RFID security system and method, including security stamp
First Claim
1. A radio-frequency identification (RFID) tag security system, comprising:
- a plurality of security servers each coupled between respective RFID tag reader devices and respective back-end systems, wherein a back-end system is configures to read tag data from and to write tag data to one or more RFID reader devices; and
at least one database coupled to each security server, wherein the database is configurable to store a plurality of policies, and wherein each security server is configurable to analyze tag data read from and written to a respective tag reader device according to one or more of the policies, wherein analyzing comprises,determining whether the tag data has been tampered with and whether a tag is an unauthorized duplicate of a genuine, original tag;
generating a security stamp uniquely associated with the tag data;
storing the security stamp on or more of one the tag and an external integrity database, wherein under predefined circumstances when the tag data has been tampered with, an exception causes an escalation of priority, the predefined circumstances comprising a signature reference indicating an attack signature; and
determining whether there is a security stamp associated with the tag data;
if there is a security stamp associated with the tag data, generating a second security stamp based on the tag data; and
comparing the associated security stamp with the second security stamp to establish integrity of the associated tag data.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of an RFID security system and method are described herein. Embodiments include an RFID security server or appliance and RFID security software. In an embodiment, the RFID security server is placed between an RFID reader and an enterprise back-end. Thus the system operates at the point where the RFID data stream leaves the RF interface and enters a physical transmission medium before any other active components on the network (such as databases, middleware, routers). The RFID security server analyzes RFID tag data (including meta-data) received from the reader in-band and detects malware and errors in the data. RFID tag data containing malware or errors is blocked from entering the enterprise back-end. In an embodiment, analyzing RFID tag data includes generating a security stamp that is uniquely associated with the tag data. The security stamp is stored on the RFID tag, or alternatively, stored separately for later comparison in order to detect tampering.
-
Citations
36 Claims
-
1. A radio-frequency identification (RFID) tag security system, comprising:
-
a plurality of security servers each coupled between respective RFID tag reader devices and respective back-end systems, wherein a back-end system is configures to read tag data from and to write tag data to one or more RFID reader devices; and at least one database coupled to each security server, wherein the database is configurable to store a plurality of policies, and wherein each security server is configurable to analyze tag data read from and written to a respective tag reader device according to one or more of the policies, wherein analyzing comprises, determining whether the tag data has been tampered with and whether a tag is an unauthorized duplicate of a genuine, original tag; generating a security stamp uniquely associated with the tag data; storing the security stamp on or more of one the tag and an external integrity database, wherein under predefined circumstances when the tag data has been tampered with, an exception causes an escalation of priority, the predefined circumstances comprising a signature reference indicating an attack signature; and determining whether there is a security stamp associated with the tag data; if there is a security stamp associated with the tag data, generating a second security stamp based on the tag data; and comparing the associated security stamp with the second security stamp to establish integrity of the associated tag data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 36)
-
-
10. A radio-frequency identification (RFID) tag security method, comprising:
-
receiving RFID tag data from an RFID tag reader device; analyzing the tag data read from or written to a respective tag reader device, comprising determining whether the tag data has been tampered with and whether the tag is an unauthorized duplicate of a genuine, original tag; if the tag data has not been tampered with, generating a security stamp uniquely associated with the tag data, and transmitting the tag data to a destination system and storing the security stamp on one or more of the tag and an external integrity database; if the tag data has been tampered with, blocking the tag data from being transmitted to the destination system, wherein under predefined circumstances when the tag data has been tampered with, an exception causes an escalation of priority, the predefined circumstances comprising a signature reference indicating an attack signature and determining whether there is a security stamp associated with the tag data if there is a security stamp associated with the tag data, generating a second security stamp based on the tag data; and comparing the associated security stamp with the second security stamp to establish integrity of the associated tag data. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer-readable medium, comprising a non-transitory media, having stored thereon instructions, that when executed in a system cause a radio-frequency identification (RFID) tag security method to be performed, the method comprising:
-
receiving RFID tag data from an RFID tag reader device; analyzing the tag data read from or written to a respective tag reader device, comprising determining whether the tag data has been tampered with and whether the tag is an unauthorized duplicate of a genuine, original tag; if the tag data has not been tampered with, generating a security stamp uniquely associated with the tag data, and transmitting the tag data to a destination system and storing the security stamp on one or more of the tag and an external integrity database; and if the tag data has been tampered with, blocking the tag data from being transmitted to the destination system, wherein under predefined circumstances when the tag data has been tampered with, an exception causes an escalation of priority, the predefined circumstances comprising a signature reference indicating an attack signature and determining whether there is a security stamp associated with the tag data; if there is a security stamp associated with the tar data, generating a second security stamp based on the tag data; and comparing the associated security stamp with the second security stamp to establish integrity of the associated tag data. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A radio-frequency identification (RFID) tag security system, comprising:
-
a plurality of security servers each coupled between respective RFID tag reader devices and respective back-end systems, wherein a back-end system is configures to read tag data from and to write tag data to one or more RFID reader devices; and at least one database coupled to each security server, wherein the database is configurable to store a plurality of policies, and wherein each security server is configurable to analyze tag data read from and written to a respective tag reader device according to one or more of the policies, wherein analyzing comprises, determining whether the tag data has been tampered with and whether a tag is an unauthorized duplicate of a genuine, original tag; generating a security stamp uniquely associated with the tag data, wherein generating a security stamp comprises calculating a unique hash value over tag data utilizing standard cryptographic hash functions, comprising hash-based message algorithm code-message direst five (HMAC-MD5), hash-based message algorithm code-secure hash algorithm one (HMAC-SHA-1), wherein tag data comprises tag user data, payload data, and factory pre-set tag meta data, including an unchangeable unique tag identification number; storing the security stamp on or more of one the tag and an external integrity database, wherein under predefined circumstances when the tag data has been tampered with, an exception causes an escalation of priority, the predefined circumstances comprising a signature reference indicating an attack signature; and determining whether there is a security stamp associated with the tag data; if there is a security stamp associated with the tag data, generating a second security stamp based on the tag data; and comparing the associated security stamp with the second security stamp to establish integrity of the associated tag data.
-
Specification