an external device;

接收用户密码;  Receive user password;

在至少包括两个用户的用户密码区中匹配所述用户密码的权限, 并匹配 出该用户密码对应的用户存储区; Match the permissions of the user password in the user password area of at least two users, and match The user storage area corresponding to the user password;

根据权限和用户存储区, 执行接收到的控制命令。  The received control command is executed according to the authority and the user storage area.

根据本发明实施例一个进一歩的方面, 在所述标签向外界设备发送数据 时, 对发送的数据进行加密, 在所述标签接收外界设备数据时, 对接收到的 数据进行解密。  According to an aspect of the present invention, when the tag transmits data to an external device, the transmitted data is encrypted, and when the tag receives the external device data, the received data is decrypted.

根据本发明实施例再一个进一歩的方面, 在接收用户密码后还包括, 判 断该标签的标识位是否为特定值, 如果所述标识位为特定值则在至少包括两 个用户的用户密码区中匹配所述用户密码的权限, 并匹配出该用户密码对应 的用户存储区。  According to still another aspect of the embodiments of the present invention, after receiving the user password, the method further includes: determining whether the identifier bit of the label is a specific value, and if the identifier bit is a specific value, at a user password area including at least two users. The right to match the user password and match the user storage area corresponding to the user password.

本发明实施例还提供了一种 RFID系统中的标签, 包括,  An embodiment of the present invention further provides a label in an RFID system, including,

射频单元, 用于与外界设备进行连接, 并接收用户密码;  a radio unit for connecting to an external device and receiving a user password;

用户数据区, 其包括至少两个用于存储用户数据的用户存储区; 用户密码区, 用于存储至少两个用户的密码及权限;  a user data area, which includes at least two user storage areas for storing user data; a user password area for storing passwords and rights of at least two users;

匹配单元, 用于在所述用户密码区中匹配所述用户密码的权限, 并匹配 出该用户密码对应的用户存储区;  a matching unit, configured to match the user password in the user password area, and match the user storage area corresponding to the user password;

执行单元, 用于根据权限和用户存储区, 执行接收到的控制命令。  An execution unit, configured to execute the received control command according to the permission and the user storage area.

根据本发明实施例一个进一歩的方面, 还包括加密单元和解密单元, 分 别与连接于所述射频单元和匹配单元之间, 用于对标签发送的数据进行加密 和对接收到的数据进行解密。  According to an aspect of the present invention, an encryption unit and a decryption unit are further included, which are respectively connected to the radio frequency unit and the matching unit, for encrypting data sent by the tag and decrypting the received data. .

根据本发明实施例再一个进一歩的方面, 还包括标识单元, 分别连接于 射频单元和匹配单元之间, 用于识别所述标签中的标识位是否为特定值, 如 果所述标识位为特定值则通知所述匹配单元在所述用户密码区中匹配所述用 户密码的权限, 并匹配出该用户密码对应的用户存储区。  According to still another aspect of the embodiments of the present invention, the method further includes: an identifier unit, respectively connected between the radio frequency unit and the matching unit, configured to identify whether the identifier bit in the label is a specific value, if the identifier bit is specific The value informs the matching unit of the right to match the user password in the user password area, and matches the user storage area corresponding to the user password.

本发明实施例还提供了一种 RFID系统, 包括,  An embodiment of the present invention further provides an RFID system, including

读写器, 用于与标签建立连接, 并向所述标签发送用户密码;  a reader, configured to establish a connection with the tag, and send a user password to the tag;

所述标签, 用于接收所述用户密码; 在至少包括两个用户的用户密码区 中匹配所述用户密码的权限, 并匹配出该用户密码对应的用户存储区; 根据 权限和用户存储区, 执行接收到的控制命令。 The tag, configured to receive the user password; in a user password area including at least two users The user's password is matched and the user storage area corresponding to the user password is matched; and the received control command is executed according to the authority and the user storage area.

通过本发明实施例可以实现对标签内数据的安全访问, 针对不同用户的 数据安全性高。 附图说明  The security access to the data in the tag can be achieved by the embodiment of the present invention, and the data security for different users is high. DRAWINGS

此处所说明的附图用来提供对本发明的进一歩理解, 构成本申请的一部 分, 并不构成对本发明的限定。 在附图中:  The drawings described herein are provided to provide a further understanding of the invention and are in no way of limitation. In the drawing:

图 1所示为本发明实施例一种 RFID系统访问控制方法的流程图; 图 2所示为本发明实施例 RFID系统中标签访问控制方法流程图; 图 3所示为本发明实施例中标签存储区的结构图;  1 is a flowchart of an RFID system access control method according to an embodiment of the present invention; FIG. 2 is a flowchart of a label access control method in an RFID system according to an embodiment of the present invention; FIG. a structural diagram of the storage area;

图 4所示为本发明实施例 RFID系统中标签的结构图;  4 is a structural diagram of a tag in an RFID system according to an embodiment of the present invention;

图 5所示为本发明实施例 RFID系统的结构示意图。 具体实施方式  Fig. 5 is a block diagram showing the structure of an RFID system according to an embodiment of the present invention. detailed description

为使本发明的目的、 技术方案和优点更加清楚明白, 下面结合实施方式 和附图, 对本发明做进一歩详细说明。 在此, 本发明的示意性实施方式及其 说明用于解释本发明, 但并不作为对本发明的限定。  In order to make the objects, the technical solutions and the advantages of the present invention more comprehensible, the present invention will be described in detail below with reference to the embodiments and the accompanying drawings. The illustrative embodiments of the present invention and the description thereof are intended to explain the present invention, but are not intended to limit the invention.

如图 1所示为本发明实施例一种 RFID系统访问控制方法的流程图。  FIG. 1 is a flowchart of an RFID system access control method according to an embodiment of the present invention.

包括, 歩骤 101, 读写器与标签建立连接。 其中, 读写器与标签的连接可 以采用现有技术中的访问密码建立。  Including, step 101, the reader establishes a connection with the tag. The connection between the reader and the tag can be established by using an access password in the prior art.

歩骤 102, 所述读写器向所述标签发送用户密码。 不同的读写器发送各自 特定的用户密码, 或者一个读写器可以根据用户的选择, 向标签发送不同的 用户密码, 所述用户密码可以分为读取密码和写入密码, 其中所述读取密码 或者写入密码都可以为 32bit的密码, 该用户密码是为了区别用户身份, 不同 身份的用户可以从标签中得到不同的数据内容, 例如机密的数据内容只能由 输入机密用户密码的读写器读取或者写入, 普通的数据内容可以由输入普通 用户密码的读写器读取或者写入, 如果用户具有写入权限则除了可以对相应 的用户存储区进行写入的权限外还具有对该用户存储区读取的权限。 Step 102: The reader/writer sends a user password to the tag. Different readers send their own specific user passwords, or a reader/writer can send different user passwords to the tags according to the user's choice. The user passwords can be divided into read passwords and write passwords, where the read The password or password can be a 32-bit password. The user password is used to distinguish the user's identity. Users with different identities can get different data content from the label. For example, confidential data content can only be obtained by The reader who inputs the secret user password reads or writes. The ordinary data content can be read or written by the reader who inputs the ordinary user password. If the user has the write permission, the corresponding user storage area can be performed. In addition to the written permissions, there is permission to read the user store.

在该标签中还具有标识位, 用于标识该标签是否支持多用户存储区的模 式, 如果该标识位为特定值则将接收到的用户密码匹配用户密码区中的多个 用户密码, 否则直接进行现有技术中不区分用户的访问流程, 例如匹配访问 密码, 然后对标签进行访问的流程。  The tag further has an identifier bit for identifying whether the tag supports a mode of the multi-user storage area. If the identifier bit is a specific value, the received user password is matched with multiple user passwords in the user password area, otherwise directly In the prior art, the process of not distinguishing the user's access, such as matching the access password, and then accessing the tag.

通过标识位可以实现对现有技术中 RFID系统中标签的兼容。  The compatibility of tags in prior art RFID systems can be achieved by the identification bits.

歩骤 103, 所述标签在至少包括两个用户的用户密码区中匹配所述用户密 码的权限, 并匹配出该用户密码对应的用户存储区。  Step 103: The tag matches the user password in a user password area including at least two users, and matches a user storage area corresponding to the user password.

在所述标签的用户密码区中包括所有用户的读取密码和写入密码, 其中 每个用户的读取密码和写入密码都可以为 32bit长, 在本例中为 15个用户密 码, 每个用户密码分别有一个读取密码和一个写入密码, 该用户密码区的区 块为 B0〜B15,例如: OOrTlFn为用户 Β0的读密码(Read Password)区块, 20rT3Fn 为用户 B0的写密码 (Write Password) 存储区块。 根据输入的用户密码匹配 所述用户密码区中的用户密码, 得到用户的权限, 和哪个密码相匹配则具有 哪个用户的相应权限。  The read password and the write password of all users are included in the user password area of the tag, wherein each user's read password and write password can be 32 bits long, in this example 15 user passwords, each Each user password has a read password and a write password. The block of the user password area is B0~B15. For example: OOrTlFn is the read password block of user Β0, and 20rT3Fn is the write password of user B0. (Write Password) Memory block. According to the input user password, the user password in the user password area is matched, and the user's authority is obtained, and which password is matched with which user's corresponding authority.

根据上述输入的用户密码匹配出该用户密码对应的用户存储区域, 例如 输入的用户密码与用户 B1的读密码相匹配, 则读写器对该标签的用户 B1的存 储区域具有读权限。  According to the user password input above, the user storage area corresponding to the user password is matched. For example, if the input user password matches the read password of the user B1, the reader/writer has read permission for the storage area of the user B1 of the label.

歩骤 104, 所述标签根据权限和用户存储区, 执行接收到的控制命令。 所述控制命令包括, 如果所述用户密码的权限为读权限, 则将所述用户 密码对应的用户存储区中的数据发送给所述读写器; 如果所述用户密码的权 限为写权限, 则允许所述读写器输入数据写入所述用户密码对应的用户存储 区和 /或读取对应用户存储区的数据; 如果所述用户密码没有与标签中任何一 个用户密码匹配, 则不允许该控制命令对任何用户存储区执行操作。 作为本发明的一个进一歩的实施例, 所述读写器与标签之间采用加密方 式通信。 所述的加密方式可以采用数据加密算法 (Data Encrypt ion Algorithm, DEA)或高级力口密标准 ( Advanced Encrypt ion Standard , AES ) 。 Step 104: The tag executes the received control command according to the authority and the user storage area. The control command includes: if the permission of the user password is a read permission, sending data in a user storage area corresponding to the user password to the reader/writer; if the permission of the user password is a write permission, And allowing the reader/writer input data to be written into the user storage area corresponding to the user password and/or reading data of the corresponding user storage area; if the user password does not match any one of the user passwords in the label, This control command performs operations on any user memory area. As a further embodiment of the present invention, the reader/writer communicates with the tag in an encrypted manner. The encryption method may be a Data Encryption Algorithm (DEA) or an Advanced Encryption Standard (AES).

如图 2所示为本发明实施例 RFID系统中标签访问控制方法流程图。  2 is a flow chart of a method for controlling tag access in an RFID system according to an embodiment of the present invention.

包括歩骤 201, 建立与外界设备的连接。 例如, 通过射频方式与读写器建 立连接, 可以为现有技术中读写器和标签的连接方式; 或者还可以为标签通 过读写器与计算机等设备的连接, 用于设置标签参数、 读取或者写入数据。  Including step 201, establishing a connection with an external device. For example, the connection between the reader and the reader through the radio frequency method can be the connection method of the reader/writer and the label in the prior art; or the label can be connected to the computer through a reader/writer, etc., for setting the label parameter and reading. Take or write data.

歩骤 202, 接收用户密码。  Step 202: Receive a user password.

歩骤 203, 在至少包括两个用户的用户密码区中匹配所述用户密码的权 限, 并匹配出该用户密码对应的用户存储区。  Step 203: Match the user password in the user password area including at least two users, and match the user storage area corresponding to the user password.

歩骤 204, 根据权限和用户存储区, 执行接收到的控制命令。  Step 204: Execute the received control command according to the permission and the user storage area.

其中用户密码区包括多个用户的读密码和写密码, 所述用户密码与所述 读密码或者写密码匹配, 则该用户对标签的相应用户存储区具有读权限或者 写权限。  The user password area includes a read password and a write password of a plurality of users, and the user password matches the read password or the write password, and the user has read permission or write permission to the corresponding user storage area of the label.

在标签与外界设备通信时, 包括发送射频信号和接收射频信号时, 都可 以采用加密方式进行传送, 可以采用 DEA或者 AES等加密方式。  When the tag communicates with the external device, including transmitting the RF signal and receiving the RF signal, it can be transmitted by encryption. It can be encrypted by DEA or AES.

作为本发明实施例的一个进一歩的方面, 在歩骤 202后还可以包括判断该 标签的标识位是否为特定值, 如果标识位为特定值则在至少包括两个用户的 用户密码区中匹配所述用户密码的权限, 并匹配出该用户密码对应的用户存 储区, 否则直接进行现有技术中不区分用户的访问流程, 例如匹配访问密码, 然后对标签进行访问的流程。  As a further aspect of the embodiment of the present invention, after the step 202, the method further includes: determining whether the identifier of the label is a specific value, and if the identifier is a specific value, matching in a user password area including at least two users. The user password is matched with the user storage area corresponding to the user password. Otherwise, the process of not distinguishing the user's access process, such as matching the access password, and then accessing the label, is directly performed.

通过上述实施例中的用户密码区和用户存储区, 可以实现控制用户对标 签中不同数据的读取或者写入, 增强标签中数据的安全性, 并且通过加密解 密方式实现了标签与外界设备之间的通信不再是明文传送, 增强了通信中的 数据安全性。  Through the user password area and the user storage area in the foregoing embodiment, it is possible to control the user to read or write different data in the label, enhance the security of the data in the label, and implement the label and the external device through encryption and decryption. Inter-communication is no longer a clear text transmission, enhancing data security in communications.

其中, 如图 3所示为本发明实施例中标签存储区的结构图。 所述标签的用户区 (USER) 中具有 16个存储区, 每个存储区都是某个用 户专用的存储区, 每个用户的存储区地址例如为 00h到 0fhFIG. 3 is a structural diagram of a label storage area in an embodiment of the present invention. The user area (USER) of the tag has 16 storage areas, each of which is a user-specific storage area, and each user's storage area address is, for example, 00 h to 0f h .

在标签的保留区 (RESERVED) 中包括, 具有设置控制密码 (Configure Password) , 定义了标签芯片中各存储器设置加密方式的密码, 即如果设置 控制密码正确则可以更改除了用户存储区外的 EPC信息或配置位的使用。  In the reserved area of the label (RESERVED), there is a password for setting a control password (Configure Password), which defines the encryption mode of each memory setting in the tag chip, that is, if the control password is set correctly, the EPC information except the user storage area can be changed. Or the use of configuration bits.

在标签的保留区中还包括, 标签设置控制 (Tag Configure Control ) : 定义了采用该设置控制标签存储器指定区块的可读 /写的状态与所对应区块 的地址指针。  Also included in the reserved area of the tag is Tag Configure Control: This setting is used to control the read/write status of the specified block of the tag memory and the address pointer of the corresponding block.

用户密码 (User Password) : 定义了特殊用户存储器区块的读 /写密码。 用户密码区的区块为 Β(ΓΒ15, 分别代表不同的用户, OOrTlFn为用户 Β0的读密 码 (Read Password) 区块, 20rT3Fn为用户 B0的写密码 (Write Password) 存储区块, 由此类推至 ΙΕΟη 〜 lFFn。  User Password: Defines the read/write password for a special user memory block. The block of the user password area is Β (ΓΒ15, representing different users, OOrTlFn is the read password block of user Β0, 20rT3Fn is the write password storage block of user B0, and so on. ΙΕΟη ~ lFFn.

所述标签的存储标签识别号码 (TID ) 区, 用于存储该标签的出厂信息等 内容。  The tag identification number (TID) area of the tag is used to store the factory information of the tag and the like.

所述标签的 EPC区, 用于存储 EPC编码, 以及协议文件和参数。 其中, 标签设置控制中具有标识位, 用于标识该标签是否支持多用户存 储区, 如果所述标识位为特定值, 例如为 1则该标签支持多用户存储区, 用接 收到的用户密码匹配用户密码区中的多个用户密码, 否则直接进行现有技术 中不区分用户的访问流程, 例如匹配访问密码, 然后对标签进行访问的流程。  The EPC area of the tag is used to store EPC codes, as well as protocol files and parameters. The tag setting control has an identifier bit for identifying whether the tag supports a multi-user storage area. If the identifier bit is a specific value, for example, the tag supports a multi-user storage area, and the received user password is matched. Multiple user passwords in the user password area. Otherwise, the process of accessing the user without distinguishing the access process, such as matching the access password, and then accessing the label, is directly performed.

在本发明实施例中对所述标签的保留区中的标签设置控制字段进行如下 表 1定义, 作为本领域技术人员可以理解的是, 如下表 1定义只是实施本发明 方法的一种示例, 并不应该理解为限定本发明的实施方式。  In the embodiment of the present invention, the label setting control field in the reserved area of the label is defined as follows in Table 1. As can be understood by those skilled in the art, the following Table 1 defines only one example of implementing the method of the present invention, and It should not be construed as limiting the embodiments of the invention.

标签设置控制的定义  Definition of label setting control

子" 1 A 定义  Child "1 A definition

该位如果为 "0" , 则与 EPC C1G2标准一致, 否则进行本发 If this bit is "0", it is consistent with the EPC C1G2 standard.

60h 60h

明匹配用户密码的流程 与外界通信时的加密方式, 当 40h = 0, 代表设置控制密码The process of matching user passwords The encryption method when communicating with the outside world, when 40h = 0, it means setting the control password.

61h-62h 正确可以对标签 EPC信息或配置位进行操作; 012 AES; 102 61h-62h Correctly operate the label EPC information or configuration bits; 012 AES; 102

3-DES; 112 RFU, 只对保留内存区有效  3-DES; 112 RFU, valid only for reserved memory areas

63h 选择功能有效位, 如果为 0, 禁用选择功能。  63h Selects the function valid bit. If it is 0, the selection function is disabled.

64h RFU (保留内存区)  64h RFU (reserved memory area)

65h-68h 默认用户存储索引, 最大 16个用户存储区块。  65h-68h Default user storage index, up to 16 user memory blocks.

用户存储区的存储模式, "0"为小容量模式, "1"是大容 User storage area storage mode, "0" is small capacity mode, "1" is large capacity

69h 69h

量模式。  Volume mode.

用户存储区块访问控制, "0"为所有区块, "1"为独立区 User memory block access control, "0" for all blocks, "1" for independent area

6Ah 6Ah

块访问。  Block access.

6Bh RFU  6Bh RFU

用户存储区块数减 "1" , 00002 表示区块 1, 11112 表示 The number of user memory blocks is reduced by "1", 00002 means block 1, 11112

6Ch-6Fh 6Ch-6Fh

区块 16.  Block 16.

上述的标签设置控制字段中,还可以包括射频参数的定义,例如表 2所示。 表 2 标签设置控制字段中的射频参数定义 The label setting control field mentioned above may also include definitions of radio frequency parameters, as shown in Table 2. Table 2 Definition of RF parameters in the Label Settings Control field

字节位 定义 Byte bit definition

连续频率位 (用于抗干扰, 不同的数表示标签工作的频段) Continuous frequency bits (for anti-jamming, different numbers indicate the frequency band in which the tag operates)

70h-71h 00: 840MHz; 01: 880MHz; 10: 920MHz (default); 11: 70h-71h 00: 840MHz; 01: 880MHz; 10: 920MHz (default); 11:

960MHz  960MHz

72h 功率改变模式。 (0为正常模式; 1为负载模式。 ) 72h power change mode. (0 is the normal mode; 1 is the load mode.)

73h-7Fh RFU  73h-7Fh RFU

在图 3中的用户存储区控制 (User Memory Control) 字段的定义如表 3所 , 用于存放用户存储区的参数。 The User Memory Control field in Figure 3 is defined as Table 3, which is used to store the parameters of the user memory area.

表 3 标签保留区中用户存储区控制字段的定义 字节位 定义 Table 3 Definition of User Store Control Fields in Label Reservations Byte bit definition

区块 0大小是多少位:  What is the size of block 0:

如果用户采用小存储模式, 贝 IJ : 002:2 Bytes; 012:4 If the user adopts the small storage mode, IJ: 002:2 Bytes; 012:4

80h - 81h Bytes ;102 :8 Bytes; 112: 16 Bytes. 80h - 81h Bytes ;102 :8 Bytes; 112: 16 Bytes.

如用户选用大存储模式, 贝 IJ : 002:16 Bytes; 012:32 Bytes ;102 :64 Bytes; 112: 128 Bytes.  If the user chooses the large storage mode, IJ: 002:16 Bytes; 012:32 Bytes; 102:64 Bytes; 112: 128 Bytes.

区块 0访问位:  Block 0 access bits:

82h-83h 002: 只读; 012:只写; 102:读 /写; 112:区块前缀锁定, 多选 区块的选定  82h-83h 002: Read only; 012: Write only; 102: Read/write; 112: Block prefix lock, multiple selection Block selection

… 其它区块的访问位  ... access bits for other blocks

BCh-BDh 区块 15大小位.  BCh-BDh block 15 size.

BEh-BFh 区块 15访问位. 如图 4所示为本发明实施例 RFID系统中标签的结构图。  BEh-BFh block 15 access bit. Fig. 4 is a structural diagram of a tag in an RFID system according to an embodiment of the present invention.

包括射频单元 401, 用户数据区 402, 用户密码区 403, 匹配单元 404, 执 行单元 405。  The radio unit 401, the user data area 402, the user password area 403, the matching unit 404, and the executing unit 405 are included.

所述射频单元 401, 用于与外界设备进行连接, 并接收用户密码。  The radio frequency unit 401 is configured to connect with an external device and receive a user password.

所述用户数据区 402, 其中包括至少两个用于存储用户数据的用户存储 区。  The user data area 402 includes at least two user storage areas for storing user data.

所述用户密码区 403, 用于存储至少两个用户的密码及权限。  The user password area 403 is configured to store passwords and permissions of at least two users.

所述匹配单元 404, 用于在所述用户密码区中匹配所述用户密码的权限, 并匹配出该用户密码对应的用户存储区。  The matching unit 404 is configured to match the user password in the user password area, and match the user storage area corresponding to the user password.

所述执行单元 405,用于根据权限和用户存储区,执行接收到的控制命令。 在本发明实施例中还可以包括加密单元 406和解密单元 407, 分别与连接 于射频单元 401和匹配单元 404之间, 用于对标签发送的数据进行加密和对接 收到的数据进行解密。 还包括标识单元 408, 分别连接于射频单元和匹配单元 404之间, 用于识 别所述标签中的标识位是否为特定值, 如果标识位为特定值则通知所述匹配 单元在所述用户密码区中匹配所述用户密码的权限, 并匹配出该用户密码对 应的用户存储区, 否则直接进行现有技术中不区分用户的访问流程, 例如匹 配访问密码, 然后对标签进行访问的流程。 The executing unit 405 is configured to execute the received control command according to the authority and the user storage area. In the embodiment of the present invention, an encryption unit 406 and a decryption unit 407 may be further included between the radio unit 401 and the matching unit 404 for encrypting data sent by the label and decrypting the received data. The identifier unit 408 is further connected between the radio frequency unit and the matching unit 404, and is used to identify whether the identifier bit in the label is a specific value, and if the identifier bit is a specific value, notify the matching unit of the user password. The user in the area matches the user password and matches the user storage area corresponding to the user password. Otherwise, the process of not distinguishing the user's access process, such as matching the access password, and then accessing the label, is directly performed.

如图 5所示为本发明实施例 RFID系统的结构示意图。  FIG. 5 is a schematic structural diagram of an RFID system according to an embodiment of the present invention.

包括读写器 501, 标签 502。  Including reader/writer 501, tag 502.

所述读写器 501与标签 502建立连接, 标签 502判断标识位是否支持多用户 的安全访问, 如果不支持则进入现有技术中的标签访问流程, 所述现有技术 中的标签访问流程在此不再赘述。  The reader/writer 501 establishes a connection with the tag 502. The tag 502 determines whether the tag supports the secure access of the multi-user. If not, the tag access process is entered in the prior art. This will not be repeated here.

根据标签中的标识位判别安全访问的方式, 读写器获知标签是否支持多 用户的安全访问, 如果支持多用户的安全访问, 所述读写器发送用户密码, 标签接收到用户密码后与用户密码区中的用户密码进行匹配, 如果接收到的 用户密码与用户密码区中的某个用户密码相匹配则确定该连接的用户能够访 问的用户存储区, 例如接收到的用户密码为用户 Bl, 则该用户可以访问用户 B1的用户存储区, 并且确认该接收到用户密码的访问权限, 例如, 接收到的 用户密码与用户密码区中 B1的写权限密码相匹配, 则允许该连接的用户访问 用户存储区 Bl, 并且该用户可以在用户存储区 B1进行写入操作, 当接收到读 写器的操作命令时, 标签根据所述用户密码的权限对相应的存储区进行读取 或者写入的操作。  According to the identification bit in the tag, the reader can know whether the tag supports secure access by multiple users. If the multi-user secure access is supported, the reader sends the user password, and the tag receives the user password and the user. The user password in the password area is matched. If the received user password matches a user password in the user password area, the user storage area that the connected user can access is determined. For example, the received user password is the user Bl. Then, the user can access the user storage area of the user B1, and confirm the access right of receiving the user password. For example, if the received user password matches the write permission password of B1 in the user password area, the connected user is allowed to access. The user storage area B1, and the user can perform a write operation in the user storage area B1. When receiving the operation command of the reader/writer, the label reads or writes to the corresponding storage area according to the permission of the user password. operating.

通过上述实施例中的用户数据区和用户密码区, 可以在一个标签内实现 区分用户的安全访问机制, 能够增强现有 RFID系统的数据安全性。  Through the user data area and the user password area in the above embodiment, the user's secure access mechanism can be implemented in one tag, and the data security of the existing RFID system can be enhanced.

通过以上的实施方式的描述, 本领域的技术人员可以清楚地了解到本发 明可以通过硬件实现, 也可以借助软件加必要的通用硬件平台的方式来实现。 基于这样的理解, 本发明的技术方案可以以软件产品的形式体现出来, 该软 件产品可以存储在一个非易失性存储介质 (可以是 CD-ROM, U盘, 移动硬盘 等) 中, 包括若干指令用以使得一台计算机设备 (可以是个人计算机, 服务 器, 或者网络设备等) 执行本发明各个实施例所述的方法。 Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented by hardware or by software plus a necessary general hardware platform. Based on such understanding, the technical solution of the present invention can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (can be a CD-ROM, a U disk, a mobile hard disk) And the like, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform the methods described in various embodiments of the present invention.

以上所述的具体实施方式, 对本发明的目的、 技术方案和有益效果进行 了进一歩详细说明, 所应理解的是, 以上所述仅为本发明的具体实施方式而 已, 并不用于限定本发明的保护范围, 凡在本发明的精神和原则之内, 所做 的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。  The specific embodiments of the present invention have been described in detail with reference to the preferred embodiments of the present invention. The scope of the invention, any modifications, equivalents, improvements, etc., made within the spirit and scope of the invention are intended to be included within the scope of the invention.

Claims

权 利 要 求 书 Claim 1.一种 RFID访问控制方法, 其特征在于包括: An RFID access control method, comprising: 读写器与标签建立连接;  The reader establishes a connection with the tag; 所述读写器向所述标签发送用户密码;  The reader/writer sends a user password to the tag; 所述标签在至少包括两个用户的用户密码区中匹配所述用户密码的权 限, 并匹配出该用户密码对应的用户存储区;  The tag matches the user password in a user password area including at least two users, and matches the user storage area corresponding to the user password; 所述标签根据权限和用户存储区, 执行接收到的控制命令。  The tag executes the received control command according to the authority and the user storage area. 2.根据权利要求 1所述的方法, 其特征在于, 所述标签与所述读写器之间 采用加密方式通信。  The method according to claim 1, wherein the tag and the reader/writer communicate in an encrypted manner. 3.根据权利要求 1所述的方法, 其特征在于, 在所述读写器向所述标签发 送用户密码中还包括, 所述标签判断该标签的标识位是否为特定值, 如果所 述标识位为特定值则在至少包括两个用户的用户密码区中匹配所述用户密码 的权限, 并匹配出该用户密码对应的用户存储区。  The method according to claim 1, wherein the reader/writer sends the user password to the label, the method further includes: the label determining whether the identifier of the label is a specific value, if the identifier The bit is a specific value, and the user password is matched in the user password area including at least two users, and the user storage area corresponding to the user password is matched. 4.一种 RFID系统中标签访问控制方法, 其特征在于包括,  A tag access control method in an RFID system, characterized in that 建立与外界设备的连接;  Establish a connection with external devices; 接收用户密码;  Receive user password; 在至少包括两个用户的用户密码区中匹配所述用户密码的权限, 并匹配 出该用户密码对应的用户存储区;  Matching the user password in a user password area including at least two users, and matching the user storage area corresponding to the user password; 根据权限和用户存储区, 执行接收到的控制命令。  The received control command is executed according to the authority and the user storage area. 5.根据权利要求 4所述的方法, 其特征在于, 在所述标签向外界设备发送 数据时, 对发送的数据进行加密, 在所述标签接收外界设备数据时, 对接收 到的数据进行解密。  The method according to claim 4, wherein when the tag sends data to the external device, the sent data is encrypted, and when the tag receives the external device data, the received data is decrypted. . 6.根据权利要求 4所述的方法, 其特征在于, 在接收用户密码后还包括, 判断该标签的标识位是否为特定值, 如果所述标识位为特定值则在至少包括 两个用户的用户密码区中匹配所述用户密码的权限, 并匹配出该用户密码对 应的用户存储区。 The method according to claim 4, further comprising: after receiving the user password, determining whether the identifier bit of the tag is a specific value, and if the identifier bit is a specific value, comprising at least two users The user password area matches the user password and matches the user password pair. The user store should be. 7.—种 RFID系统中的标签, 其特征在于包括,  7. A tag in an RFID system, characterized by comprising 射频单元, 用于与外界设备进行连接, 并接收用户密码;  a radio unit for connecting to an external device and receiving a user password; 用户数据区, 其包括至少两个用于存储用户数据的用户存储区; 用户密码区, 用于存储至少两个用户的密码及权限;  a user data area, which includes at least two user storage areas for storing user data; a user password area for storing passwords and rights of at least two users; 匹配单元, 用于在所述用户密码区中匹配所述用户密码的权限, 并匹配 出该用户密码对应的用户存储区;  a matching unit, configured to match the user password in the user password area, and match the user storage area corresponding to the user password; 执行单元, 用于根据权限和用户存储区, 执行接收到的控制命令。  An execution unit, configured to execute the received control command according to the permission and the user storage area. 8.根据权利要求 7所述的标签,其特征在于还包括,加密单元和解密单元, 分别与连接于所述射频单元和匹配单元之间, 用于对标签发送的数据进行加 密和对接收到的数据进行解密。  The tag according to claim 7, further comprising: an encryption unit and a decryption unit, respectively connected to the radio frequency unit and the matching unit, configured to encrypt and receive the data sent by the tag. The data is decrypted. 9.根据权利要求 7所述的标签, 其特征在于还包括标识单元, 分别连接于 射频单元和匹配单元之间, 用于识别所述标签中的标识位是否为特定值, 如 果所述标识位为特定值则通知所述匹配单元在所述用户密码区中匹配所述用 户密码的权限, 并匹配出该用户密码对应的用户存储区。  The tag according to claim 7, further comprising an identification unit respectively connected between the radio frequency unit and the matching unit, configured to identify whether the identification bit in the tag is a specific value, if the identifier bit For a specific value, the matching unit is notified to match the user password in the user password area, and the user storage area corresponding to the user password is matched. 10.—种 RFID系统, 其特征在于包括,  10. An RFID system, characterized by comprising 读写器, 用于与标签建立连接, 并向所述标签发送用户密码;  a reader, configured to establish a connection with the tag, and send a user password to the tag; 所述标签, 用于接收所述用户密码; 在至少包括两个用户的用户密码区 中匹配所述用户密码的权限, 并匹配出该用户密码对应的用户存储区; 根据 权限和用户存储区, 执行接收到的控制命令。  The tag is configured to receive the user password; the user password in the user password area including at least two users is matched, and the user storage area corresponding to the user password is matched; according to the permission and the user storage area, Execute the received control command.
PCT/CN2010/076580 2010-09-02 2010-09-02 Method and device for radio frequency identification(rfid) access control Ceased WO2012027898A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2010800687911A CN103080949A (en) 2010-09-02 2010-09-02 Method and device for radio frequency identification(RFID) access control
PCT/CN2010/076580 WO2012027898A1 (en) 2010-09-02 2010-09-02 Method and device for radio frequency identification(rfid) access control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2010/076580 WO2012027898A1 (en) 2010-09-02 2010-09-02 Method and device for radio frequency identification(rfid) access control

Publications (1)

Publication Number Publication Date
WO2012027898A1 true WO2012027898A1 (en) 2012-03-08

Family

ID=45772086

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2010/076580 Ceased WO2012027898A1 (en) 2010-09-02 2010-09-02 Method and device for radio frequency identification(rfid) access control

Country Status (2)

Country Link
CN (1) CN103080949A (en)
WO (1) WO2012027898A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060084165A (en) * 2005-01-19 2006-07-24 엘지전자 주식회사 Apparatus and method for automatically controlling the operating environment of electronic devices for multiple users
CN101027699A (en) * 2004-08-13 2007-08-29 意大利电信股份公司 Method and system for safety managing data stored on electronic label
CN101089872A (en) * 2006-06-13 2007-12-19 中兴通讯股份有限公司 A communication method between reader and tag in RFID system
CN101136073A (en) * 2007-10-15 2008-03-05 北京派瑞根科技开发有限公司 Electronic label safety identification method
CN101322141A (en) * 2005-12-15 2008-12-10 国际商业机器公司 Method and system for comparing and authenticating items using radio frequency identification tags

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7391331B1 (en) * 2007-08-24 2008-06-24 Robelight, Llc System and method for providing visual and physiological cues in a security matching system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101027699A (en) * 2004-08-13 2007-08-29 意大利电信股份公司 Method and system for safety managing data stored on electronic label
KR20060084165A (en) * 2005-01-19 2006-07-24 엘지전자 주식회사 Apparatus and method for automatically controlling the operating environment of electronic devices for multiple users
CN101322141A (en) * 2005-12-15 2008-12-10 国际商业机器公司 Method and system for comparing and authenticating items using radio frequency identification tags
CN101089872A (en) * 2006-06-13 2007-12-19 中兴通讯股份有限公司 A communication method between reader and tag in RFID system
CN101136073A (en) * 2007-10-15 2008-03-05 北京派瑞根科技开发有限公司 Electronic label safety identification method

Also Published As

Publication number Publication date
CN103080949A (en) 2013-05-01

Similar Documents

Publication Publication Date Title
US8789146B2 (en) Dual interface device for access control and a method therefor
KR100931507B1 (en) Communication Data protection Method based on Symmetric Key Encryption in RFID system, AND APPARATUS FOR ENABLING THE METHOD
JP2021192265A (en) Data security system with cipher
CN101755291A (en) Method, system and trusted service manager for securely transmitting an application to a mobile phone
CN102047259A (en) System of providing a fixed identification of a transponder while keeping privacy and avoiding tracking
Nagashree et al. Near field communication
CN103902402A (en) Radio frequency tag safety chip device and data processing method thereof
JP4681314B2 (en) Wireless communication system, reader / writer device, key management method, and computer program
CN100545861C (en) A transmission method of radio frequency tag storage structure with transmission encryption and access control
JP2007183790A (en) RFID device, RFID system, and access control method
WO2019082526A1 (en) Portable electronic device and ic module
CN108875879A (en) A kind of two-way authorization authentication method and device based on the close security algorithm of state
KR101162227B1 (en) RFID Terminal
KR101162196B1 (en) System and Method for Assigning Dynamic ID to RFID Tag, RFID Tag, RFID Terminal and Recording Medium
WO2012027898A1 (en) Method and device for radio frequency identification(rfid) access control
CN106384139A (en) RFID reader-writer based on hardware security encryption
CN106529651B (en) A Radio Frequency Card Using Double Encryption Algorithm
CN101009555A (en) An intelligent secret key device and the method for information interaction with the host
KR101077860B1 (en) RFID tag
KR100862009B1 (en) Secure RFID tag and RFID reader (or terminal) authentication method and system for authenticating RFID reader (or terminal)
EP2620902A1 (en) Central security device, system and method for smart cards
CN103098081B (en) Data transmission method in a kind of passive ultrahigh frequency radio frequency identification and device
JP5022434B2 (en) IC chip supporting large capacity memory and supporting method
KR101077867B1 (en) RFID Terminal
KR101077864B1 (en) RFID tag

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201080068791.1

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10856585

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10856585

Country of ref document: EP

Kind code of ref document: A1