• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The device and procedure for training and identification of contactless cards by radiofrequency characterization comprises a support (1) for card positioning in which the card to be identified is placed, an emitting element (2) of a radio frequency signal that sends the signal and the subsequent electromagnetic field, towards the support (1), a reconfigurable disperser element (4) that, together with the card, disperses the electromagnetic field, a receiver element (3) that collects the field dispersed by the card, and a controller (5) that gives the order to send the radio frequency signal to the emitting element (2), reconfigures the dispersing element (4), receives the signal collected by the receiving element (3) and performs the classification of the card, achieving a unique identification associated with each card, so that attacks that try to impersonate your identity are avoided. (Machine-translation by Google Translate, not legally binding)
    公开号:ES2784535A1
    申请号:ES201930266
    申请日:2019-03-25
    公开日:2020-09-28
    发明作者:Escartín Juan Carlos García;MORALES Mª JESÚS GONZÁLEZ;Díez Pablo Martín
    申请人:Universidad de Valladolid;
    IPC主号:
    专利说明:

    [0002] OBJECT OF THE INVENTION
    [0004] The invention refers to a device and procedure for training and identifying contactless cards by radio frequency characterization, which achieves a unique identification associated with each card, so that attacks that try to impersonate its identity are avoided.
    [0006] BACKGROUND OF THE INVENTION
    [0008] Radio frequency card identification devices (RFID), such as those used to facilitate entry to restricted access areas, are generally based on the identification of these from some unique information they contain, such as a secret key stored on your chip. But the problem arises that there are mechanisms to create a copy of the cards by extracting, for example, the chip key, which is replicated on another card, thus being able to fool the identification devices and supplant the identity of the original card.
    [0010] To solve this problem, it is proposed that the cards can be identified, in addition to the secret keys stored in the chips, by some of their unique physical characteristics that can be evaluated. In the current state of the art, various ways of implementing this type of individualized identification are known.
    [0012] There is a proposal that consists of adding elements to the cards, such as metal chips, in a random way, in such a way that a fingerprint type identification is generated, which allows the cards to be identified, as described in the Vasileios Lakafosis document in “RFID-CoA: The RFID tags as Certificates of Authenticity”, 2011 IEEE International Conference on RFID-Technologies and Applications. In this way, each card is different from any other. The drawback of this proposal is that it involves physically modifying the cards by adding the elements mentioned later to their manufacturing process.
    [0013] There are also several proposals to uniquely identify the cards based on their physical characteristics, based on the fact that the response of the cards to certain signals varies from one to another. A detailed analysis can be found in the publication of Danev, B., Zanetti, D., Capkun, S: “On physical-layer Identification of wireless devices ( Review)” ACM Computing Surveys, Vol. 45, No. 1, Article 6 , November 2012.
    [0015] On the other hand, there are challenge-response protocols that are used in authentication processes based on the physical characteristics of different optical devices and systems. This is the case, for example, of document WO2010105993 (A2) “System and method for security purposes” and document EP2693685 (B1) “Quantum secure device, system and method for verifying challenge-response pairs using a physically unclonable function ( PUF ) ".
    [0017] DESCRIPTION OF THE INVENTION
    [0019] The device and procedure for training and identification of contactless cards by radiofrequency characterization proposed by the present invention solves the problems or drawbacks mentioned above, since by incorporating a unique identification associated with each card it is possible to avoid attacks that try to impersonate this.
    [0021] The device object of this invention consists of a support for positioning the card, an emitting element, a receiving element, a reconfigurable dispersing element and a controller; and the method of identification of contactless cards proposed by the present invention consists of a training stage, a challenge-response protocol and a card classification method.
    [0023] Specifically, what the invention proposes is, in the first place, a support on which the card to be identified is positioned, that is, it will be determined whether the card belongs to the group of those registered by the controller.
    [0025] The emitting element, when it receives the order from the controller, sends a radio frequency signal to the support where the card is located.
    [0026] Cards are normally designed to operate in a certain frequency range of the radio frequency signal. By subjecting the cards to the signal in said frequency range, the mass produced cards do not show any appreciable difference between them in their physical response. However, the emitting element of the device of the following invention emits a radio frequency signal in a frequency range that is well above the range for which the cards are designed, mentioned above. When receiving this radio frequency signal at a higher frequency, the cards act as electromagnetic dispersers that in this case do show appreciable differences between them in their physical response to the signal. These differences between the physical responses of the cards are due to the natural variability in the manufacturing process, which introduces imperfections in some of the card's elements, particularly in its antenna, causing the dispersed electromagnetic field to have certain unique characteristics. on each card.
    [0028] Once the emitting element emits the radio frequency signal that constitutes an electromagnetic field, it passes through the card that acts as an electromagnetic disperser, generating a unique response compared to the other cards. We are going to call the dispersion of the electromagnetic field scattering scenario.
    [0030] The receiving element then receives and records the field scattered by the card and sends it to the controller. This field will therefore be the one that allows each card to be identified.
    [0032] In addition to supplanting the identity of the card by subtracting the key from its chip, as explained in the previous section, its identity can also be supplanted by means of an external element that reproduces the response to the radio frequency signal. expected to be received by the authentic card. To avoid this problem, the invention includes the aforementioned reconfigurable disperser element, which is located next to the support for positioning the card. Its purpose is to alter the scattering scenario, so that the electromagnetic field generated by the transmitter is dispersed differently by the card together with the scattering element for each configuration of the card. In this way, the receiver measures a different response for each configuration of the disperser element. Thus, different alternatives can be generated by combining the sent radio frequency signal, which is always the same, with the reconfigurable disperser element, which causes an alteration of the disperser scenario. The final objective is that it is not possible to foresee what the configuration of the disperser element will be, and therefore, what it will be like the field scattered by the card together with the dispersing element. Thus, it will be impossible for an external element to provide the response that is expected to be received from the authentic card, thus preventing its identity from being spoofed.
    [0034] The realization of the reconfigurable disperser element consists of a base in which metallic pieces are distributed over its surface and are connected to the controller, so that it can change its electrical potential. By varying the electric potential, the configuration of the scattering element is altered, and as a consequence, the scattering scenario is also modified. If there are n metallic elements and m voltage values, it can be achieved in this way to obtain mn different configurations, and therefore mn scattering scenarios that can characterize the card.
    [0036] This method of modifying the scattering scenario has been called the challenge-response protocol. In this protocol, therefore, 'questions' are launched, that is, a radio frequency signal with the consequent electromagnetic field is sent to the card, selecting a configuration of the reconfigurable dispersing element, and the dispersed field or 'response' to that question, which generates the combination of the disperser element and the card. In each identification, the dispersing scenario and therefore the expected response are modified. This protects, as explained above, against attacks in which, by means of an external element, it is intended to reproduce the dispersed field expected to be received from the card.
    [0038] Finally, once the emitting element has sent the signal, the electromagnetic field has been dispersed by the reconfigurable dispersing element and the card, and the receiving element has collected the response, it is sent to the controller. Therefore, the controller is the one that gives the order to send the radio frequency signal to the emitting element, it is the one that carries out the reconfiguration of the reconfigurable disperser element, and it is the one that receives the response from the card collected by the receiving element.
    [0040] Finally, once the response has been registered by the controller, the classification is carried out, which consists of determining whether the response given by the card corresponds to any of the registered cards, and if so, to which of them it corresponds. In order to perform the classification, the response provided by the card must be compared with all the responses recorded on the device. Therefore, before putting the device into operation, a preliminary training stage is carried out, which consists of placing each of the cards in the card holder and subjecting them to all the possible dispersion scenarios that the device can generate, and as explained, are generated by a combination of the signal sent by the emitting element with the reconfigurable disperser element. Consequently, during training the response data of the cards is generated, which is stored in the memory of the controller. By reading the information of an individual card, having the data generated during training, the device will be able to determine if it is one of the registered cards and which of them, or if it is not one of the registered cards. The classification algorithm used can be performed by autonomous learning using, for example, the k-nearest neighbors technique or SVM (Support Vector Machine).
    [0042] In carrying out the invention, it is possible to use either a transmitting antenna as the transmitting means and a receiving antenna as the receiving means, which can be placed opposite each other on both sides of the support, or a single antenna that acts as a means transmitter and receiver means, and place the support for the card, followed by the reconfigurable disperser element, in front of said antenna.
    [0044] DESCRIPTION OF THE DRAWINGS
    [0046] To complement the description that is being made and in order to help a better understanding of the characteristics of the invention, according to a preferred example of a practical embodiment thereof, a set of drawings is attached as an integral part of said description. where, for illustrative and non-limiting purposes, the following has been represented:
    [0048] Figure 1.- Shows a schematic representation of the contactless card training and identification device.
    [0050] Figure 2.- Shows a schematic representation of the disperser element.
    [0052] PREFERRED EMBODIMENT OF THE INVENTION
    [0054] Next, and in view of the figures, a preferred embodiment of the device and method of training and identification of contactless cards by radio frequency characterization is described.
    [0055] The device for training and identifying contactless cards by radiofrequency characterization described, shown in figure 1, comprises a support (1) in which the card to be identified is positioned, an emitting element (2) facing each other. to the support, which when it receives the order from a controller (5), sends a radio frequency signal to the support. (one). Once the emitting element (2) has emitted the radio frequency signal with the consequent electromagnetic field, it passes through the card that acts as an electromagnetic disperser and produces a dispersion of the electromagnetic field in response. The device also incorporates a receiving element (3), which is located on the other side of the support (1), opposite the emitting element (2), and which receives and records the field scattered by the card and sends it to the controller ( 5). This field is the one that allows you to identify the card.
    [0057] Next to the card holder (1) and between it and the receiver element (3) is a reconfigurable disperser element (4) which, together with the card (1), disperses the electromagnetic field. As shown in detail in Figure 2, the disperser element (4) comprises a base (6) in which metal pieces (7) are distributed over its surface and are connected to the controller (5) so that it can change its electric potential.
    [0059] The modification of the electromagnetic field that reaches the card is carried out through the challenge-response protocol, in which a radio frequency signal with the consequent electromagnetic field is sent to the card and to the dispersing element (4), which is called ' question ', and the scattered field or' answer 'to that question they generate is recorded, this being different for each configuration of the dispersing element (4).
    [0061] The controller (5) of the device is the one that gives the order to send the radio frequency signal to the emitting element (2), the one that carries out the reconfiguration of the reconfigurable dispersing element (4), and the one that receives the response from the card collected by the emitting element (3).
    [0063] It is also the controller (5) that carries out the classification of the card, determining if the answer it has given corresponds to any of the registered cards, and if so, to which of them. In order to perform the classification, the response provided by the card is compared with all the responses recorded in the controller (5).
    [0065] These responses that are recorded are obtained prior to operating the device in a previous training stage. During this stage, each of the cards in the holder (1) and is subjected to all the dispersing scenarios that the device can generate. Consequently, the response data of the cards is generated, which is stored in the memory of the controller (5).
    [0067] A concrete example of realization of the device and procedure for training and identification of cards by radiofrequency characterization is given below.
    [0069] The cards chosen to characterize are RFID at 13.56 MHz according to the ISO / IEC 18092 standard . The RF band chosen to characterize the differences between cards is the free-use Wi-Fi band: 2.4 GHz. As emitting element (2) and receiving element (3) signal using both Wi-Fi units. The card is positioned between the two on the support (1) to position the card. The reconfigurable disperser element (4) is positioned next to the card. Its metallic parts (7) are configured by means of the controller (5) that modifies the electric potential applied to each metallic part (7), thus modifying the dispersing scenario. For example, if there are n metal parts (7) and two voltage values, 2n different scenarios can be achieved. The controller (5) is in charge of making the classification and determining if the card is registered. The classification is carried out (with the data previously stored in the training phase) using a supervised machine learning algorithm such as the k-nearest neighbors algorithm or the SVM (Support Vector Machine).
    权利要求:
    Claims (6)
    [1]
    1. Contactless card training and identification device by radio frequency characterization characterized by comprising:
    - a support (1) for card positioning in which the card to be identified is placed,
    - an emitter element (2) of radio frequency signal that sends the signal and the subsequent electromagnetic field, towards the support (1),
    - a reconfigurable disperser element (4) that, together with the card, disperses the electromagnetic field,
    - a receiving element (3) that collects the field scattered by the card, and
    - a controller (5) that gives the order to send the radio frequency signal to the emitting element (2), reconfigures the dispersing element (4), receives the signal collected by the receiving element (3) and performs the classification of the card.
    [2]
    2. Contactless card identification and training device by radio frequency characterization according to claim 1 characterized in that the emitting means (2) is a transmitting antenna and the receiving means (3) is a receiving antenna.
    [3]
    3. Contactless card training and identification device by radio frequency characterization according to claim 2, characterized in that the transmitting antenna is located on one side of the support (1) for positioning the card, and the receiving antenna is located opposite of the transmitting antenna, on the other side of the bracket (1).
    [4]
    4. Contactless card training and identification device by radio frequency characterization according to claim 1 characterized in that the emitting means (2) and the receiving means (3) are implemented in a single antenna.
    [5]
    5. Contactless card training and identification device by radiofrequency characterization according to claim 1 characterized in that the reconfigurable disperser element (4) comprises:
    - a base (6),
    - some metallic pieces (7) located on the base, which cause the modification of the dispersed field when its electric potential is modified with respect to a reference voltage.
    [6]
    6. Method for training and identifying contactless cards by radio frequency characterization, which makes use of the device described in any of claims 1 to 5, characterized in that it comprises the steps of:
    - training to subject the card to all possible configurations of the reconfigurable disperser element (4) and to record its responses,
    - execution of a challenge-response protocol in which, by means of the reconfigurable disperser element (4), the dispersed electromagnetic field is modified so that each card can be identified by the field that it disperses in response,
    - card classification, to assess whether the card read is registered or is a fraudulent card, using a classification algorithm.
    类似技术:
    公开号 | 公开日 | 专利标题
    Chothia et al.2010|A traceability attack against e-passports
    US10193701B2|2019-01-29|Apparatus and method for processing authentication information
    US9892293B1|2018-02-13|Tamper detection system
    Periaswamy et al.2010|Fingerprinting RFID tags
    US8291229B2|2012-10-16|System and method for digital signatures and authentication
    US9887843B1|2018-02-06|RFID tags with dynamic key replacement
    US9405945B1|2016-08-02|Network-enabled RFID tag endorsement
    Yang et al.2015|Anti-counterfeiting via federated RFID tags' fingerprints and geometric relationships
    US9030290B2|2015-05-12|Vicinity-based multi-factor authentication
    CN106331974B|2021-03-16|Rights management in hearing devices
    US10043046B1|2018-08-07|Tag-to-tag communication using RFID readers
    Wang et al.2018|Towards replay-resilient RFID authentication
    WO2018111601A1|2018-06-21|Tamper detection system
    Habibi et al.2011|Practical attacks on a RFID authentication protocol conforming to EPC C-1 G-2 standard
    CA2937713A1|2015-08-27|Physical uncloneable function based anti-counterfeiting system
    US9690949B1|2017-06-27|Proxy-based reader authentication by trusted authority
    CN105939195A|2016-09-14|Transaction method and system
    Kang et al.2012|Performance evaluation of the first commercial PUF-embedded RFID
    Ding et al.2018|Preventing unauthorized access on passive tags
    ES2784535B2|2021-02-01|DEVICE AND PROCEDURE FOR TRAINING AND IDENTIFICATION OF CONTACTLESS CARDS BY CHARACTERIZATION IN RADIO FREQUENCY
    Kortvedt2009|Securing near field communication
    US10650202B1|2020-05-12|Enhanced RFID tag authentication
    Chen et al.2018|Combating tag cloning with cots rfid devices
    US10511946B2|2019-12-17|Dynamic secure messaging
    Peris López2008|Lightweight cryptography in radio frequency identification | systems
    同族专利:
    公开号 | 公开日
    WO2020193836A1|2020-10-01|
    ES2784535B2|2021-02-01|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    JPH0916834A|1995-06-27|1997-01-17|Nhk Spring Co Ltd|Detected object to be checked for its genuineness and checking method for the detected object|
    WO2007046018A1|2005-10-17|2007-04-26|Koninklijke Philips Electronics N.V.|Integrated physical unclonable function with combined sensor and display|
    EP2693685A1|2012-07-30|2014-02-05|Universiteit Twente|Quantum secure device, system and method for verifying challenge-response pairs using a physically unclonable function |
    法律状态:
    2020-09-28| BA2A| Patent application published|Ref document number: 2784535 Country of ref document: ES Kind code of ref document: A1 Effective date: 20200928 |
    2021-02-01| FG2A| Definitive protection|Ref document number: 2784535 Country of ref document: ES Kind code of ref document: B2 Effective date: 20210201 |
    优先权:
    申请号 | 申请日 | 专利标题
    ES201930266A|ES2784535B2|2019-03-25|2019-03-25|DEVICE AND PROCEDURE FOR TRAINING AND IDENTIFICATION OF CONTACTLESS CARDS BY CHARACTERIZATION IN RADIO FREQUENCY|ES201930266A| ES2784535B2|2019-03-25|2019-03-25|DEVICE AND PROCEDURE FOR TRAINING AND IDENTIFICATION OF CONTACTLESS CARDS BY CHARACTERIZATION IN RADIO FREQUENCY|
    PCT/ES2020/070204| WO2020193836A1|2019-03-25|2020-03-25|Device and method for the training and identification of contactless cards by means of characterisation by radiofrequency|
    [返回顶部]