RFID security system and method

US 7,868,761 B2
Filed: 04/27/2007
Issued: 01/11/2011
Est. Priority Date: 10/31/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A radio-frequency identification (RFID) tag security apparatus, comprising:

a security server coupled between one or more RFID tag reader device and a back-end system, wherein at least one of the back-end system is configured to read tag data from or write tag data to one or more RFID tag reader devices; and

at least one database coupled to the security server, wherein the database is configurable to store a plurality of policies, and wherein the security server is configurable to act as a gatekeeper and observe tag data read from or written to any of the RFID tag reader devices and to screen the tag data for malware according to the policies, to determine whether a security tag is present and whether it is valid, to generate a security tag if non is present, and to handle exceptions according to the policies, wherein under predefined circumstances an exception causes an escalation of priority, and wherein the predefined circumstances comprise a signature reference indicating an attack signature, wherein the at least one database is further configurable to store attack pattern signatures, wherein screening the data comprises comparing attack pattern signatures to the data output by the tag reader device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of an RFID security system and method are described herein. Embodiments include an RFID security server or appliance and RFID security software. In an embodiment, the RFID security server is placed between an RFID reader and an enterprise back-end. Thus the system operates at the point where the RFID data stream leaves the RF interface and enters a physical transmission medium before any other active components on the network (such as databases, middleware, routers). The RFID security server analyzes RFID tag data (including meta-data) received from the reader in-band and detects malware and errors in the data. RFID tag data containing malware or errors is blocked from entering the enterprise back-end. Unwanted RFID tags are also identified and filtered as noise.

Citations

29 Claims

1. A radio-frequency identification (RFID) tag security apparatus, comprising:
- a security server coupled between one or more RFID tag reader device and a back-end system, wherein at least one of the back-end system is configured to read tag data from or write tag data to one or more RFID tag reader devices; and
  
  at least one database coupled to the security server, wherein the database is configurable to store a plurality of policies, and wherein the security server is configurable to act as a gatekeeper and observe tag data read from or written to any of the RFID tag reader devices and to screen the tag data for malware according to the policies, to determine whether a security tag is present and whether it is valid, to generate a security tag if non is present, and to handle exceptions according to the policies, wherein under predefined circumstances an exception causes an escalation of priority, and wherein the predefined circumstances comprise a signature reference indicating an attack signature, wherein the at least one database is further configurable to store attack pattern signatures, wherein screening the data comprises comparing attack pattern signatures to the data output by the tag reader device.
- View Dependent Claims (2, 3, 4, 5, 6, 26, 27, 28, 29)
- - 2. The apparatus of claim 1, wherein the back-end system comprises part of an enterprise and wherein the policies are preconfigured for the enterprise.
  - 3. The apparatus of claim 1, wherein each policy may refer to one or more attack signatures, wherein an attack signature comprises a manually created digital bit pattern uniquely characterizing a specific malware and class of related malwares, and screening the tag data comprises comparing attack signatures to the tag data output by the tag reader device.
  - 4. The apparatus of claim 1, wherein the security server further comprises a front-end module configurable to receive the tag data output by the tag reader device, and to interpret data from a plurality of RFID tag types and reader device types.
  - 5. The apparatus of claim 1, wherein the each policy is configurable to store incident information for tag data matching any of the attack signatures referenced by the policy in an audit database, comprising a text message and meta data pertaining to circumstances of a malware detection, such that a historical record of securitu incidents is created, wherein the historical record is useable for analysis and reporting.
  - 6. The apparatus of claim 1, wherein the security server further comprises a back-end module coupled to the back-end system, wherein the back-end module is configurable to transmit data output by the tag reader device to the back-end system, and wherein the back-end module is configurable to interface with a plurality of types of back-end systems.
  - 26. The apparatus of claim 1, wherein malware prepresents any form of intentional manipulation of tag data by an attacker, wherein manipulation comprises, compueter viruses, computer worms, Trojan Horses, injection attacks, and buffer overflows.
  - 27. The apparatus of claim 1, wherein the security server makes its presense between reader devices and backend systems invisible by simulating RFID reader device behavior to the backend systems and by simulating backend system behavior to the RFID reader device, so that existing third party driver software insideone or more of the RFID reader devices and backend systems does not require modification prior to integrating with the security server.
  - 28. The apparatus of claim 1, wherein each policy is configurable to define how to process tag data matchin any of the attack signatures referenced by a respective policy, comprising transmitting the tag data unchanged to back-end systems, blocking the tag data from reaching the back-end systems, and cleaning the tag data by modifying it before transmitting it to the back-end systems.
  - 29. The apparatus of claim 1, wherein each policy is configurable to raise an alert for tag data matching any attack signatures reference by the polidy, comprising a tezt message, meta dat pertaining to circumstances of a malware detection, and transmitting an alert to one or more individuals and automated logging systems using standard communication protocols, the protocols comprising syslog.

7. A radio-frequency identification (RFID) tag security method, the method comprising:
- receiving RFID tag data from an RFID tag reader device, wherein the tag data comprises payload data and security stamp data;
  
  performing exception detection on the RFID data, wherein exceptions comprise one or more of malware and errors, and wherein performing exception detection comprise,analyzing security stamp data and payload data;
  
  further comprises generating a security stamp to be written the tag data if no security stamp exists; and
  
  analyzing RFID tag data from a plurality of RFID tag types, wherein analyzing the RFID tag data comprises comparing the RFID tag data against a plurality of attack signature patterns;
  
  if no exceptions are detected, transmitting the RFID tag data to a destination system, wherein the destination system comprises an enterprise back-end system; and
  
  if an exception is detected, handling the exception according to predetermined policies, including preventing the RFID tag data from being transmitted to the destination system.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
- - 8. The method of claim 7, wherein performing exception detection comprises querying a policy database for an applicable rule.
  - 9. The method of claim 7, wherein the predetermined policies comprise a plurality of rules, and wherein performing exception detection comprises evaluating a first rule to determine whether the first rule is applicable.
  - 10. The method of claim 9, further comprising, if the first rule is applicable, processing the first rule.
  - 11. The method of claim 9, further comprising, if the first rule is not applicable, evaluating a next rule to determine whether the next rule is applicable.
  - 12. The method of claim 11, further comprising, if the next rule is applicable, processing the next rule.
  - 13. The method of claim 12, further comprising, if none of the plurality of rules is applicable, processing a default rule.
  - 14. The method of claim 7, wherein analyzing the RFID tag data comprises processing at least one of a plurality of predetermined rules.
  - 15. The method of claim 7, further comprising storing results of the analysis in an audit database.

16. A computer-readable medium having stored thereon instructions, that when executed in a system cause a radio-frequency identification (RFID) tag security method to be performed, the method comprising:
- receiving RFID tag data from an RFID tag reader device wherein the tag data comprises payload data and security stamp data;
  
  performing exception detection on the RFID data, and wherein performing exception detection comprise,analyzing security stamp data and payload data;
  
  further comprises generating a security stamp to be written the tag data if no security stamp exists; and
  
  analyzing RFID tag data from a plurality of RFID tag types, wherein analyzing the RFID tag data comprises comparing the RFID tag data against a plurality of attack signature patterns;
  
  if no exceptions are detected, transmitting the RFID tag data to a destination system, wherein the destination system comprises an enterprise back-end system; and
  
  if an exception is detected, handling the exception according to predetermined policies, including preventing the RFID tag data from being transmitted to the destination system.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 17. The computer-readable medium of claim 16, wherein exceptions comprise one or more of malware and errors.
  - 18. The computer-readable medium of claim 16, wherein performing exception detection comprises querying a policy database for an applicable rule.
  - 19. The computer-readable medium of claim 16, wherein the predetermined policies comprise a plurality of rules, and wherein performing exception detection comprises evaluating a first rule to determine whether the first rule is applicable.
  - 20. The computer-readable medium of claim 19, the method further comprising, if the first rule is applicable, processing the first rule.
  - 21. The computer-readable medium of claim 19, the method further comprising, if the first rule is not applicable, evaluating a next rule to determine whether the next rule is applicable.
  - 22. The computer-readable medium of claim 21, the method further comprising, if the next rule is applicable, processing the next rule.
  - 23. The computer-readable medium of claim 22, the method further comprising, if none of the plurality of rules is applicable, processing a default rule.
  - 24. The computer-readable medium of claim 16, wherein analyzing the RFID tag data comprises processing at least one of a plurality of predetermined rules.
  - 25. The computer-readable medium of claim 16, the method further comprising storing results of the analysis in an audit database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Boris Wolf, John Lima, Lukas Grunwald
Original Assignee
Neocatena Networks, Inc.
Inventors
Grunwald, Lukas, Wolf, Boris
Primary Examiner(s)
Bugg, George A
Assistant Examiner(s)
Yacob, Sisay

Application Number

US11/796,409
Publication Number

US 20080100443A1
Time in Patent Office

1,355 Days
Field of Search

340/572.4, 340/572.1, 340/572.3, 340/572.8, 340/572.9, 340/5.61, 340/5.82, 340/539.13, 340/10.1, 726/22, 726/26, 726/27, 726/28, 726/1, 235/487, 235/493, 235/494, 235/375, 713/153, 713/165, 713/175, 713/189, 709/248, 705/30, 705/51, 380/28, 382/282, 326/8, 42/700.1
US Class Current

340/572.1
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/1441   Countermeasures against mal...

H04W 12/128   Anti-malware arrangements, ...

H04W 12/47   using near field communicat...

RFID security system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

RFID security system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links