1. Field of the Invention
The present invention relates to a Radio Frequency Identification (RFID) personal privacy control system and a personal privacy protection method using the same, and more particularly, to an RFID personal privacy control system and a personal privacy protection method using the same which may dynamically process a privacy level according to surrounding circumstances of an RFID tagged object and an owner of the object, thereby securely protecting personal information associated with the RFID tag. The RFID tag according to the present invention may include a tag attached to an object capable of being personalized, a tag for identifying a user, and the like, and be applicable to all objects and fields dealing with personal privacy.
This work was supported by the IT R&D program of MIC/IITA. [2005-S-088-03, Development of Security Technology for Secure RFID/USN service]
2. Description of Related Art
In general, a Radio Frequency Identification (RFID) refers to technology which may contactlessly read or record information from a tag having an unique identification number using a radio frequency to thereby recognize, trace, and manage objects, animals, persons, and the like to which the tag is attached. For example, at the time of shipping products by a manufacturer after the RFID technology has been introduced in a distribution system, a worker may be instructed to load the product on a specific transportation vehicle using information of an RFID tag attached to the product. Also, at the time of delivering the product to a corresponding shop, a number of products being in stock or the product name in the corresponding shop may be quickly evaluated by recognizing the RFID tagged product, thereby enabling effective ordering of the product. Also, when the products are delivered to a corresponding consumer, malfunction of the product in use and a time when the malfunction occurs may be detected using the RFID tag, thereby timely providing personalized services such as informing about replacement of the product in advance. Also, the consumer may verify authenticity of the product using the RFID tag, and the manufacturer may verify a distribution process of the product, thereby significantly improving qualities of services.
Applications of the RFID tag have been gradually expanded such as continuously providing services even after the product has been sold, being used for identifying the user, and the like other than production and distribution of the product.
In this regard, in the case where the RFID tag is used for identifying the user, exposure of personal information of the user may occur through the RFID tag, which results in causing problems in privacy of individuals. Further, when the user carries one's own object, severe personal privacy infringement may occur through an illicit reader in radio environments, such as exposure of information on one's own object, illicit information retrieval, abuse of personal information, and the like.
In the conventional art, to overcome the above-described problems, a privacy protection framework design based on a profile is utilized for the purpose of protection of the privacy. More specifically, the privacy protection framework design may have a structure in which a user connects with a privacy server linked with an information server to thereby determine one's own privacy level.
FIG. 1 illustrates a structure of a conventional Radio Frequency Identification (RFID) service network for protection of privacy in a conventional art. In general, when a reader 102 recognizes a tag 101 and transmits a request for information, the tag 101 transmits tag identifications (IDs) of its own, and the reader 102 receives, from an RFID information server 104, tag information corresponding to the tag IDs via middleware 103. The RFID information server 104 may construct the tag information corresponding to the tag IDs in a database type, analyze the request for information received from the reader 102, and provide corresponding tag information via enterprise applications 105.
As an example for protection of privacy in the conventional RFID service network, the user may determine the privacy level, and also determine a third party capable of accessing to RFID tag information for each level, so that another third party having a different privacy level is prevented from accessing to the RFID tag information, thereby protecting the privacy. In this manner, since a protection degree of the privacy may vary according to a user's circumstance, the user is required to determine the privacy level each time connecting with the privacy protection framework. As a result, when the privacy level is not timely determined in accordance with the user's circumstance, access of another user to the RFID tag information is not able to be flexibly allowed depending on the circumstances.
For example, in the case of an ID tag identifying a patient, a doctor of another hospital other than an existing hospital where a medical treatment with respect to the patient has been performed is not allowed to access a personal treatment history of the patient due to protection of the privacy, which results in causing inconvenience in the medical treatment. Also, disadvantageously, all family members except one may be not allowed to access information about tagged home electronic appliances belonging to the one family member even in the same house. Also, at the time of one's own emergency, a lifeguard may not be allowed to access a treatment history of the individual due to the privacy level previously determined, and thus failing to administer a proper first aid treatment.
Therefore, a new RFID security system and method using the same according to the present invention which may securely protect personal information against infringement of the personal privacy while overcoming the above-described problems are disclosed. Specifically, the RFID security system and method using the same are disclosed, in which a control of the privacy may be more flexibly processed according to location and time in which a tagged object and an owner of the object are present.