RFID security system and method
First Claim
1. A radio-frequency identification (RFID) tag security apparatus, comprising:
- a security server coupled between one or more RFID tag reader device and a back-end system, wherein at least one of the back-end system is configured to read tag data from or write tag data to one or more RFID tag reader devices; and
at least one database coupled to the security server, wherein the database is configurable to store a plurality of policies, and wherein the security server is configurable to act as a gatekeeper and observe tag data read from or written to any of the RFID tag reader devices and to screen the tag data for malware according to the policies, to determine whether a security tag is present and whether it is valid, to generate a security tag if non is present, and to handle exceptions according to the policies, wherein under predefined circumstances an exception causes an escalation of priority, and wherein the predefined circumstances comprise a signature reference indicating an attack signature, wherein the at least one database is further configurable to store attack pattern signatures, wherein screening the data comprises comparing attack pattern signatures to the data output by the tag reader device.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of an RFID security system and method are described herein. Embodiments include an RFID security server or appliance and RFID security software. In an embodiment, the RFID security server is placed between an RFID reader and an enterprise back-end. Thus the system operates at the point where the RFID data stream leaves the RF interface and enters a physical transmission medium before any other active components on the network (such as databases, middleware, routers). The RFID security server analyzes RFID tag data (including meta-data) received from the reader in-band and detects malware and errors in the data. RFID tag data containing malware or errors is blocked from entering the enterprise back-end. Unwanted RFID tags are also identified and filtered as noise.
-
Citations
29 Claims
-
1. A radio-frequency identification (RFID) tag security apparatus, comprising:
-
a security server coupled between one or more RFID tag reader device and a back-end system, wherein at least one of the back-end system is configured to read tag data from or write tag data to one or more RFID tag reader devices; and at least one database coupled to the security server, wherein the database is configurable to store a plurality of policies, and wherein the security server is configurable to act as a gatekeeper and observe tag data read from or written to any of the RFID tag reader devices and to screen the tag data for malware according to the policies, to determine whether a security tag is present and whether it is valid, to generate a security tag if non is present, and to handle exceptions according to the policies, wherein under predefined circumstances an exception causes an escalation of priority, and wherein the predefined circumstances comprise a signature reference indicating an attack signature, wherein the at least one database is further configurable to store attack pattern signatures, wherein screening the data comprises comparing attack pattern signatures to the data output by the tag reader device. - View Dependent Claims (2, 3, 4, 5, 6, 26, 27, 28, 29)
-
-
7. A radio-frequency identification (RFID) tag security method, the method comprising:
-
receiving RFID tag data from an RFID tag reader device, wherein the tag data comprises payload data and security stamp data; performing exception detection on the RFID data, wherein exceptions comprise one or more of malware and errors, and wherein performing exception detection comprise, analyzing security stamp data and payload data; further comprises generating a security stamp to be written the tag data if no security stamp exists; and analyzing RFID tag data from a plurality of RFID tag types, wherein analyzing the RFID tag data comprises comparing the RFID tag data against a plurality of attack signature patterns; if no exceptions are detected, transmitting the RFID tag data to a destination system, wherein the destination system comprises an enterprise back-end system; and if an exception is detected, handling the exception according to predetermined policies, including preventing the RFID tag data from being transmitted to the destination system. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer-readable medium having stored thereon instructions, that when executed in a system cause a radio-frequency identification (RFID) tag security method to be performed, the method comprising:
-
receiving RFID tag data from an RFID tag reader device wherein the tag data comprises payload data and security stamp data; performing exception detection on the RFID data, and wherein performing exception detection comprise, analyzing security stamp data and payload data; further comprises generating a security stamp to be written the tag data if no security stamp exists; and analyzing RFID tag data from a plurality of RFID tag types, wherein analyzing the RFID tag data comprises comparing the RFID tag data against a plurality of attack signature patterns; if no exceptions are detected, transmitting the RFID tag data to a destination system, wherein the destination system comprises an enterprise back-end system; and if an exception is detected, handling the exception according to predetermined policies, including preventing the RFID tag data from being transmitted to the destination system. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification