RFID reader controllers limiting theft of confidential information

US 8,258,918 B1
Filed: 02/13/2009
Issued: 09/04/2012
Est. Priority Date: 03/24/2008
Status: Active Grant

First Claim

Patent Images

1. A method for limiting theft of confidential information from a Radio Frequency Identification (RFID) reader configured to exchange wireless transmissions with an RFID tag and communicate with a controller, the method comprising:

determining, at the controller, an authorization status of the reader for issuing the confidential information; and

if the reader is not authorized, the controller performing at least one of;

instructing the reader to limit an operational aspect of the reader associated with issuing the confidential information, anddisabling the reader'"'"'s authorization to issue the confidential information to the tag.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An RFID reader controller and methods of controlling an RFID reader by an RFID reader controller are provided to limit or prevent the issuing of confidential information such as encryption keys, passwords, shared secrets, and the like to RFID tags if a reader is not authorized. A controller may determine the authorization status of a reader and limit its communication with the reader or instruct the reader to limit an operational aspect of the reader.

20 Citations

View as Search Results

22 Claims

1. A method for limiting theft of confidential information from a Radio Frequency Identification (RFID) reader configured to exchange wireless transmissions with an RFID tag and communicate with a controller, the method comprising:
- determining, at the controller, an authorization status of the reader for issuing the confidential information; and
  
  if the reader is not authorized, the controller performing at least one of;
  
  instructing the reader to limit an operational aspect of the reader associated with issuing the confidential information, anddisabling the reader'"'"'s authorization to issue the confidential information to the tag.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the authorization status of the reader is determined based on at least one from a set of:
    - verifying a presence of communication between the reader and the controller;
      
      verifying validity of a registration of the reader;
      
      verifying validity of a timestamp associated with a communication between the reader and the controller;
      
      verifying communication with another tag within the reader'"'"'s field of view, the other tag being an authorizing tag; and
      
      verifying a connected status of a hardware key to the reader.
  - 3. The method of claim 1, wherein the authorization status of the reader is further determined based on receiving a satisfactory response from the reader to a challenge by the controller.
  - 4. The method of claim 1, wherein the authorization status of the reader is further determined based upon one of:
    - expiration of a period defined by the controller, detection of illicit reader activity by the controller, detection of a reader power cycling, and a user input to the controller.
  - 5. The method of claim 1, wherein communication between the controller and the reader includes one of:
    - a wired communication and a wireless communication.
  - 6. The method of claim 1, wherein the confidential information includes at least one from a set of:
    - a password, a shared secret, a confidential command, and an encryption/decryption key.
  - 7. The method of claim 6, wherein the confidential information is derived from at least one of:
    - a mathematical function and a look-up table, stored in one of;
      
      the reader and the controller.
  - 8. The method of claim 7, wherein the deriving is updated in response to at least one from a set of:
    - an expiration of a predefined period, a number of confidential transactions, an authorization value, and a user input.
  - 9. The method of claim 1, wherein limiting the operational aspect of the reader includes reducing communications with the reader such that the reader is prevented from issuing the confidential information to the tag.
  - 10. The method of claim 1, wherein limiting the operational aspect of the reader further includes disabling communications between the reader and the controller.
  - 11. The method of claim 1, wherein limiting the operational aspect of the reader further includes at least one from a set of:
    - causing a memory storage of the reader to be disabled;
      
      causing a wireless communication capability of the reader to be disabled;
      
      causing a power management unit of the reader to be disabled;
      
      causing an RF power of the reader to be reduced such that a range for reader communication with the tag is restricted; and
      
      causing a number of communications from the reader to the tag for issuing the confidential information to be reduced.
  - 12. The method of claim 1, wherein limiting the operational aspect of the reader is irreversible.
  - 13. The method of claim 1, wherein limiting the operational aspect of the reader further includes causing at least one from a set of:
    - a program stored in the reader for deriving the confidential information, a data file stored in the reader for deriving the confidential information, and a portion of contents of a data file stored in the reader for deriving the confidential information to be one of destroyed and rendered secure.

14. A controller communicating with a Radio Frequency Identification (RFID) reader, the reader configured to exchange wireless transmissions with an RFID tag, the controller comprising:
- a communication module configured to communicate with the reader through one of a wired and wireless medium; and
  
  a processing block coupled to the communication module, the processing block configured to;
  
  determine an authorization status of the reader for issuing confidential information; and
  
  if the reader is not authorized, perform at least one of;
  
  instructing the reader to limit an operational aspect of the reader associated with issuing the confidential information, anddisabling the reader'"'"'s authorization to issue the confidential information to the tag.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The controller of claim 14, wherein the processing block is further configured to determine the authorization status of the reader, based on one of:
    - receiving a satisfactory response to a challenge from the reader, expiration of a period defined by the controller, detection of illicit reader activity by the controller, detection of a reader power cycling, and a user input to the controller, employing at least one from a set of;
      
      verifying a presence of communication between the reader and the controller;
      
      verifying validity of a registration of the reader;
      
      verifying validity of a timestamp associated with a communication between the reader and the controller;
      
      verifying communication with another tag within the reader'"'"'s field of view, the other tag being an authorizing tag; and
      
      verifying a connected status of a hardware key to the reader.
  - 16. The controller of claim 14, wherein the confidential information includes at least one from a set of:
    - a password, a shared secret, a confidential command, and an encryption key, and wherein the confidential information is derived from at least one of;
      
      a mathematical function and a look-up table, stored in one of;
      
      the reader and the controller.
  - 17. The controller of claim 14, wherein the processing block is further configured to limit the operational aspect of the reader by disabling communications between the reader and the controller.
  - 18. The controller of claim 14, wherein the processing block is further configured to limit the operational aspect of the reader by at least one from a set of:
    - causing a memory storage of the reader to be disabled;
      
      causing a wireless communication capability of the reader to be disabled; and
      
      causing a power management unit of the reader to be disabled;
      
      causing an RF power of the reader to be reduced such that a range for reader communication with the tag is restricted;
      
      causing a number of communications from the reader to the tag for issuing the confidential information to be reduced; and
      
      causing at least one from a set of;
      
      a program stored in the reader for deriving the confidential information, a data file stored in the reader for deriving the confidential information, and a portion of contents of a data file stored in the reader for deriving the confidential information to be one of destroyed and rendered secure.
  - 19. The controller of claim 14, wherein the processing block is configured to limit the operational aspect of the reader irreversibly.

20. A non-transitory computer-readable medium with instructions stored thereon for limiting theft of confidential information from a Radio Frequency Identification (RFID) reader, the reader configured to exchange wireless transmissions with an RFID tag and communicate with the controller, the instructions comprising:
- determining, at the controller, an authorization status of the reader for issuing the confidential information; and
  
  if the reader is not authorized, performing at least one of;
  
  instructing the reader to limit an operational aspect of the reader associated with issuing the confidential information, anddisabling the reader'"'"'s authorization to issue the confidential information to the tag.
- View Dependent Claims (21, 22)
- - 21. The non-transitory computer-readable medium of claim 20, wherein the authorization status of the reader is determined, based on one of:
    - receiving a satisfactory response to a challenge from the reader, expiration of a period defined by the controller, detection of illicit reader activity by the controller, detection of a reader power cycling, and a user input to the controller, employing at least one from a set of;
      
      verifying a presence of communication between the reader and the controller;
      
      verifying validity of a registration of the reader;
      
      verifying validity of a timestamp associated with a communication between the reader and the controller;
      
      verifying communication with another tag within the reader'"'"'s field of view, the other tag being an authorizing tag; and
      
      verifying a connected status of a hardware key to the reader.
  - 22. The non-transitory computer-readable medium of claim 20, wherein limiting the operational aspect of the reader further includes at least one from a set of:
    - reducing communications with the reader such that the reader is prevented from issuing the confidential information to the tag;
      
      disabling communications with the reader;
      
      causing a memory storage of the reader to be disabled;
      
      causing a wireless communication capability of the reader to be disabled;
      
      causing a power management unit of the reader to be disabled;
      
      causing an RF power of the reader to be reduced such that a range for reader communication with the tag is restricted; and
      
      causing a number of communications from the reader to the tag for issuing the confidential information to be reduced.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Impinj, Inc.
Original Assignee
Impinj, Inc.
Inventors
Diorio, Christopher J., Peshkin, Joel, Aiouaz, Ali, Cooper, Scott
Primary Examiner(s)
MULLEN, THOMAS J

Application Number

US12/370,859
Time in Patent Office

1,299 Days
Field of Search

340/572.1, 340/10.1, 340/10.5, 340/10.51, 340/5.2, 340/5.4, 340/5.8, 380/270
US Class Current

340/5.2
CPC Class Codes

G06K 7/0008 General problems related to...

G06K 7/10257 arrangements for protecting...

RFID reader controllers limiting theft of confidential information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

RFID reader controllers limiting theft of confidential information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links