RFID security system and method

US 20080100443A1
Filed: 04/27/2007
Published: 05/01/2008
Est. Priority Date: 10/31/2006
Status: Active Grant

First Claim

Patent Images

1. A radio-frequency identification (RFID) tag security apparatus, comprising:

a security server coupled between an RFID tag reader device and a back-end system, wherein the back-end system comprises at least one database configured to receive data output by the security server; and

at least one database coupled to the security server, wherein the database is configurable to store a plurality of policies, and wherein the security server is configurable to receive data output by the tag reader device and to screen the data for exceptions according to the policies, including at least one of malware and errors, and to handle exceptions according to the policies.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of an RFID security system and method are described herein. Embodiments include an RFID security server or appliance and RFID security software. In an embodiment, the RFID security server is placed between an RFID reader and an enterprise back-end. Thus the system operates at the point where the RFID data stream leaves the RF interface and enters a physical transmission medium before any other active components on the network (such as databases, middleware, routers). The RFID security server analyzes RFID tag data (including meta-data) received from the reader in-band and detects malware and errors in the data. RFID tag data containing malware or errors is blocked from entering the enterprise back-end. Unwanted RFID tags are also identified and filtered as noise.

Citations

29 Claims

1. A radio-frequency identification (RFID) tag security apparatus, comprising:
- a security server coupled between an RFID tag reader device and a back-end system, wherein the back-end system comprises at least one database configured to receive data output by the security server; and
  
  at least one database coupled to the security server, wherein the database is configurable to store a plurality of policies, and wherein the security server is configurable to receive data output by the tag reader device and to screen the data for exceptions according to the policies, including at least one of malware and errors, and to handle exceptions according to the policies.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1, wherein the back-end system comprises part of an enterprise and wherein the policies are preconfigured for the enterprise.
  - 3. The apparatus of claim 1, wherein the at least one database is further configurable to store attack pattern signatures, wherein screening the data comprises comparing attack pattern signatures to the data output by the tag reader device.
  - 4. The apparatus of claim 1, wherein the security server further comprises a front-end module configurable to receive the data output by the tag reader device, and to interpret data from a plurality of RFID tag types and reader device types.
  - 5. The apparatus of claim 1, wherein the at least one database is further configurable to store audit data comprising history information, including results of screening of the data.
  - 6. The apparatus of claim 1, wherein the security server further comprises a back-end module coupled to the back-end system, wherein the back-end module is configurable to transmit data output by the tag reader device to the back-end system, and wherein the back-end module is configurable to interface with a plurality of types of back-end systems.

7. A radio-frequency identification (RFID) tag security method, the method comprising:
- receiving RFID tag data from an RFID tag reader device;
  
  performing exception detection on the RFID data, wherein exceptions comprise one or more of malware and errors;
  
  if no exceptions are detected, transmitting the RFID tag data to a destination system, wherein the destination system comprises an enterprise back-end system; and
  
  if an exception is detected, handling the exception according to predetermined policies, including preventing the RFID tag data from being transmitted to the destination system.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 8. The method of claim 7, wherein performing exception detection comprises analyzing RFID tag data from a plurality of RFID tag types.
  - 9. The method of claim 7, wherein performing exception detection comprises querying a policy database for an applicable rule.
  - 10. The method of claim 7, wherein the predetermined policies comprise a plurality of rules, and wherein performing exception detection comprises evaluating a first rule to determine whether the first rule is applicable.
  - 11. The method of claim 10, further comprising, if the first rule is applicable, processing the first rule.
  - 12. The method of claim 10, further comprising, if the first rule is not applicable, evaluating a next rule to determine whether the next rule is applicable.
  - 13. The method of claim 12, further comprising, if the next rule is applicable, processing the next rule.
  - 14. The method of claim 13, further comprising, if none of the plurality of rules is applicable, processing a default rule.
  - 15. The method of claim 8, wherein analyzing the RFID tag data comprises processing at least one of a plurality of predetermined rules.
  - 16. The method of claim 8, wherein analyzing the RFID tag data comprises comparing the RFID tag data against a plurality of attack signature patterns.
  - 17. The method of claim 8, further comprising storing results of the analysis in an audit database.

18. A computer-readable medium having stored thereon instructions, that when executed in a system cause a radio-frequency identification (RFID) tag security method to be performed, the method comprising:
- receiving RFID tag data from an RFID tag reader device;
  
  performing exception detection on the RFID data;
  
  if no exceptions are detected, transmitting the RFID tag data to a destination system, wherein the destination system comprises an enterprise back-end system; and
  
  if an exception is detected, handling the exception according to predetermined policies, including preventing the RFID tag data from being transmitted to the destination system.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 19. The computer-readable medium of claim 18, wherein exceptions comprise one or more of malware and errors.
  - 20. The computer-readable medium of claim 18 wherein performing exception detection comprises analyzing RFID tag data from a plurality of RFID tag types.
  - 21. The computer-readable medium of claim 18, wherein performing exception detection comprises querying a policy database for an applicable rule.
  - 22. The computer-readable medium of claim 18, wherein the predetermined policies comprise a plurality of rules, and wherein performing exception detection comprises evaluating a first rule to determine whether the first rule is applicable.
  - 23. The computer-readable medium of claim 22, the method further comprising, if the first rule is applicable, processing the first rule.
  - 24. The computer-readable medium of claim 22, the method further comprising, if the first rule is not applicable, evaluating a next rule to determine whether the next rule is applicable.
  - 25. The computer-readable medium of claim 24, the method further comprising, if the next rule is applicable, processing the next rule.
  - 26. The computer-readable medium of claim 25, the method further comprising, if none of the plurality of rules is applicable, processing a default rule.
  - 27. The computer-readable medium of claim 20, wherein analyzing the RFID tag data comprises processing at least one of a plurality of predetermined rules.
  - 28. The computer-readable medium of claim 20, wherein analyzing the RFID tag data comprises comparing the RFID tag data against a plurality of attack signature patterns.
  - 29. The computer-readable medium of claim 20, the method further comprising storing results of the analysis in an audit database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Boris Wolf, John Lima, Lukas Grunwald
Original Assignee
Neocatena Networks, Inc.
Inventors
Wolf, Boris, Grunwald, Lukas

Granted Patent

US 7,868,761 B2
Time in Patent Office

Days
Field of Search
US Class Current

340/572.1
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/1441   Countermeasures against mal...

H04W 12/128   Anti-malware arrangements, ...

H04W 12/47   using near field communicat...

RFID security system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

RFID security system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links