1. Field of the Invention
The present invention relates to an authentication method, an authentication system, a tag device thereof, a data reference client, authentication server and a data server, and more particularly to an authentication method, an authentication system, a tag device thereof, a data reference client, an authentication server and a data server for disclosing identification data of an object and performing authentication when referring to data of an object corresponding to identification data based on identification data.
2. Description of the Related Art
Various methods of utilizing wireless tags, starting with those in the field of SCM (Supply Chain Management), are being proposed. Wireless tags are gathering attention as the next fundamental technology for the future ubiquitous society. It is, however, anticipated that wireless tags shall face various security problems since there is no mechanism for managing the relationships between wireless tags and those referring to the wireless tags.
There are several technologies for preventing data of wireless tags from being randomly read out. There is, for example, preventing a wireless tag from being read out by a reading apparatus by carrying a special wireless tag, referred to as a “blocker tag” that covers the wireless tag with a special shield for localizing data of the wireless tag. However, such technologies can only permit a choice of either disclosing data or not disclosing data and cannot control disclosure for each one of plural wireless tags.
To provide a mechanism that allows disclosure of wireless tag data to be freely controlled according to the will of the current manager of the wireless tag is a point for popularizing services using wireless tags attached to such products.
It is to be noted that Patent Document 1 describes preparing a database of the history processing products with wireless tags attached. Patent Document 1: Japanese Laid-Open Patent Application No. 10-124781
Security problems anticipated in conventional technologies are described below.
First, there is intentional manipulation of data by taking advantage of the fact that there is no check on whether proper reference is made to data. Attacks with misleading data can be made by distributing the same IDs to plural servers. Second, tracking of data (unauthorized access) can be performed by taking advantage of the global characteristics of wireless tags (the fact that data of wireless tags of the same standard can be read by a given wireless tag reading apparatus).
As for a more specific example of the first problem, there is a case of a management system for producing agricultural products using wireless tags in which the pesticide used during growth of a vegetable is automatically added to a vegetable management history log by obtaining data from a wireless tag assigned to the pesticide. However, in reporting the wireless tag data assigned to the pesticide, it is possible that false data be recorded by falsely transmitting an ID corresponding to a pesticide not actually used (e.g., less harmful pesticide) in a case where there is no checking of whether reference is made to the wireless tag corresponding to the pesticide. As for similar examples, there are falsifying attendance at work or obtaining privileges without purchasing a product.
As for a more specific example of the second problem, there is a case where consumers can easily refer to product data by using a wireless tag reading apparatus mounted on a mobile phone or the like where wireless tags are assigned to CDs, books, and memo pads carried in bags of the consumers for product management. In a case where the effective range of the wireless tags is approximately 3 meters, besides data of one's belongings, it is possible that data of other objects within the 3 meter periphery be collected. For example, in a coffee shop, it is not difficult to identify the owner of an object in an environment of few people. Although collecting data from each object may cause little damage, various estimations can be made by combining the data.
For example, by knowing the title of a product, such as a CD or a book, one can estimate preferences of that person. By knowing the manufacturer of a memo pad or a bag, one can estimate to some extent how wealthy that person is. As a similar example, there is scanning another shop's inventory status.
It is a general object of the present invention to provide an authentication method, an authentication system, and a tag device thereof, a data reference client, an authentication server, and a data server for associating a tag apparatus with a referring entity and authenticating that data of the tag apparatus has been referred to by a proper referring entity, to thereby obviate the above-described problems.