Secure RFID system and method
First Claim
1. A method of communicating securely in an RFID system, said RFID system comprising a reader and one or more RFID tags, the one or more RFID tags comprising passive RFID circuitry operating at a passive frequency, said method comprising the steps of:
- transmitting a probe from the reader to the one or more RFID tags at the passive frequency;
generating a random number at the one or more RFID tags with the passive RFID circuitry, the one or more RFID tags including information of a tag ID, Authenticated Facility Group ID and Prior Location, the Authenticated Facility Group ID is the ID of all authorized RFID equipment within a group determined by an authorized entity, the Prior Location is a location site ID for a last previous logistics checkpoint that the one or more RFID tags passed before arriving at its current location;
forwarding the random number and the information to the reader, the reader comprises a local database connected securely to the reader wherein a hash function, the Authenticated Facility Group ID and the location of the reader are stored at the local databaseauthenticating the reader by comparing a first hash value determined from the hash function of the random number generated at the one or more RFID tags and an Authenticated Facility Group ID stored on the one or more RFID tags with a second hash value determined from the hash function of the forwarded random number and an Authenticated Facility Group ID stored in the reader, wherein if the first hash value matches the second hash value the reader is authenticated and the one or more RFID tags sends a hash of its tag ID with the Prior Location to the reader, the reader forwards the hash of its tag ID with the Prior Location to the local database where the actual tag ID is determined, if the reader is authenticated performing the steps of;
forwarding to the reader a third hash value determined from the hash function of a tag ID stored at the one or more RFID tags and a Prior Location stored at the one or more RFID tags; and
determining the tag ID at the reader from the forwarded third hash value,forwarding a current location ID of the reader to the one or more RFID tags and storing the forwarded current location ID as the Prior Location stored at the one or more RFID tags.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention relates to a system and method for providing security in an RFID system and provides a secure active RFID architecture that uses a combination of passive and active RFID circuitry and employs authentication and encryption techniques in the processing of data, at rest and over the air. In the method of communicating securely in an RFID system of the present invention, a random number is generated with the passive RFID circuitry. The random number is forwarded to a reader. The reader is authenticated by comparing a first hash value determined from a hash function of the random number generated at the RFID tag and an Authenticated Facility Group ID stored on the RFID tag with a second hash value determined from the hash function of the forwarded random number and an Authenticated Facility Group ID stored in the reader such that if the first hash value matches the second hash value the reader is authenticated. After the reader is authenticated, the tag ID stored at the RFID tag can be revealed. After authentication of the reader, a second layer of security using encryption is provided with the active RFID circuitry.
-
Citations
27 Claims
-
1. A method of communicating securely in an RFID system, said RFID system comprising a reader and one or more RFID tags, the one or more RFID tags comprising passive RFID circuitry operating at a passive frequency, said method comprising the steps of:
-
transmitting a probe from the reader to the one or more RFID tags at the passive frequency; generating a random number at the one or more RFID tags with the passive RFID circuitry, the one or more RFID tags including information of a tag ID, Authenticated Facility Group ID and Prior Location, the Authenticated Facility Group ID is the ID of all authorized RFID equipment within a group determined by an authorized entity, the Prior Location is a location site ID for a last previous logistics checkpoint that the one or more RFID tags passed before arriving at its current location; forwarding the random number and the information to the reader, the reader comprises a local database connected securely to the reader wherein a hash function, the Authenticated Facility Group ID and the location of the reader are stored at the local database authenticating the reader by comparing a first hash value determined from the hash function of the random number generated at the one or more RFID tags and an Authenticated Facility Group ID stored on the one or more RFID tags with a second hash value determined from the hash function of the forwarded random number and an Authenticated Facility Group ID stored in the reader, wherein if the first hash value matches the second hash value the reader is authenticated and the one or more RFID tags sends a hash of its tag ID with the Prior Location to the reader, the reader forwards the hash of its tag ID with the Prior Location to the local database where the actual tag ID is determined, if the reader is authenticated performing the steps of; forwarding to the reader a third hash value determined from the hash function of a tag ID stored at the one or more RFID tags and a Prior Location stored at the one or more RFID tags; and determining the tag ID at the reader from the forwarded third hash value, forwarding a current location ID of the reader to the one or more RFID tags and storing the forwarded current location ID as the Prior Location stored at the one or more RFID tags. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for communicating securely in an RFID system, said RFID system comprising a reader and one or more RFID tags, the one or more RFID tags comprising passive RFID circuitry operating at a passive frequency, said system comprising:
-
means for transmitting a probe from the reader to the one or more RFID tags at the passive frequency; means for generating a random number at the one or more RFID tags with the passive RFID circuitry, the one or more RFID tags including information of a tag ID, Authenticated Facility Group ID and Prior Location, the Authenticated Facility Group ID is the ID of all authorized RFID equipment within a group determined by an authorized entity, the Prior Location, is a location site ID for a last previous logistics checkpoint that the one or more RFID tags passed before arriving at its current location; means for forwarding the random number and the information to the reader, the reader comprises a local database connected securely to the reader wherein a hash function, the Authenticated Facility Group ID and the location of the reader are stored at the local database, means for authenticating the reader by comparing a first hash value determined from a the hash function of the random number generated at the one or more RFID tags and an Authenticated Facility Group ID stored on the one or more RFID tags with a second hash value determined from the hash function of the forwarded random number and an Authenticated Facility Group ID stored in the reader, wherein if the first hash value matches the second hash value the reader is authenticated and the one or more RFID tags sends a hash of its tag ID with the Prior Location to the reader, the reader forwards the hash of its tag ID with the Prior Location to the local database where the actual tag ID is determined, if the reader is authenticated performing; means for forwarding to the reader a third hash value determined from the hash function of a tag ID stored at the one or more RFID tags and a Prior Location stored at the one or more RFID tags; and means for determining the tag ID at the reader from the forwarded third hash value, means for forwarding a current location ID of the reader to the one or more RFID tags and storing the forwarded current location ID as the Prior Location stored at the one or more RFID tags. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method for providing security in a system for distributing goods comprising the steps of:
-
associating one or more RFID tags with the goods, said one or more RFID tags comprising passive RFID circuitry operating at a passive frequency; and authenticating a reader at an initial distribution center by the steps of; transmitting a probe from the reader to the one or more RFID tags at the passive frequency; generating a random number at the one or more RFID tags with the passive RFID circuitry at the initial distribution center, the one or more RFID tags including information of a tag ID, Authenticated Facility Group ID and Prior Location, the Authenticated Facility Group ID is the ID of all authorized RFID equipment within a group determined by an authorized entity, the Prior Location, is a location site ID for a last previous logistics checkpoint that the one or more RFID tags passed before arriving at its current location; forwarding the random number and the information to the reader, the reader comprises a local database connected securely to the reader wherein a hash function, the Authenticated Facility Group ID and the location of the reader are stored at the local database at the initial distribution center; and comparing a first hash value determined from the hash function of the random number generated at the one or more RFID tags and an Authenticated Facility Group ID stored on the one or more RFID tags with a second hash value determined from the hash function of the forwarded random number and an Authenticated Facility Group ID stored in the reader at the initial distribution center, wherein if the first hash value matches the second hash value the reader at the initial distribution center is authenticated and the one or more RFID tags sends a hash of its tag ID with the Prior Location to the reader, the reader forwards the hash of its tag ID with the Prior Location to the local database where the actual tag ID is determined, if the reader is authenticated performing the steps of; forwarding to the reader a third hash value determined from the hash function of a tag ID stored at the one or more RFID tags and a Prior Location stored at the one or more RFID tags; and determining the tag ID at the reader from the forwarded third hash value, forwarding a current location ID of the reader to the one or more RFID tags and storing the forwarded current location ID as the Prior Location stored at the one or more RFID tags. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification