RFID security system and method, including security stamp

US 20080100442A1
Filed: 04/27/2007
Published: 05/01/2008
Est. Priority Date: 10/31/2006
Status: Active Grant

First Claim

Patent Images

1. A radio-frequency identification (RFID) tag security system, comprising:

a plurality of security servers each coupled between respective RFID tag reader devices and respective back-end systems, wherein a back-end system comprises at least one database configured to receive data output by a security server; and

at least one database coupled to each security server, wherein the database is configurable to store a plurality of policies, and wherein each security server is configurable to analyze tag data output by a respective tag reader device according to one or more of the policies, wherein analyzing comprises determining whether the tag data has been tampered with, and if the tag data has not been tampered with, generating a security stamp uniquely associated with the tag data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of an RFID security system and method are described herein. Embodiments include an RFID security server or appliance and RFID security software. In an embodiment, the RFID security server is placed between an RFID reader and an enterprise back-end. Thus the system operates at the point where the RFID data stream leaves the RF interface and enters a physical transmission medium before any other active components on the network (such as databases, middleware, routers). The RFID security server analyzes RFID tag data (including meta-data) received from the reader in-band and detects malware and errors in the data. RFID tag data containing malware or errors is blocked from entering the enterprise back-end. In an embodiment, analyzing RFID tag data includes generating a security stamp that is uniquely associated with the tag data. The security stamp is stored on the RFID tag, or alternatively, stored separately for later comparison in order to detect tampering.

Citations

37 Claims

1. A radio-frequency identification (RFID) tag security system, comprising:
- a plurality of security servers each coupled between respective RFID tag reader devices and respective back-end systems, wherein a back-end system comprises at least one database configured to receive data output by a security server; and
  
  at least one database coupled to each security server, wherein the database is configurable to store a plurality of policies, and wherein each security server is configurable to analyze tag data output by a respective tag reader device according to one or more of the policies, wherein analyzing comprises determining whether the tag data has been tampered with, and if the tag data has not been tampered with, generating a security stamp uniquely associated with the tag data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, further comprising at least one integrity database coupled to the plurality of security servers and configured to store generated security stamps.
  - 3. The system of claim 1, wherein analyzing the tag data further comprises:
    - determining whether there is a security stamp associated with the tag data;
      
      if there is a security stamp associated with the tag data, generating a second security stamp based on the tag data; and
      
      comparing the associated security stamp with the second security stamp to establish integrity of the associated tag data.
  - 4. The system of claim 3, wherein each security server is further configurable to:
    - transmit the tag data to a respective back-end system when it is determined that the tag data has not been tampered with; and
      
      block the tag data from being transmitted to the respective back-end system when it is determined that the tag data has been tampered with.
  - 5. The system of claim 1, wherein each security server is further configurable to write the associated security stamp on the RFID tag.
  - 6. The system of claim 1, wherein the back-end system comprises part of an enterprise and wherein the policies are preconfigured for the enterprise.
  - 7. The system of claim 1, wherein the at least one database is further configurable to store attack pattern signatures, wherein analyzing the tag data comprises comparing attack pattern signatures to the tag data.
  - 8. The system of claim 1, wherein each security server further comprises a front-end module configurable to receive interpret data from a plurality of RFID tag types.
  - 9. The system of claim 1, wherein the at least one database is further configurable to store audit data comprising history information, including of results of analyzing the tag data.
  - 10. The system of claim 1, wherein each security server further comprises a back-end module coupled to the back-end system, wherein the back-end module is configurable to transmit tag data output by the tag reader device to the back-end system, and wherein the back-end module is configurable to interface with a plurality of types of back-end systems.

11. A radio-frequency identification (RFID) tag security method, comprising:
- receiving RFID tag data from an RFID tag reader device;
  
  analyzing the tag data, comprising determining whether the tag data has been tampered with;
  
  if the tag data has not been tampered with, generating a security stamp uniquely associated with the tag data, and transmitting the tag data to a destination system; and
  
  if the tag data has been tampered with, blocking the tag data from being transmitted to the destination system.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 12. The method of claim 11, wherein the destination system comprises an enterprise back-end system.
  - 13. The method of claim 11, further comprising storing the associated security stamp on at least one of an associated RFID tag and an integrity database.
  - 14. The method of claim 11, further comprising:
    - determining whether there is a security stamp associated with the tag data;
      
      if there is a security stamp associated with the tag data, generating a second security stamp based on the tag data; and
      
      comparing the associated security stamp with the second security stamp to establish integrity of the associated tag data.
  - 15. The method of claim 11, wherein analyzing the data further comprises comparing attack pattern signatures to the tag data.
  - 16. The method of claim 11, wherein analyzing further comprises analyzing according to one or more predetermined policies.
  - 17. The method of claim 16, wherein the predetermined policies comprise a plurality of rules, and wherein analyzing further comprises evaluating a first rule to determine whether the first rule is applicable.
  - 18. The method of claim 17, further comprising, if the first rule is applicable, processing the first rule.
  - 19. The method of claim 17, further comprising, if the first rule is not applicable, evaluating a next rule to determine whether the next rule is applicable.
  - 20. The method of claim 19, further comprising, if the next rule is applicable, processing the next rule.
  - 21. The method of claim 20, further comprising, if none of the plurality of rules is applicable, processing a default rule.
  - 22. The method of claim 11, wherein analyzing the tag data comprises processing at least one of a plurality of predetermined rules.
  - 23. The method of claim 11, further comprising storing results of the analysis in an audit database.

24. A computer-readable medium having stored thereon instructions, that when executed in a system cause a radio-frequency identification (RFID) tag security method to be performed, the method comprising:
- receiving RFID tag data from an RFID tag reader device;
  
  analyzing the tag data, comprising determining whether the tag data has been tampered with;
  
  if the tag data has not been tampered with, generating a security stamp uniquely associated with the tag data, and transmitting the tag data to a destination system; and
  
  if the tag data has been tampered with, blocking the tag data from being transmitted to the destination system.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 25. The computer-readable medium of claim 24, wherein the destination system comprises an enterprise back-end system.
  - 26. The computer-readable medium of claim 24, wherein the method further comprising storing the associated security stamp on at least one of an associated RFID tag and an integrity database.
  - 27. The computer-readable medium of claim 24, wherein the method further comprises:
    - determining whether there is a security stamp associated with the tag data;
      
      if there is a security stamp associated with the tag data, generating a second security stamp based on the tag data; and
      
      comparing the associated security stamp with the second security stamp to establish integrity of the associated tag data.
  - 28. The computer-readable medium of claim 24, wherein analyzing the data further comprises comparing attack pattern signatures to the tag data.
  - 29. The computer-readable medium of claim 24, wherein analyzing further comprises analyzing according to one or more predetermined policies.
  - 30. The computer-readable medium of claim 29, wherein the predetermined policies comprise a plurality of rules, and wherein analyzing further comprises evaluating a first rule to determine whether the first rule is applicable.
  - 31. The computer-readable medium of claim 24, wherein the method further comprises, if the first rule is applicable, processing the first rule.
  - 32. The computer-readable medium of claim 24, wherein the method further comprises, if the first rule is not applicable, evaluating a next rule to determine whether the next rule is applicable.
  - 33. The computer-readable medium of claim 32, wherein the method further comprises, if the next rule is applicable, processing the next rule.
  - 34. The computer-readable medium of claim 33, wherein the method further comprises, if none of the plurality of rules is applicable, processing a default rule.
  - 35. The computer-readable medium of claim 24, wherein analyzing the tag data comprises processing at least one of a plurality of predetermined rules.
  - 36. The computer-readable medium of claim 24, wherein the method further comprises storing results of the analysis in an audit database.
  - 37. The computer-readable medium of claim 24, wherein the method further comprises storing escalating the results of the analysis when the tag data is determined not to be secure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Boris Wolf, John Lima, Lukas Grunwald
Original Assignee
Neocatena Networks, Inc.
Inventors
Wolf, Boris, Grunwald, Lukas

Granted Patent

US 8,138,923 B2
Time in Patent Office

Days
Field of Search
US Class Current

340/572.1
CPC Class Codes

H04L 63/20 for managing network securi...

RFID security system and method, including security stamp

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

RFID security system and method, including security stamp

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links