Secure RFID system and method

US 8,344,853 B1
Filed: 05/07/2007
Issued: 01/01/2013
Est. Priority Date: 05/16/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method of communicating securely in an RFID system, said RFID system comprising a reader and one or more RFID tags, the one or more RFID tags comprising passive RFID circuitry operating at a passive frequency, said method comprising the steps of:

transmitting a probe from the reader to the one or more RFID tags at the passive frequency;

generating a random number at the one or more RFID tags with the passive RFID circuitry, the one or more RFID tags including information of a tag ID, Authenticated Facility Group ID and Prior Location, the Authenticated Facility Group ID is the ID of all authorized RFID equipment within a group determined by an authorized entity, the Prior Location is a location site ID for a last previous logistics checkpoint that the one or more RFID tags passed before arriving at its current location;

forwarding the random number and the information to the reader, the reader comprises a local database connected securely to the reader wherein a hash function, the Authenticated Facility Group ID and the location of the reader are stored at the local databaseauthenticating the reader by comparing a first hash value determined from the hash function of the random number generated at the one or more RFID tags and an Authenticated Facility Group ID stored on the one or more RFID tags with a second hash value determined from the hash function of the forwarded random number and an Authenticated Facility Group ID stored in the reader, wherein if the first hash value matches the second hash value the reader is authenticated and the one or more RFID tags sends a hash of its tag ID with the Prior Location to the reader, the reader forwards the hash of its tag ID with the Prior Location to the local database where the actual tag ID is determined, if the reader is authenticated performing the steps of;

forwarding to the reader a third hash value determined from the hash function of a tag ID stored at the one or more RFID tags and a Prior Location stored at the one or more RFID tags; and

determining the tag ID at the reader from the forwarded third hash value,forwarding a current location ID of the reader to the one or more RFID tags and storing the forwarded current location ID as the Prior Location stored at the one or more RFID tags.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a system and method for providing security in an RFID system and provides a secure active RFID architecture that uses a combination of passive and active RFID circuitry and employs authentication and encryption techniques in the processing of data, at rest and over the air. In the method of communicating securely in an RFID system of the present invention, a random number is generated with the passive RFID circuitry. The random number is forwarded to a reader. The reader is authenticated by comparing a first hash value determined from a hash function of the random number generated at the RFID tag and an Authenticated Facility Group ID stored on the RFID tag with a second hash value determined from the hash function of the forwarded random number and an Authenticated Facility Group ID stored in the reader such that if the first hash value matches the second hash value the reader is authenticated. After the reader is authenticated, the tag ID stored at the RFID tag can be revealed. After authentication of the reader, a second layer of security using encryption is provided with the active RFID circuitry.

Citations

27 Claims

1. A method of communicating securely in an RFID system, said RFID system comprising a reader and one or more RFID tags, the one or more RFID tags comprising passive RFID circuitry operating at a passive frequency, said method comprising the steps of:
- transmitting a probe from the reader to the one or more RFID tags at the passive frequency;
  
  generating a random number at the one or more RFID tags with the passive RFID circuitry, the one or more RFID tags including information of a tag ID, Authenticated Facility Group ID and Prior Location, the Authenticated Facility Group ID is the ID of all authorized RFID equipment within a group determined by an authorized entity, the Prior Location is a location site ID for a last previous logistics checkpoint that the one or more RFID tags passed before arriving at its current location;
  
  forwarding the random number and the information to the reader, the reader comprises a local database connected securely to the reader wherein a hash function, the Authenticated Facility Group ID and the location of the reader are stored at the local databaseauthenticating the reader by comparing a first hash value determined from the hash function of the random number generated at the one or more RFID tags and an Authenticated Facility Group ID stored on the one or more RFID tags with a second hash value determined from the hash function of the forwarded random number and an Authenticated Facility Group ID stored in the reader, wherein if the first hash value matches the second hash value the reader is authenticated and the one or more RFID tags sends a hash of its tag ID with the Prior Location to the reader, the reader forwards the hash of its tag ID with the Prior Location to the local database where the actual tag ID is determined, if the reader is authenticated performing the steps of;
  
  forwarding to the reader a third hash value determined from the hash function of a tag ID stored at the one or more RFID tags and a Prior Location stored at the one or more RFID tags; and
  
  determining the tag ID at the reader from the forwarded third hash value,forwarding a current location ID of the reader to the one or more RFID tags and storing the forwarded current location ID as the Prior Location stored at the one or more RFID tags.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the one or more RFID tags further comprises active RFID circuitry and further comprising the step of:
    - encrypting data elements of the one or more RFID tags which are not accessed frequently using the active RFID circuitry.
  - 3. The method of claim 2 wherein said step of encrypting comprises encrypting the data elements which are not accessed frequently with a secret encryption key and encrypting the secret encryption key with a public key of a destination site.
  - 4. The method of claim 3 further comprising the steps of decrypting the encrypted secret key at the destination site using a private key of the destination site;
    - anddecrypting the encrypted data elements of the one or more RFID tags.
  - 5. The method of claim 3 wherein the secret encryption key is determined by activating an active RFID beacon and revealing the secret encryption key.
  - 6. The method of claim 2 wherein said step of encrypting comprises encrypting the data elements which are not accessed frequently with a system wide secret key wherein the encrypted data elements of the one or more RFID tags are decrypted with a system wide secret key stored in the secure local database.
  - 7. The method of claim 1 wherein the one or more RFID tags further comprises active RFID circuitry and further comprising the step of:
    - leaving unencrypted data elements of the one or more RFID tags which are frequently accessed with the active RFID circuitry.

8. A system for communicating securely in an RFID system, said RFID system comprising a reader and one or more RFID tags, the one or more RFID tags comprising passive RFID circuitry operating at a passive frequency, said system comprising:
- means for transmitting a probe from the reader to the one or more RFID tags at the passive frequency;
  
  means for generating a random number at the one or more RFID tags with the passive RFID circuitry, the one or more RFID tags including information of a tag ID, Authenticated Facility Group ID and Prior Location, the Authenticated Facility Group ID is the ID of all authorized RFID equipment within a group determined by an authorized entity, the Prior Location, is a location site ID for a last previous logistics checkpoint that the one or more RFID tags passed before arriving at its current location;
  
  means for forwarding the random number and the information to the reader, the reader comprises a local database connected securely to the reader wherein a hash function, the Authenticated Facility Group ID and the location of the reader are stored at the local database,means for authenticating the reader by comparing a first hash value determined from a the hash function of the random number generated at the one or more RFID tags and an Authenticated Facility Group ID stored on the one or more RFID tags with a second hash value determined from the hash function of the forwarded random number and an Authenticated Facility Group ID stored in the reader, wherein if the first hash value matches the second hash value the reader is authenticated and the one or more RFID tags sends a hash of its tag ID with the Prior Location to the reader, the reader forwards the hash of its tag ID with the Prior Location to the local database where the actual tag ID is determined, if the reader is authenticated performing;
  
  means for forwarding to the reader a third hash value determined from the hash function of a tag ID stored at the one or more RFID tags and a Prior Location stored at the one or more RFID tags; and
  
  means for determining the tag ID at the reader from the forwarded third hash value,means for forwarding a current location ID of the reader to the one or more RFID tags and storing the forwarded current location ID as the Prior Location stored at the one or more RFID tags.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8 wherein the one or more RFID tags further comprises active RFID circuitry and further comprising:
    - means for encrypting data elements of the one or more RFID tags which are not accessed frequently using the active RFID circuitry.
  - 10. The system of claim 9 wherein said means for encrypting comprises encrypting data elements which are not accessed frequently with a secret encryption key and wherein the secret key is stored in encrypted form using a public key of a destination site and the encrypted data is decrypted by the destination site by first decrypting the secret key using a site specific private key and then using the secret key to decrypt the data elements of the one or more RFID tags.
  - 11. The system of claim 10 wherein the secret encryption key is determined by means for activating an active RFID beacon and revealing the secret encryption key.
  - 12. The system of claim 11 wherein said means for encrypting comprises encrypting the data elements which are not accessed frequently with a system wide secret key wherein the encrypted data is decrypted with the system wide secret key stored in the secure local database.
  - 13. The system of claim 8 wherein the one or more RFID tags further comprises active RFID circuitry and further comprising:
    - means for leaving unencrypted data elements of the one or more RFID tags which are frequently accessed by the active RFID circuitry.

14. A method for providing security in a system for distributing goods comprising the steps of:
- associating one or more RFID tags with the goods, said one or more RFID tags comprising passive RFID circuitry operating at a passive frequency; and
  
  authenticating a reader at an initial distribution center by the steps of;
  
  transmitting a probe from the reader to the one or more RFID tags at the passive frequency;
  
  generating a random number at the one or more RFID tags with the passive RFID circuitry at the initial distribution center, the one or more RFID tags including information of a tag ID, Authenticated Facility Group ID and Prior Location, the Authenticated Facility Group ID is the ID of all authorized RFID equipment within a group determined by an authorized entity, the Prior Location, is a location site ID for a last previous logistics checkpoint that the one or more RFID tags passed before arriving at its current location;
  
  forwarding the random number and the information to the reader, the reader comprises a local database connected securely to the reader wherein a hash function, the Authenticated Facility Group ID and the location of the reader are stored at the local database at the initial distribution center; and
  
  comparing a first hash value determined from the hash function of the random number generated at the one or more RFID tags and an Authenticated Facility Group ID stored on the one or more RFID tags with a second hash value determined from the hash function of the forwarded random number and an Authenticated Facility Group ID stored in the reader at the initial distribution center, wherein if the first hash value matches the second hash value the reader at the initial distribution center is authenticated and the one or more RFID tags sends a hash of its tag ID with the Prior Location to the reader, the reader forwards the hash of its tag ID with the Prior Location to the local database where the actual tag ID is determined, if the reader is authenticated performing the steps of;
  
  forwarding to the reader a third hash value determined from the hash function of a tag ID stored at the one or more RFID tags and a Prior Location stored at the one or more RFID tags; and
  
  determining the tag ID at the reader from the forwarded third hash value,forwarding a current location ID of the reader to the one or more RFID tags and storing the forwarded current location ID as the Prior Location stored at the one or more RFID tags.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 15. The method of claim 14 further comprising the steps of:
    - forwarding the goods to an intermediate distribution center/depot and/or destination/supply depot; and
      
      authenticating a reader at the intermediate distribution center/depot and/or destination/supply depot by the steps of;
      
      generating a random number at the RFID tag with the passive RFID circuitry;
      
      forwarding the random number to the reader at the intermediate distribution center/depot and/or destination/supply depot; and
      
      comparing a first hash value determined from a hash function of the random number generated at the RFID tag and an Authenticated Facility Group ID stored on the RFID tag with a second hash value determined from the hash function of the forwarded random number and an Authenticated Facility Group ID stored in the reader at the intermediate distribution center/depot and/or destination/supply depot;
      
      wherein if the first hash value matches the second hash value the reader at the intermediate distribution center/depot and/or destination/supply depot is authenticated.
  - 16. The method of claim 14 wherein if the reader at the initial distribution center is authenticated further comprising the steps of:
    - forwarding to the reader at the initial distribution center a third hash value determined from the hash function of a tag ID stored at the RFID tag and a Prior Location stored at the RFID tag; and
      
      determining the tag ID at the reader at the initial distribution center from the forwarded third hash value.
  - 17. The method of claim 15 wherein if the reader at the intermediate distribution center/depot and/or destination/supply depot is authenticated further comprising the steps of:
    - forwarding to the reader at the intermediate distribution center/depot and/or destination/supply depot a third hash value determined from the hash function of a tag ID stored at the RFID tag and a Prior Location stored at the RFID tag; and
      
      determining the tag ID at the reader at the intermediate distribution center/depot and/or destination/supply depot from the forwarded third hash value.
  - 18. The method of claim 14 wherein the one or more RFID tags further comprises active RFID circuitry and further comprising the step of:
    - encrypting data elements of the one or more RFID tags which are not accessed frequently using the active RFID circuitry.
  - 19. The method of claim 18 wherein said step of encrypting comprises encrypting the data elements which are not accessed frequently with a secret encryption key and then encrypting the secret key with a public key of the destination site wherein the encrypted secret key is decrypted at the destination site using the private key of the destination site and once decrypted, the encrypted secret key is used to decrypt the encrypted data elements of the one or more RFID tags.
  - 20. The method of claim 18 wherein the secret encryption key is determined by activating an active RFID beacon and revealing the secret encryption key.
  - 21. The method of claim 18 wherein said step of encrypting comprises encrypting the data elements which are not accessed frequently with a system wide secret key wherein the encrypted data is decrypted with a system wide secret key stored in a secure local database.
  - 22. The method of claim 14 wherein the one or more RFID tags further comprises active RFID circuitry and further comprising the step of:
    - leaving unencrypted data elements of the one or more RFID tags which are frequently accessed with the active RFID circuitry.
  - 23. The method of claim 15 wherein the one or more RFID tags further comprises active RFID circuitry and further comprising the step of:
    - encrypting data elements of the one or more RFID tags which are not accessed frequently using the active RFID circuitry.
  - 24. The method of claim 23 wherein said step of encrypting comprises encrypting the data elements which are not accessed frequently with a secret encryption key and then encrypting the secret encryption key with a public key of the destination site wherein the encrypted secret key is decrypted at the destination site using a private key of the destination site and once decrypted, the secret encryption key is used to decrypt the encrypted data elements of the one or more RFID tags.
  - 25. The method of claim 24 wherein the secret encryption key is determined by activating an active RFID beacon and revealing the secret encryption key.
  - 26. The method of claim 23 wherein said step of encrypting comprises encrypting the data elements which are not accessed frequently with a system wide secret key wherein the encrypted data is decrypted with a system wide secret key stored in a secure local database.
  - 27. The method of claim 23 wherein the one or more RFID tags further comprises active RFID circuitry and further comprising the step of:
    - leaving unencrypted data elements of the one or more RFID tags which are frequently accessed with the active RFID circuitry.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Eigent Technologies LLC (Eigent Technologies Incorporated)
Original Assignee
Eigent Technologies LLC (Eigent Technologies Incorporated)
Inventors
Warner, Janice, Warner, Robert, Winters, Jack
Primary Examiner(s)
Zimmerman, Brian
Assistant Examiner(s)
Khan, Omer S

Application Number

US11/801,591
Time in Patent Office

2,066 Days
Field of Search

340/572.1, 340/10.42
US Class Current

340/10.1
CPC Class Codes

G06K 19/07309   Means for preventing undesi...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

Secure RFID system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Secure RFID system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links