Systems and methods for RFID security

US 7,492,258 B1
Filed: 03/21/2006
Issued: 02/17/2009
Est. Priority Date: 03/21/2006
Status: Active Grant

First Claim

Patent Images

1. A method of transmitting information between a radio frequency identification (RFID) tag and a server, said method comprising the steps of:

encrypting, by said RFID tag according to a predetermined scheme, identification data identifying said RFID tag, to result in encrypted RFID information;

reading, by a RFID reader, said encrypted RFID information from said RFID tag;

transmitting, from said RFID reader to said server, a transmission, wherein said transmission includes said encrypted RFID information;

decrypting, by said server according to said predetermined scheme, said encrypted RFID information to produce said identification data;

generating, by said RFID tag prior to said step of encrypting, a first pseudorandom number, wherein said step of encrypting is performed using said first pseudorandom number; and

generating, by said server prior to said step of decrypting, a second pseudorandom number, wherein said second pseudorandom number corresponds to said first pseudorandom number, and wherein said step of decrypting is performed using said second pseudorandom number.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An RFID system includes an RFID tag, an RFID reader, and a server. The RFID tag communicates to the server via encrypted information. The information may be encrypted with synchronized encryption keys. In this manner, the reader need not decrypt the information from the RFID tag. The effectiveness of malicious readers is thereby reduced, resulting in improved RFID tag security.

79 Citations

View as Search Results

57 Claims

1. A method of transmitting information between a radio frequency identification (RFID) tag and a server, said method comprising the steps of:
- encrypting, by said RFID tag according to a predetermined scheme, identification data identifying said RFID tag, to result in encrypted RFID information;
  
  reading, by a RFID reader, said encrypted RFID information from said RFID tag;
  
  transmitting, from said RFID reader to said server, a transmission, wherein said transmission includes said encrypted RFID information;
  
  decrypting, by said server according to said predetermined scheme, said encrypted RFID information to produce said identification data;
  
  generating, by said RFID tag prior to said step of encrypting, a first pseudorandom number, wherein said step of encrypting is performed using said first pseudorandom number; and
  
  generating, by said server prior to said step of decrypting, a second pseudorandom number, wherein said second pseudorandom number corresponds to said first pseudorandom number, and wherein said step of decrypting is performed using said second pseudorandom number.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising:
    - authorizing, by said server, said transmission using said identification data.
  - 3. The method of claim 1, further comprising:
    - receiving, by said RFID reader, authentication data, wherein said authentication data authenticates said RFID tag to said server, and wherein said transmission, from said RFID reader to said server, includes said authentication data;
      
      authenticating, by said server, said transmission using said authentication data and said identification data.
  - 4. The method of claim 3, wherein:
    - said step of receiving comprises receiving, by said RFID reader, said authentication data and transaction information, wherein said authentication data authenticates said RFID tag to said server, and wherein said transaction information relates to a transaction involving said RFID tag and said RFID reader; and
      
      said step of transmitting comprises transmitting, from said RFID reader to said server, said transmission, wherein said transmission includes said encrypted RFID information, said transaction information, and said authentication data.
  - 5. The method of claim 4, further comprising:
    - authenticating, by said server, said transaction using said authentication data and said identification data; and
      
      authorizing, by said server, said transaction using said identification data and said transaction information.
  - 6. The method of claim 3, wherein said authentication data comprises a password, biometric information, or a pseudo-random number.
  - 7. The method of claim 3, wherein said RFID tag displays an authentication code that a user of said RFID tag provides to said reader as said authentication data.
  - 8. The method of claim 1, further comprising:
    - activating said RFID tag, prior to said step of reading.
  - 9. The method of claim 1, further comprising:
    - activating said RFID tag, prior to said step of reading, with one of a switch, biometric information, or a password.
  - 10. The method of claim 1, wherein said step of reading is performed by backscattering.

11. A method of transmitting information between a radio frequency identification (RFID) tag and a server, said method comprising the steps of:
- encrypting, by said RFID tag according to a predetermined scheme, identification data identifying said RFID tag, to result in encrypted RFID information;
  
  reading, by a RFID reader, said encrypted RFID information from said RFID tag;
  
  transmitting, from said RFID reader to said server, a transmission, wherein said transmission includes said encrypted RFID information;
  
  decrypting, by said server according to said predetermined scheme, said encrypted RFID information to produce said identification data; and
  
  performing, by said server, synchronization contingency processing when said step of decrypting results in a failure.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, further comprising:
    - authorizing, by said server, said transmission using said identification data.
  - 13. The method of claim 11, further comprising:
    - receiving, by said RFID reader, authentication data, wherein said authentication data authenticates said RFID tag to said server, and wherein said transmission, from said RFID reader to said server, includes said authentication data;
      
      authenticating, by said server, said transmission using said authentication data and said identification data.
  - 14. The method of claim 13, wherein:
    - said step of receiving comprises receiving, by said RFID reader, said authentication data and transaction information, wherein said authentication data authenticates said RFID tag to said server, and wherein said transaction information relates to a transaction involving said RFID tag and said RFID reader; and
      
      said step of transmitting comprises transmitting, from said RFID reader to said server, said transmission, wherein said transmission includes said encrypted RFID information, said transaction information, and said authentication data.
  - 15. The method of claim 14, further comprising:
    - authenticating, by said server, said transaction using said authentication data and said identification data; and
      
      authorizing, by said server, said transaction using said identification data and said transaction information.
  - 16. The method of claim 13, wherein said authentication data comprises a password, biometric information, or a pseudo-random number.
  - 17. The method of claim 13, wherein said RFID tag displays an authentication code that a user of said RFID tag provides to said reader as said authentication data.
  - 18. The method of claim 11, wherein said server generates an encryption key and transmits said encryption key to said RFID tag, wherein said RFID tag uses said encryption key when encrypting, and wherein said server uses said encryption key when decrypting.
  - 19. The method of claim 11, wherein said server generates an encryption key and transmits said encryption key to said RFID tag, wherein said RFID tag updates said encryption key according to a defined process to result in an updated encryption key, wherein said RFID tag uses said updated encryption key when encrypting, wherein said server updates said encryption key according to said defined process to result in said updated encryption key, and wherein said server uses said updated encryption key when decrypting.

20. A method of transmitting information between a radio frequency identification (RFID) tag and a server, said method comprising the steps of:
- encrypting, by said RFID tag according to a predetermined scheme, identification data identifying said RFID tag, to result in encrypted RFID information;
  
  reading, by a RFID reader, said encrypted RFID information from said RFID tag;
  
  transmitting, from said RFID reader to said server, a transmission, wherein said transmission includes said encrypted RFID information;
  
  decrypting, by said server according to said predetermined scheme, said encrypted RFID information to produce said identification data;
  
  communicating, by said reader, timing information to said RFID tag; and
  
  updating, by said RFID tag, an encryption key using said timing information, wherein said encryption key is used in said step of encrypting.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28)
- - 21. The method of claim 20, further comprising:
    - authorizing, by said server, said transmission using said identification data.
  - 22. The method of claim 20, further comprising:
    - receiving, by said RFID reader, authentication data, wherein said authentication data authenticates said RFID tag to said server, and wherein said transmission, from said RFID reader to said server, includes said authentication data;
      
      authenticating, by said server, said transmission using said authentication data and said identification data.
  - 23. The method of claim 22, wherein:
    - said step of receiving comprises receiving, by said RFID reader, said authentication data and transaction information, wherein said authentication data authenticates said RFID tag to said server, and wherein said transaction information relates to a transaction involving said RFID tag and said RFID reader; and
      
      said step of transmitting comprises transmitting, from said RFID reader to said server, said transmission, wherein said transmission includes said encrypted RFID information, said transaction information, and said authentication data.
  - 24. The method of claim 23, further comprising:
    - authenticating, by said server, said transaction using said authentication data and said identification data; and
      
      authorizing, by said server, said transaction using said identification data and said transaction information.
  - 25. The method of claim 22, wherein said authentication data comprises a password, biometric information, or a pseudo-random number.
  - 26. The method of claim 22, wherein said RFID tag displays an authentication code that a user of said RFID tag provides to said reader as said authentication data.
  - 27. The method of claim 20, wherein said server generates an encryption key and transmits said encryption key to said RFID tag, wherein said RFID tag uses said encryption key when encrypting, and wherein said server uses said encryption key when decrypting.
  - 28. The method of claim 20, wherein said server generates an encryption key and transmits said encryption key to said RFID tag, wherein said RFID tag updates said encryption key according to a defined process to result in an updated encryption key, wherein said RFID tag uses said updated encryption key when encrypting, wherein said server updates said encryption key according to said defined process to result in said updated encryption key, and wherein said server uses said updated encryption key when decrypting.

29. A method of transmitting information between a radio frequency identification (RFID) tag and a server, said method comprising the steps of:
- encrypting, by said RFID tag according to a predetermined scheme, identification data identifying said RFID tag, to result in encrypted RFID information;
  
  reading, by a RFID reader, said encrypted RFID information from said RFID tag;
  
  transmitting, from said RFID reader to said server, a transmission, wherein said transmission includes said encrypted RFID information;
  
  decrypting, by said server according to said predetermined scheme, said encrypted RFID information to produce said identification data;
  
  communicating, by said server, timing information to said RFID tag; and
  
  updating, by said RFID tag, an encryption key using said timing information, wherein said encryption key is used in said step of encrypting.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
- - 30. The method of claim 29, further comprising:
    - authorizing, by said server, said transmission using said identification data.
  - 31. The method of claim 29, further comprising:
    - receiving, by said RFID reader, authentication data, wherein said authentication data authenticates said RFID tag to said server, and wherein said transmission, from said RFID reader to said server, includes said authentication data;
      
      authenticating, by said server, said transmission using said authentication data and said identification data.
  - 32. The method of claim 31, wherein:
    - said step of receiving comprises receiving, by said RFID reader, said authentication data and transaction information, wherein said authentication data authenticates said RFID tag to said server, and wherein said transaction information relates to a transaction involving said RFID tag and said RFID reader; and
      
      said step of transmitting comprises transmitting, from said RFID reader to said server, said transmission, wherein said transmission includes said encrypted RFID information, said transaction information, and said authentication data.
  - 33. The method of claim 32, further comprising:
    - authenticating, by said server, said transaction using said authentication data and said identification data; and
      
      authorizing, by said server, said transaction using said identification data and said transaction information.
  - 34. The method of claim 31, wherein said authentication data comprises a password, biometric information, or a pseudo-random number.
  - 35. The method of claim 31, wherein said RFID tag displays an authentication code that a user of said RFID tag provides to said reader as said authentication data.
  - 36. The method of claim 29, wherein said server generates an encryption key and transmits said encryption key to said RFID tag, wherein said RFID tag uses said encryption key when encrypting, and wherein said server uses said encryption key when decrypting.
  - 37. The method of claim 29, wherein said server generates an encryption key and transmits said encryption key to said RFID tag, wherein said RFID tag updates said encryption key according to a defined process to result in an updated encryption key, wherein said RFID tag uses said updated encryption key when encrypting, wherein said server updates said encryption key according to said defined process to result in said updated encryption key, and wherein said server uses said updated encryption key when decrypting.

38. A method of transmitting information between a radio frequency identification (RFID) tag and a server, said method comprising the steps of:
- encrypting, by said RFID tag according to a predetermined scheme, identification data identifying said RFID tag, to result in encrypted RFID information;
  
  reading, by a RFID reader, said encrypted RFID information from said RFID tag;
  
  transmitting, from said RFID reader to said server, a transmission, wherein said transmission includes said encrypted RFID information;
  
  decrypting, by said server according to said predetermined scheme, said encrypted RFID information to produce said identification data, wherein said RFID tag stores a first plurality of encryption keys, wherein said server stores a second plurality of encryption keys, wherein said first plurality of encryption keys corresponds to said second plurality of encryption keys; and
  
  communicating, by said server via said reader, a pointer to said RFID tag, wherein said pointer points to a selected one of said first plurality of encryption keys, wherein said RFID tag uses said selected one of said first plurality of encryption keys when encrypting, and wherein said server uses a corresponding selected one of said second plurality of encryption keys when decrypting.
- View Dependent Claims (39, 40, 41, 42, 43, 44)
- - 39. The method of claim 38, further comprising:
    - authorizing, by said server, said transmission using said identification data.
  - 40. The method of claim 38, further comprising:
    - receiving, by said RFID reader, authentication data, wherein said authentication data authenticates said RFID tag to said server, and wherein said transmission, from said RFID reader to said server, includes said authentication data;
      
      authenticating, by said server, said transmission using said authentication data and said identification data.
  - 41. The method of claim 40, wherein:
    - said step of receiving comprises receiving, by said RFID reader, said authentication data and transaction information, wherein said authentication data authenticates said RFID tag to said server, and wherein said transaction information relates to a transaction involving said RFID tag and said RFID reader; and
      
      said step of transmitting comprises transmitting, from said RFID reader to said server, said transmission, wherein said transmission includes said encrypted RFID information, said transaction information, and said authentication data.
  - 42. The method of claim 41, further comprising:
    - authenticating, by said server, said transaction using said authentication data and said identification data; and
      
      authorizing, by said server, said transaction using said identification data and said transaction information.
  - 43. The method of claim 40, wherein said authentication data comprises a password, biometric information, or a pseudo-random number.
  - 44. The method of claim 40, wherein said RFID tag displays an authentication code that a user of said RFID tag provides to said reader as said authentication data.

45. A method of transmitting information between a radio frequency identification (RFID) tag and a server, said method comprising the steps of:
- encrypting, by said RFID tag according to a predetermined scheme, identification data identifying said RFID tag, to result in encrypted RFID information;
  
  reading, by a RFID reader, said encrypted RFID information from said RFID tag;
  
  transmitting, from said RFID reader to said server, a transmission, wherein said transmission includes said encrypted RFID information;
  
  decrypting, by said server according to said predetermined scheme, said encrypted RFID information to produce said identification data, wherein said RFID tag stores a first plurality of encryption keys, wherein said server stores a second plurality of encryption keys, wherein said first plurality of encryption keys corresponds to said second plurality of encryption keys;
  
  communicating, by said reader, a pointer to said RFID tag, wherein said pointer points to a selected one of said first plurality of encryption keys, and wherein said RFID tag uses said selected one of said first plurality of encryption keys when encrypting; and
  
  communicating, by said reader, said pointer to said server, wherein said pointer points to a corresponding selected one of said second plurality of encryption keys, and wherein said server uses said corresponding selected one of said second plurality of encryption keys when decrypting.
- View Dependent Claims (46, 47, 48, 49, 50, 51)
- - 46. The method of claim 45, further comprising:
    - authorizing, by said server, said transmission using said identification data.
  - 47. The method of claim 45, further comprising:
    - receiving, by said RFID reader, authentication data, wherein said authentication data authenticates said RFID tag to said server, and wherein said transmission, from said RFID reader to said server, includes said authentication data;
      
      authenticating, by said server, said transmission using said authentication data and said identification data.
  - 48. The method of claim 47, wherein:
    - said step of receiving comprises receiving, by said RFID reader, said authentication data and transaction information, wherein said authentication data authenticates said RFID tag to said server, and wherein said transaction information relates to a transaction involving said RFID tag and said RFID reader; and
      
      said step of transmitting comprises transmitting, from said RFID reader to said server, said transmission, wherein said transmission includes said encrypted RFID information, said transaction information, and said authentication data.
  - 49. The method of claim 48, further comprising:
    - authenticating, by said server, said transaction using said authentication data and said identification data; and
      
      authorizing, by said server, said transaction using said identification data and said transaction information.
  - 50. The method of claim 47, wherein said authentication data comprises a password, biometric information, or a pseudo-random number.
  - 51. The method of claim 47, wherein said RFID tag displays an authentication code that a user of said RFID tag provides to said reader as said authentication data.

52. An apparatus including a radio frequency identification (RFID) tag for use in an RFID system including an RFID reader and a server, said RFID tag comprising:
- a transceiver that communicates with said RFID reader;
  
  a processor, coupled to said transceiver, that encrypts, according a predetermined scheme, identification data that identifies said RFID tag, and that generates an authentication code;
  
  a display, coupled to said processor, that displays said authentication code; and
  
  wherein said RFID tag further comprises a switch, where said RFID tag receives information from a reader, and a user verifies the information from the reader and activates the tag using the switch, and said RFID tag transmits information to the reader only if said user verifies the information from the reader.
- View Dependent Claims (53)
- - 53. The apparatus of claim 52, wherein said RFID tag further comprises a switch for activating said RFID tag.

54. An apparatus including a radio frequency identification (RFID) tag for use in an RFID system including an RFID reader and a server, said RFID tag comprising:
- a processor, coupled to said transceiver, that encrypts, according a predetermined scheme, identification data that identifies said RFID tag, and that generates an authentication code; and
  
  a display, coupled to said processor, that displays said authentication code,wherein said RFID tag receives information from a reader and displays the information to a user, andwherein said RFID tag displays the information from the reader to the user before said RFID tag sends an encrypted identification data to the reader.

55. An apparatus including a radio frequency identification (RFID) tag for use in an RFID system including an RFID reader, said RFID tag comprising:
- a switch for activating said RFID tag;
  
  a transceiver that communicates with said RFID reader; and
  
  a processor, coupled to said transceiver, that processes information received from said RFID reader,wherein said RFID tag receives first information from said RFID reader and displays at least a portion of the first information to a user, and wherein identification data is transmitted from said RFID tag to said RFID reader if the first information has been verified using said switch.
- View Dependent Claims (56, 57)
- - 56. The apparatus of claim 55, further comprising a display, coupled to said processor, that displays information received from said RFID reader.
  - 57. The apparatus of claim 55, wherein said RFID tag receives first information from said RFID reader if said switch is activated and said transceiver is disabled if said switch is deactivated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Knapp Investment Company Limited
Original Assignee
Radiofy, LLC
Inventors
Shoarinejad, Kambiz, Soltan, Maryam
Primary Examiner(s)
PHAM, TOAN NGOC

Application Number

US11/386,540
Time in Patent Office

1,064 Days
Field of Search

340/572.1, 340/10.2, 340/572.4, 340/10.4, 340/5.8, 340/5.82, 235/375
US Class Current

340/572.1
CPC Class Codes

G06K 7/00   Methods or arrangements for...

G06K 7/10257   arrangements for protecting...

G06Q 20/206   comprising security or oper...

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/3829   involving key management

G06Q 20/40145   Biometric identity checks

G06Q 20/409   Device specific authenticat...

G07F 7/10   together with a coded signa...

G07F 7/12   Card verification

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/0876   based on the identity of th...

H04L 9/12   Transmitting and receiving ...

H04L 9/3226   using a predetermined code,...

H04L 9/3231   Biological data, e.g. finge...

Systems and methods for RFID security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

79 Citations

57 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for RFID security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

57 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others