於使用唯讀式標籤之RFID系統保護被連結資訊的方法

Method for Protecting Information for Systems Connected with RFID Read-only Tags

許義昌(Yi-Chang Hsu)；王盈文(Ying-Wen Wang)；吳建興(Chyen-Hsing Wu)

無線射頻識別(RFID) ； 資訊保護 ； 授權 ； 個體識別 ； RFID ； Information Protection ； Authorization ； Identification

資訊安全通訊

23卷2期（2017 / 04 / 01）

43 - 56

繁體中文

本研究提出的方法，包含一個「保護運算式」與對應的一個「回復運算式」；這兩個運算式都是在資訊系統上執行，可應用於使用唯讀式標籤之RFID系統中保護被連結之資訊。「保護運算式」的執行，可將「個體的識別用資料」、「連結個體之標籤的序號」、及「被授權讀取個體資訊之人員的授權碼」等三項資料轉換成一個「對應關係替代碼」，使得系統中不必記錄標籤序號與個體識別用資料之對應關係；故，僅根據標籤序號或僅根據授權碼，並無法連結到個體的識別用資料，也無法得知個體之資訊。個體的識別用資料之取得，可以使用「連結該個體之標籤的序號」、「被授權讀取該個體資訊之人員的授權碼」、及對應的「替代碼」等三項資料作為「回復運算式」之輸入，其輸出即為該個體的識別用資料；若有任一項輸入是錯誤的，就無法回復出正確的識別用資料。

This study presents a ＂protected operation computation＂ corresponding to a ＂reverse operation computation＂, both performed within data systems. Using the ＂protected operations computation＂, ＂individual identifying data＂, ＂linking of individual tag serial numbers＂ and ＂access to personal information authorization codes＂ to create a ＂substitution code＂, the system needs not record the relationships between tag serial numbers and individual identifiers. Thus, since the tag serial numbers and authorization codes can't be found in the system, even if someone gains access to tag serial numbers or authorization codes only, the data can't be linked to specific individuals. Acquired personal identifier data must use ＂links to individual tag serial numbers＂, ＂access to personal information authorization codes＂ and the corresponding ＂substitution code＂ as inputs for the ＂reverse operation computation＂, resulting in output of personal identifier data. If any one or more inputs for the ＂reverse operation computation＂ are incorrect, the output will not provide personal identifier data.

1. J. Pearson, “Securing the Pharmaceutical Supply Chain with RFID and Public-key Infrastructure (PKI) Technologies,” Texas Instruments White Paper, 2005..
2. GS1, EPC™ Radio-Frequency Identity Protocols Generation-2 UHF RFID, http://www.gs1.org/sites/default/files/docs/epc/uhfc1g2_2_0_0_standard_20131101.pdf (2017/3/3).
3. H. Stockman, “Communications by means of reflected power,” Proceedings of IRE, vol. 36, iss. 10, pp. 1196-1204, 1948.
4. 黃景彰，用於保護數位祕密的方法及其系統，中華民國發明專利第I255121 號，2006。
5. M. Feldhofer, “A Proposal for Authentication Protocol in a Security Layer for RFID Smart Tags,” Stiftung Secure Information and Communication Technologies SIC, 2003. [3] GS1, EPC Tag Data Standard, Version 1.9, Ratified, Nov-2014, http://www.gs1.org/sites/default/files/docs/epc/TDS_1_9_Standard.pdf(2017/3/2).
6. Dominikus, S.,Oswald, E.,Feldhofer, M.(2005).Symmetric Authentication for RFID Systems in Practice.Workshop on RFID and Lightweight Crypto
7. Juels, A.(2006).RFID Security and Privacy: A Research Survey.IEEE J. Selected Areas in Comm.,24(2),381-394.
8. Juels, A.(2004).Minimalist Cryptography for Low-cost RFID Tag.Conference on Security in Communication Networks
9. Juels, A.(2005).Strengthening EPC Tags Against Cloning.ACM Workshop on Wireless Security
10. Juels, A.,Pappu, R.(2003).Squealing Euros: Privacy Protection in RFID-Enabled Banknotes.Proc. Financial Cryptography
11. Lee, S. M.,Hwang, Y. J.,Lee, D. H.,Lim, J. I.(2005).Efficient Authentication for Low-Cost RFID systems.International Conference on Computational Science and its Applications - ICCSA 2005
12. Lehtonen, M.,Staake, T.,Michahelles, F.,Fleisch, E.(2006).From identification to authentication - a review of RFID product authentication techniques.Workshop on RFID Security - RFIDSec 2006
13. Lim, T.-L.,Li, T.,Gu, T.(2008).Secure RFID Identification and Authentication Triggered Hash Chain Variants.14th IEEE International Conference on Parallel and Distributed Systems
14. Molnar, D.,Soppera, A.,Wagner, D.(2005).A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags.Selected Areas in Cryptography
15. Molnar, D.,Wagner, D.(2004).Privacy and Security in Library RFID: Issues, Practices, and Architectures.Conference on Computer and Communications Security - CCS 2004
16. Ngai, E.W.T.,Moon, K.K.L.,Riggins, F.J.,Yi, C.Y.(2008).RFID research: an academic literature review (1995-2005) and future research directions.International Journal of Production Economics,112,510-520.
17. Ohkubo, M.,Suzuki, K.,Kinoshita, S.(2005).RFID Privacy Issues and Technical Challenges.Communications of the ACM,48(9),66-71.
18. Ohkubo, M.,Suzuki, K.,Kinoshita, S.(2003).Cryptographic Approach to Privacy-Friendly Tags.RFID Privacy Workshop
19. Sarac, A.,Absi, N.,Dauzre-Prs, S.(2010).A literature review on the impact of RFID technologies on supply chain management.Int. J. Prod. Econ.,128,77-95.
20. Tsudik, G.(2006).YA-TRAP: Yet Another Trivial RFID Authentication Protocol.International Conference on Pervasive Computing and Communications
21. Tuyls, P.,Batina, L.(2006).RFID-Tags for Anti-Counterfeiting.The Cryptographers' Track at the RSA Conference (CT-RSA)
22. Wamba, S.F.,Anand, A.,Carter, L.(2013).A literature review of RFID-enabled healthcare applications and issues.Int J Inf Manag,33(5),75-891.
23. Weis, S.,Sarma, S.,Rivest, R.,Engels, D.(2003).Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems.1st Intern. Conference on Security in Pervasive Computing (SPC)
24. Zhang, X.,King, B.(2005).Integrity Improvements to an RFID Privacy Protection Protocol for Anti-Counterfeiting.Information Security Conference
25. Zhu, X.,Mukhopadhyay, S.F.,Kurata, H.(2012).A review of RFID technology and its managerial applications in different industries.J. Eng. Technol. Manag,29(1),152-167.