Radio frequency identification tag security systems
First Claim
Patent Images
1. A method of operating a radio-frequency identification system, the system including a tag, a reader and a third party authority,wherein the tag has a tag name, the tag name comprising a tag identity and a secret value, wherein the secret value is mapped to the tag identity,the method comprising the steps of:
- (i) the reader interrogating the tag,(ii) the tag sending in response a pseudonym comprising an encryption of the secret value,(iii) the reader sending a request to the third party authority for release of a decryption key, the request including the pseudonym received from the tag,(iv) the third party authority, having determined that the reader is authorized to receive the decryption key, sending to the reader the decryption key, and(v) the reader using the decryption key to obtain the tag identity,wherein the decryption key can be used by the reader to obtain the tag identity a pre-determined plurality of times without further contact between the reader and the third party authority after the request for release of the decryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
Security and privacy of tag information in an RFID-based system can be achieved through the usage of pseudonyms generated based on one-way hash functions. A system based on binary one-way trees allows for the scalable generation and decoding of authentication keys to obtain access to tag identities. The apparatus and methods described can also be adapted to provide limited access for readers to tag information.
30 Citations
9 Claims
-
1. A method of operating a radio-frequency identification system, the system including a tag, a reader and a third party authority,
wherein the tag has a tag name, the tag name comprising a tag identity and a secret value, wherein the secret value is mapped to the tag identity, the method comprising the steps of: -
(i) the reader interrogating the tag, (ii) the tag sending in response a pseudonym comprising an encryption of the secret value, (iii) the reader sending a request to the third party authority for release of a decryption key, the request including the pseudonym received from the tag, (iv) the third party authority, having determined that the reader is authorized to receive the decryption key, sending to the reader the decryption key, and (v) the reader using the decryption key to obtain the tag identity, wherein the decryption key can be used by the reader to obtain the tag identity a pre-determined plurality of times without further contact between the reader and the third party authority after the request for release of the decryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method of operating a radio-frequency identification system, the system including a tag, a reader and a third party authority, wherein
the tag has a tag name, the tag name comprising a tag identity and a secret value, wherein the secret value is mapped to the tag identity, the method comprising the steps of: -
(i) the reader interrogating the tag, (ii) the tag sending to the reader in response, locational information describing the location of a decryption key within a one-way hash tree, (iii) the reader sending a request to the third party authority for release of a decryption key, the request including the locational information received from the tag, (iv) the third party authority, having determined that the reader is authorized to receive the decryption key, sending to the reader the decryption key, and (v) the reader using the decryption key to obtain the tag identity, wherein the decryption key can be used by the reader to obtain the tag identity a pre-determined plurality of times without further contact between the reader and third party authority after the request for release of the decryption key.
-
-
9. A system to perform a method of operating a radio-frequency identification system, the system comprising
a tag having a tag name, the tag name comprising a tag identity and a secret value, wherein the secret value is mapped to the tag identity, a reader arranged in use for interrogating the tag, and for receiving in response from the tag a pseudonym being an encryption of the secret value, a third party authority arranged in use to receive from the reader a request for release of a decryption key, the request including the pseudonym received from the tag, and sending to the reader the decryption key after determining that the reader is authorized to receive the decryption key, wherein in use the reader can use the decryption key to obtain the tag identity a pre-determined plurality of times without further contact between the reader and the third party authority after the request for release of the decryption key.
Specification