WO2007036901A1 - Method and device for privacy protection of rfid tags - Google Patents
Method and device for privacy protection of rfid tags Download PDFInfo
- Publication number
- WO2007036901A1 WO2007036901A1 PCT/IB2006/053541 IB2006053541W WO2007036901A1 WO 2007036901 A1 WO2007036901 A1 WO 2007036901A1 IB 2006053541 W IB2006053541 W IB 2006053541W WO 2007036901 A1 WO2007036901 A1 WO 2007036901A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- rfid
- identifier
- rfid tag
- reader
- sending
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K7/00—Methods or arrangements for sensing record carriers, e.g. for reading patterns
- G06K7/0008—General problems related to the reading of electronic memory record carriers, independent of its reading method, e.g. power transfer
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K7/00—Methods or arrangements for sensing record carriers, e.g. for reading patterns
- G06K7/10—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
- G06K7/10009—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves
- G06K7/10019—Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation sensing by radiation using wavelengths larger than 0.1 mm, e.g. radio-waves or microwaves resolving collision on the communication channels between simultaneously or concurrently interrogated record carriers.
Definitions
- the present invention relates to an apparatus and a method of controlling access to information in a radio frequency identifications (RFID) device and more particularly to techniques for increasing security and privacy related to the device.
- RFID radio frequency identifications
- a conventional RFID system typically comprises three main components, which are an RFID tag, or transponder, which is located in connection with the object to be identified and is the data carrier in the RFID system, an RFID reader, or transceiver, which may read data from and/or write data to the RFID tag, and a data processing system which in some way utilize data obtained from the transceiver.
- the RFID reader In operation the RFID reader usually continuously emits a query signal forming a query zone. When an RFID tag enters the query zone it typically responds by transmitting a unique serial number or some other identifier information to the RFID reader. Data received by the RFID reader is then communicated to a data processing system, e.g., a database running on a personal computer. Many RFID tags are passive meaning they do not have a power source but instead obtain power to operate from the query signal itself.
- Every RFID tag has a unique identifier associated with it, the identifier is impossible to change or duplicate and the manufacturer guarantees that no duplicates are present.
- the RFID tag often has a secure data area, which is optionally encrypted and transmitted to the RFID reader only when the RFID tag and the RFID reader have verified authenticity respectively.
- the unique identifier is always readable by the RFID reader, and in fact, by many other RFID readers not belonging to the RFID system of which the RFID tag is a part.
- RFID systems are frequently used in various application, such as for identification of products at the point of sale, for verification and control of different personal identification cards, credit cards etc. Another application area is hospitals were patient information including, for example, drug prescriptions, is stored on an RFID tag that is associated with the patient concerned. It has even been proposed to integrate RFID tags into currency.
- an RFID tag traditionally responds automatically to any RFID reader by indiscriminately transmitting its unique identifier
- the identifier can be scanned by anyone, anywhere, as long as it is within the query zone of the RFID reader. This makes it possible to track the movements of a specific user carrying the RFID tag and this poses a threat to consumer/user privacy and security.
- a secure and private RFID system should also, for example, avoid eavesdropping, traffic analysis and spoofing.
- a common method is to make the RFID tag more complex and to include the use of cryptographic methods such as hash lock scheme, randomized hash lock scheme or the use of a hash chains.
- cryptographic methods such as hash lock scheme, randomized hash lock scheme or the use of a hash chains.
- Another method to increase RFID security and privacy involves enclosing the RFID tag in a metal mesh or foil container that is impenetrable by radio frequency signals.
- RFID tags in such a cage.
- JP 2004192645 discloses a privacy protection method for an RFID system where the RFID tag upon a query from an RFID reader sends a fake ID number. Different fake ID's are sent every time a query is received.
- a particular object is to provide an RFID system offering increased privacy that is simple and offers low production and operational costs.
- Another object of the present invention is to provide an RFID tag and an RFID reader that are simple and offer low production and operational costs, respectively.
- a method of controlling access to information in an RFID system comprises an RFID reader communicating with a plurality of RFID tags each having a unique identifier in a secure data section of the RFID tag.
- the method comprises the steps of: sending from the RFID reader to an RFID tag a request for an identifier sending from the RFID tag to the RFID reader an identifier that is common to a plurality of RFID tags in the RFID system verifying if the common identifier equals an identifier value associated with the RFID reader sending, if the common identifier equaled the identifier value associated with the RFID reader, from the RFID reader to the RFID tag, an authentication signal, and finally, verifying, by the RFID tag, if the authentication signal is correct.
- the last step may optionally be followed by sending, if the authentication signal was correct, from the RFID tag to the RFID reader the unique identifier of the RFID tag.
- a method of information access for an RFID reader is also provided.
- RFID reader is a part of an RFID system described above and the method comprises the steps of: identifying an RFID tag within the range of the RFID reader sending a request for the RFID tag's identifier - receiving an identifier that is common to a plurality RFID tags in the RFID system, and finally, sending, if the common identifier equals an identifier value associated with the RFID reader, an authentication signal.
- This last step may optionally be followed by receiving the RFID tag's unique identifier.
- a method of information transmittal for an RFID tag is also provided.
- the RFID tag is a part of the RFID system described above, and the method comprises the steps of: receiving a request for an identifier - sending an identifier that is common to a plurality of RFID tags in the RFID system receiving an authentication signal, and finally, verifying if the authentication signal is correct.
- This last step may optionally be followed by, if the authentication signal was correct, the RFID tag's unique identifier.
- a general advantage of the invention is that it offers improved privacy at a very low increase of costs.
- every user carrying an RFID tags according to the invention is anonymous within the same group of RFID tag users. Tracking a common identifier is pointless since there is no way to tell who the real carrier is.
- the common identifier would be shared by a group of, for example, 100 or more RFID tags.
- the common identifier is also associated with the RFID reader and hence the reader recognizes RFID tags being part of the same RFID system, making it possible for the RFID reader to respond accordingly.
- Another advantage is that the invention can be incorporated with existing RFID systems without interference of any kind.
- the RFID tag Since the RFID tag responds to an RFID reader query by sending a common identifier, the RFID tag of present invention offers increased privacy at a low cost. Furthermore it is very fast and cost efficient to implement and manufacture an RFID reader belonging to present RFID system and associated with a common and yet very simple identifier. These benefits also apply to the data processing system communicating with the RFID reader.
- the method of controlling access to information in the RFID system may include representing the common identifier by a plurality of common identifiers each assigned to a group of RFID tags and being unique for the group. In other words that means that there may exist several common identifiers that are different from each other. Each common identifier is however shared by plurality of RFID tags. Accordingly the RFID reader is associated with corresponding plurality of common identifiers. It should be noted that for one RFID system application area it is preferred that only one single group of RFID tags exists, thereby giving all RFID tags in the RFID system the same common identifier.
- the method of controlling access to information in the RFID system may also include a step of encrypting an RFID tag's unique identifier before it is sent to the RFID reader. It may also include the step of collision detection of RFID tags, after the step of sending the common identifier is performed.
- Representing the common identifier by a plurality of common identifiers and/or the encryption of an RFID tag's unique identifier may also be included in the method for the RFID reader and/or RFID tag described above.
- An RFID reader, an RFID tag and an RFID system comprising the reader and tag are also provided according to appended claims. These devices/arrangements are interconnected, have the same advantages as corresponding method described above and may also be arranged with or without means for sending/receiving the unique identifier of a RFID tag.
- Fig. 1 is a schematic drawing of the RFID system
- Fig. 2 is a diagram of the method of controlling access to information in the RFID system.
- Computer program code which implements a method according to the invention, with or without program code of other functions of the RFID system, may reside in fixed or removable memory of the devices according to the invention. Basically any type of conventional memory is possible, such as a diskette, a hard drive, a semi-permanent storage chip such as a flash memory chip etc.
- the program code of the invention may also be considered as a form of transmitted signal, such as a stream of data communicated via radio frequency transmittal or via any other type of communication network.
- the system comprises a plurality of RFID tags 101 which communicate via radio frequency 105 with an RFID reader 102.
- the reader 102 communicates with at least one data processing system 104 via a network 103.
- At least one RFID tag is located in connection with an object or user to be identified and is a data carrier.
- the RFID tag can also be referred to as a transponder and consists of a microchip that processes and stores data, and a coupling element, such as a coiled antenna, used to communicate via radio frequency communication.
- the RFID tags may be either active or passive. Active tags have an integrated power supply and actively send a radio frequency signal for communication while passive tags obtain all their power from the interrogation signal of the RFID reader.
- the RFID tags preferably communicate only when interrogated by the RFID reader.
- Stored on the microchip of the RFID tag is a common identifier. In a protected section of the RFID tag a unique identifier is stored together with additional information related to the application area for the RFID system.
- the same common identifier is stored on a plurality, preferably all, RFID tags that is a part of the RFID system intended for a specific application area.
- Implemented on the microchip, as known in the art, is of course also program code for proper communication and interaction with the RFID reader.
- the RFID reader is preferably able to both read from and write data to the RFID tags.
- the RFID reader can also be referred to as a transceiver and consists of a radio frequency module, a control unit and a coupling element to interrogate the RFID tags via radio frequency communication.
- the reader is fitted with an interface that enables it to, preferably via a network, communicate its received data to a data processing system such as, for example, a database running on a personal computer.
- a data processing system such as, for example, a database running on a personal computer.
- the same common identifier that is stored in the RFID tag is also stored in the data processing system and is associated with a specific RFID reader.
- the common identifier may also be stored in a memory of the RFID reader.
- the first step is the RFID reader detecting 201 an RFID tag within its query zone.
- the next step is sending 202 from the RFID reader to the RFID tag a request for its identifier.
- the RFID tag responds by sending 203 its common identifier to the RFID reader which in turn sends the common identifier to the data processing system.
- the data processing system verifies 204 if the common identifier equals an identifier value associated with the RFID reader.
- the RFID reader may also perform this verification. If the common identifier equaled the identifier value associated with the RFID reader, the RFID reader sends 205 an authentication signal to the RFID tag.
- the authentication signal may be represented by any known kind of complete execution of an authentication protocol suitable for RFID systems.
- the RFID tag verifies 206 if the authentication signal is correct and, if it was correct, optionally sends 207 the unique identifier to the RFID reader. If any verification above is not performed, the communication between the RFID tag and RFID reader is broken.
- the common identifier is a unique number and the RFID tags always send this unique number, when requested by an RFID reader, once it has been assigned to the RFID tags.
Abstract
Technique for increased privacy of an RFID system is provided. The system comprises an RFID reader communicating with a plurality of RFID tags each having a unique identifier in a secure data section of the RFID tag. The system performs the step of sending from the RFID reader to an RFID tag a request for an identifier. After this, the RFID tag sends, to the RFID reader, an identifier that is common to a plurality of the RFID tags in the RFID system. Mutual verifications are performed and if the RFID tag and RFID reader belongs to the same RFID system, the RFID tag sends, to the RFID reader, the unique identifier of the RFID tag.
Description
Method and device for privacy protection of RFID tags
FIELD OF THE INVENTION
The present invention relates to an apparatus and a method of controlling access to information in a radio frequency identifications (RFID) device and more particularly to techniques for increasing security and privacy related to the device.
BACKGROUND OF THE INVENTION
A conventional RFID system typically comprises three main components, which are an RFID tag, or transponder, which is located in connection with the object to be identified and is the data carrier in the RFID system, an RFID reader, or transceiver, which may read data from and/or write data to the RFID tag, and a data processing system which in some way utilize data obtained from the transceiver.
In operation the RFID reader usually continuously emits a query signal forming a query zone. When an RFID tag enters the query zone it typically responds by transmitting a unique serial number or some other identifier information to the RFID reader. Data received by the RFID reader is then communicated to a data processing system, e.g., a database running on a personal computer. Many RFID tags are passive meaning they do not have a power source but instead obtain power to operate from the query signal itself.
Every RFID tag has a unique identifier associated with it, the identifier is impossible to change or duplicate and the manufacturer guarantees that no duplicates are present. The RFID tag often has a secure data area, which is optionally encrypted and transmitted to the RFID reader only when the RFID tag and the RFID reader have verified authenticity respectively. However the unique identifier is always readable by the RFID reader, and in fact, by many other RFID readers not belonging to the RFID system of which the RFID tag is a part. RFID systems are frequently used in various application, such as for identification of products at the point of sale, for verification and control of different personal identification cards, credit cards etc. Another application area is hospitals were patient information including, for example, drug prescriptions, is stored on an RFID tag that is
associated with the patient concerned. It has even been proposed to integrate RFID tags into currency.
However, since an RFID tag traditionally responds automatically to any RFID reader by indiscriminately transmitting its unique identifier, the identifier can be scanned by anyone, anywhere, as long as it is within the query zone of the RFID reader. This makes it possible to track the movements of a specific user carrying the RFID tag and this poses a threat to consumer/user privacy and security. A secure and private RFID system should also, for example, avoid eavesdropping, traffic analysis and spoofing.
There have been several approaches to increase RFID security and privacy. A simple method is a so called kill-command permanently erasing the RFID tag data. This procedure should be performed, e.g., by a clerk when a product is purchased just before it is handed over to a customer. This procedure successfully protects privacy but requires a conscious initialization and it is difficult to ensure that it was properly executed. It also diminishes several benefits with RFID tags since the tag is truly dead and can not be reactivated and thereby its further usage within the RFID system is prevented. A similar approach is to make the RFID tag self-destruct when it comes in contact with water, which is a method suitable for RFID tags intended for washable clothes.
A common method is to make the RFID tag more complex and to include the use of cryptographic methods such as hash lock scheme, randomized hash lock scheme or the use of a hash chains. These methods offer increased privacy but have several drawbacks, all of which more or less relate to a requirement for relatively large computational and data storage resources, in the RFID tag or the back end data processing system. This dramatically increases the cost of the RFID system.
Another method to increase RFID security and privacy involves enclosing the RFID tag in a metal mesh or foil container that is impenetrable by radio frequency signals.
However it is not possible to enclose all objects, for example, clothes and shoes marked with
RFID tags, in such a cage.
It is also possible to use a jamming device that actively jams radio frequency signals, either from an RFID tag transmitting information to an RFID reader or from an RFID reader that queries an RFID tag. This method is in practice not feasible since it requires a consumer to carry a jamming device which may case unwanted disturbance for other systems and may as well conflict with laws and regulations for radio frequency broadcast power levels.
JP 2004192645 discloses a privacy protection method for an RFID system where the RFID tag upon a query from an RFID reader sends a fake ID number. Different fake ID's are sent every time a query is received.
One problem with the method above is that the different fake ID's must be sorted and handled in order to properly identify what the ID tag's true ID number really is. This is associated with increased demand for computational efforts by the RFID system, which in turn inevitably leads to increased costs for the system.
In summary, the prior art has the problem of either high cost, insufficient privacy and/or is in practice unfeasible. It is therefore apparent that there is a need for improved techniques for providing increased privacy for consumers carrying RFID tags being a part of an RFID system. Computational efforts by be RFID tag, RFID reader and the back end database should be minimized in order to decrease overall costs.
SUMMARY OF THE INVENTION It is an object of the present invention to provide an improvement of the above techniques and prior art.
A particular object is to provide an RFID system offering increased privacy that is simple and offers low production and operational costs.
Another object of the present invention is to provide an RFID tag and an RFID reader that are simple and offer low production and operational costs, respectively.
These and other objects and advantages that will be apparent from the following description of the present invention are achieved by way of methods and devices according to the appended claims.
A method of controlling access to information in an RFID system is provided. The system comprises an RFID reader communicating with a plurality of RFID tags each having a unique identifier in a secure data section of the RFID tag. The method comprises the steps of: sending from the RFID reader to an RFID tag a request for an identifier sending from the RFID tag to the RFID reader an identifier that is common to a plurality of RFID tags in the RFID system verifying if the common identifier equals an identifier value associated with the RFID reader sending, if the common identifier equaled the identifier value associated with the RFID reader, from the RFID reader to the RFID tag, an authentication signal, and finally,
verifying, by the RFID tag, if the authentication signal is correct.
The last step may optionally be followed by sending, if the authentication signal was correct, from the RFID tag to the RFID reader the unique identifier of the RFID tag. A method of information access for an RFID reader is also provided. The
RFID reader is a part of an RFID system described above and the method comprises the steps of: identifying an RFID tag within the range of the RFID reader sending a request for the RFID tag's identifier - receiving an identifier that is common to a plurality RFID tags in the RFID system, and finally, sending, if the common identifier equals an identifier value associated with the RFID reader, an authentication signal.
This last step may optionally be followed by receiving the RFID tag's unique identifier.
A method of information transmittal for an RFID tag is also provided. The RFID tag is a part of the RFID system described above, and the method comprises the steps of: receiving a request for an identifier - sending an identifier that is common to a plurality of RFID tags in the RFID system receiving an authentication signal, and finally, verifying if the authentication signal is correct.
This last step may optionally be followed by, if the authentication signal was correct, the RFID tag's unique identifier.
The methods described above are interconnected and all relate to the present invention. A general advantage of the invention is that it offers improved privacy at a very low increase of costs. By several RFID tags sharing and upon request sending the same (common) identifier, every user carrying an RFID tags according to the invention is anonymous within the same group of RFID tag users. Tracking a common identifier is pointless since there is no way to tell who the real carrier is. Typically the common identifier would be shared by a group of, for example, 100 or more RFID tags. The common identifier is also associated with the RFID reader and hence the reader recognizes RFID tags being part of the same RFID system, making it possible for the RFID reader to respond accordingly.
Another advantage is that the invention can be incorporated with existing RFID systems without interference of any kind.
Since the RFID tag responds to an RFID reader query by sending a common identifier, the RFID tag of present invention offers increased privacy at a low cost. Furthermore it is very fast and cost efficient to implement and manufacture an RFID reader belonging to present RFID system and associated with a common and yet very simple identifier. These benefits also apply to the data processing system communicating with the RFID reader.
The method of controlling access to information in the RFID system may include representing the common identifier by a plurality of common identifiers each assigned to a group of RFID tags and being unique for the group. In other words that means that there may exist several common identifiers that are different from each other. Each common identifier is however shared by plurality of RFID tags. Accordingly the RFID reader is associated with corresponding plurality of common identifiers. It should be noted that for one RFID system application area it is preferred that only one single group of RFID tags exists, thereby giving all RFID tags in the RFID system the same common identifier.
The method of controlling access to information in the RFID system may also include a step of encrypting an RFID tag's unique identifier before it is sent to the RFID reader. It may also include the step of collision detection of RFID tags, after the step of sending the common identifier is performed.
Representing the common identifier by a plurality of common identifiers and/or the encryption of an RFID tag's unique identifier may also be included in the method for the RFID reader and/or RFID tag described above. An RFID reader, an RFID tag and an RFID system comprising the reader and tag are also provided according to appended claims. These devices/arrangements are interconnected, have the same advantages as corresponding method described above and may also be arranged with or without means for sending/receiving the unique identifier of a RFID tag.
BRIEF DESCRIPTION OF THE DRAWINGS
Embodiments of the present invention will now be described, by way of example, with reference to the accompanying schematic drawings, in which:
Fig. 1 is a schematic drawing of the RFID system, and
Fig. 2 is a diagram of the method of controlling access to information in the RFID system.
DESCRIPTION OF PREFERRED EMBODIMENTS An RFID system providing increased privacy will now be described with reference to the appended drawing. It should be noted, however, that no detailed description will be made of the RFID system as such. It is also to be noted that no detailed description will be made of any specific user communication interface, as it would depend on the specific type of RFID system for which the invention is implemented, as the skilled person will understand.
Computer program code, which implements a method according to the invention, with or without program code of other functions of the RFID system, may reside in fixed or removable memory of the devices according to the invention. Basically any type of conventional memory is possible, such as a diskette, a hard drive, a semi-permanent storage chip such as a flash memory chip etc. The program code of the invention may also be considered as a form of transmitted signal, such as a stream of data communicated via radio frequency transmittal or via any other type of communication network.
Turning now to Fig. 1 illustrating the RFID system, the system comprises a plurality of RFID tags 101 which communicate via radio frequency 105 with an RFID reader 102. The reader 102 communicates with at least one data processing system 104 via a network 103.
At least one RFID tag is located in connection with an object or user to be identified and is a data carrier. The RFID tag can also be referred to as a transponder and consists of a microchip that processes and stores data, and a coupling element, such as a coiled antenna, used to communicate via radio frequency communication. The RFID tags may be either active or passive. Active tags have an integrated power supply and actively send a radio frequency signal for communication while passive tags obtain all their power from the interrogation signal of the RFID reader. The RFID tags preferably communicate only when interrogated by the RFID reader. Stored on the microchip of the RFID tag is a common identifier. In a protected section of the RFID tag a unique identifier is stored together with additional information related to the application area for the RFID system. The same common identifier is stored on a plurality, preferably all, RFID tags that is a part of the RFID system intended for a specific application area. Implemented on the microchip, as
known in the art, is of course also program code for proper communication and interaction with the RFID reader.
The RFID reader is preferably able to both read from and write data to the RFID tags. The RFID reader can also be referred to as a transceiver and consists of a radio frequency module, a control unit and a coupling element to interrogate the RFID tags via radio frequency communication. The reader is fitted with an interface that enables it to, preferably via a network, communicate its received data to a data processing system such as, for example, a database running on a personal computer. The same common identifier that is stored in the RFID tag is also stored in the data processing system and is associated with a specific RFID reader. The common identifier may also be stored in a memory of the RFID reader.
It should be noted that all hardware components constituting the RFID system are familiar for the skilled person and will hence not be further described.
Turning now to Fig 2, during normal and complete operation for controlling access to information in the RFID system, the first step is the RFID reader detecting 201 an RFID tag within its query zone. The next step is sending 202 from the RFID reader to the RFID tag a request for its identifier. The RFID tag responds by sending 203 its common identifier to the RFID reader which in turn sends the common identifier to the data processing system. The data processing system verifies 204 if the common identifier equals an identifier value associated with the RFID reader. The RFID reader may also perform this verification. If the common identifier equaled the identifier value associated with the RFID reader, the RFID reader sends 205 an authentication signal to the RFID tag. The authentication signal may be represented by any known kind of complete execution of an authentication protocol suitable for RFID systems. After this step, the RFID tag verifies 206 if the authentication signal is correct and, if it was correct, optionally sends 207 the unique identifier to the RFID reader. If any verification above is not performed, the communication between the RFID tag and RFID reader is broken.
Preferably the common identifier is a unique number and the RFID tags always send this unique number, when requested by an RFID reader, once it has been assigned to the RFID tags.
It is also possible to include encryption, by the RFID tag, of the RFID tag's unique identifier before it is sent to the RFID reader. In this case decryption in a later step is performed by the data processing system or optionally by the RFID reader. It is further preferred to implement detection collision for RFID tags simultaneously communicating with
the RFID reader. Both encryption and collision detection per se are done according to known prior art.
Claims
1. A method of information access for an RFID reader being a part of an RFID system, in which system the RFID reader communicates with a plurality of RFID tags each having a unique identifier in a secure data section of the RFID tag, said method comprising the steps of: - identifying an RFID tag within the range of the RFID reader,
- sending a request for the RFID tag's identifier,
- receiving an identifier that is common to a plurality RFID tags in the RFID system, and
- sending, if the common identifier equals an identifier value associated with the RFID reader, an authentication signal.
2. The method of claim 1, further followed by the step of receiving the RFID tag's unique identifier.
3. The method of claim 1 or 2, wherein the common identifier is assigned to a group of RFID tags and being unique for the group.
4. The method of any one of claims 1-3, wherein said step of receiving the unique identifier involves receiving the unique identifier in an encrypted form.
5. An RFID reader for information access being a part of an RFID system, in which system the RFID reader is arranged to communicate with a plurality of RFID tags each having a unique identifier in a secure data section of the RFID tag, said RFID reader comprising: - means for identifying an RFID tag within the range of the RFID reader,
- means for sending a request for the RFID tag's identifier,
- means for receiving an identifier that is common to a plurality of RFID tags in the RFID system,
- means for sending, if the common identifier equals an identifier value associated with the RFID reader, an authentication signal, and
- means for receiving the RFID tag's unique identifier.
6. A method of information transmittal for an RFID tag being a part of an RFID system, in which system an RFID reader communicates with a plurality of RFID tags each having a unique identifier in a secure data section of the RFID tag, said method comprising the steps of:
- receiving a request for an identifier,
- sending an identifier that is common to a plurality of RFID tags in the RFID system,
- receiving an authentication signal, and
- verifying if the authentication signal is correct.
7. The method of claim 6, further followed by the step of sending, if the authentication signal was correct, the RFID tag's unique identifier.
8. The method of claim 6 or 7, wherein the common identifier is assigned to a group of RFID tags and being unique for the group.
9. The method of any one of claims 6-8, wherein said step of sending the unique identifier involves encrypting the unique identifier.
10. An RFID tag for information transmittal being a part of an RFID system, in which system an RFID reader communicates with a plurality of RFID tags each having a unique identifier in a secure data section of the RFID tag, said RFID tag comprising:
- means for receiving a request for an identifier,
- means for sending an identifier that is common to a plurality of RFID tags in the RFID system,
- means for receiving an authentication signal, - means for verifying if the authentication signal is correct, and
- means for sending, if the authentication signal was correct, the RFID tag's unique identifier.
11. A method of controlling access to information in an RFID system, which system comprises an RFID reader communicating with a plurality of RFID tags each having a unique identifier in a secure data section of the RFID tag, said method comprising the steps of: - sending from the RFID reader to an RFID tag a request for an identifier,
- sending from the RFID tag to the RFID reader an identifier that is common to a plurality of RFID tags in the RFID system,
- verifying if the common identifier equals an identifier value associated with the RFID reader, - sending, if the common identifier equaled the identifier value associated with the RFID reader, from the RFID reader to the RFID tag, an authentication signal, and
- verifying, by the RFID tag, if the authentication signal is correct.
12. The method of claim 11, further followed by the step of sending, if the authentication signal was correct, from the RFID tag to the RFID reader, the unique identifier of the RFID tag.
13. The method of claim 11 or 12, wherein the common identifier is represented by a plurality of common identifiers each assigned to a group of RFID tags and being unique for the group.
14. The method of any one of claims 11-13, wherein said step of sending the unique identifier involves encrypting the unique identifier.
15. The method of any one of claims 11-14, wherein said step of sending the common identifier is followed by collision detection of RFID tags.
16. An RFID system comprising an RFID reader according to claim 5 and a plurality of RFID tags according to claim 10, wherein the RFID system has means for verifying if the RFID tag's common identifier equals an identifier value associated with the RFID reader.
17. An RFID system according to claim 16, wherein the RFID reader is connected to data processing system, said data processing system comprising a network or a server or data processing device or a combination thereof.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP05109116.3 | 2005-09-30 | ||
EP05109116 | 2005-09-30 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2007036901A1 true WO2007036901A1 (en) | 2007-04-05 |
Family
ID=37741177
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2006/053541 WO2007036901A1 (en) | 2005-09-30 | 2006-09-28 | Method and device for privacy protection of rfid tags |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2007036901A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2446012A (en) * | 2007-01-25 | 2008-07-30 | Core Control Internat Ltd | Active radio frequency identification of a plurality of tag transponders |
WO2014158596A1 (en) * | 2013-03-14 | 2014-10-02 | Covidien Lp | Rfid secure authentication |
US11213773B2 (en) | 2017-03-06 | 2022-01-04 | Cummins Filtration Ip, Inc. | Genuine filter recognition with filter monitoring system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040066278A1 (en) * | 2002-10-04 | 2004-04-08 | Hughes Michael A. | Challenged-based tag authentication medel |
US20040075562A1 (en) * | 2002-10-11 | 2004-04-22 | Thomas Land | Zone detection locator |
US20040118930A1 (en) * | 2001-07-10 | 2004-06-24 | American Express Travel Related Services Company, Inc. | Transparent transaction card |
US20050035860A1 (en) * | 2003-08-11 | 2005-02-17 | Accenture Global Services Gmbh. | Manufactured article recovery system |
-
2006
- 2006-09-28 WO PCT/IB2006/053541 patent/WO2007036901A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040118930A1 (en) * | 2001-07-10 | 2004-06-24 | American Express Travel Related Services Company, Inc. | Transparent transaction card |
US20040066278A1 (en) * | 2002-10-04 | 2004-04-08 | Hughes Michael A. | Challenged-based tag authentication medel |
US20040075562A1 (en) * | 2002-10-11 | 2004-04-22 | Thomas Land | Zone detection locator |
US20050035860A1 (en) * | 2003-08-11 | 2005-02-17 | Accenture Global Services Gmbh. | Manufactured article recovery system |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2446012A (en) * | 2007-01-25 | 2008-07-30 | Core Control Internat Ltd | Active radio frequency identification of a plurality of tag transponders |
GB2446012B (en) * | 2007-01-25 | 2009-04-22 | Core Control Internat Ltd | Apparatus for active radio frequency identification of a plurality of tag transponders |
WO2014158596A1 (en) * | 2013-03-14 | 2014-10-02 | Covidien Lp | Rfid secure authentication |
US9489785B2 (en) | 2013-03-14 | 2016-11-08 | Covidien Lp | RFID secure authentication |
US9774455B2 (en) | 2013-03-14 | 2017-09-26 | Covidien Lp | RFID secure authentication |
US10298403B2 (en) | 2013-03-14 | 2019-05-21 | Covidien Lp | RFID secure authentication |
US11213773B2 (en) | 2017-03-06 | 2022-01-04 | Cummins Filtration Ip, Inc. | Genuine filter recognition with filter monitoring system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10916114B1 (en) | Exit-code-based RFID loss-prevention system | |
US20090033464A1 (en) | Transponder with access protection and method for access to the transponder | |
EP1755061B1 (en) | Protection of non-promiscuous data in an RFID transponder | |
US8296852B2 (en) | Transponder, RFID system, and method for RFID system with key management | |
US8368516B2 (en) | Secure data exchange with a transponder | |
US7786866B2 (en) | Radio frequency identification (RFID) system that meets data protection requirements through owner-controlled RFID tag functionality | |
KR101813658B1 (en) | RFID based genuine product certification service system and method using cipher update algorithm for forgery prevention | |
CN101346728B (en) | Collaborating RFID devices | |
US20110068894A1 (en) | Method for authenticating an rfid tag | |
EP1547008A1 (en) | A challenge-response-based tag and reader authentication system and method | |
US9607286B1 (en) | RFID tags with brand protection and loss prevention | |
CN103281189A (en) | Light weight class safe protocol certification system and method for radio frequency identification equipment | |
KR102293888B1 (en) | RFID based genuine product certification service system using cipher update algorithm of certification key for forgery prevention to use distributed ledger stored in RFID key storage | |
US20050134436A1 (en) | Multiple RFID anti-collision interrogation method | |
WO2006030344A1 (en) | Rf transponder for off-line authentication of a source of a product carrying the transponder | |
CN103516517A (en) | Production method, RFID transponder, authentication method, and reader device | |
WO2007036901A1 (en) | Method and device for privacy protection of rfid tags | |
CN110546639A (en) | certified product authentication service system and method based on wireless radio frequency identification of password updating algorithm for anti-counterfeiting | |
EP2286373B1 (en) | Reader and transponder for obscuring the applications supported by a reader and/or a transponder and method thereof | |
KR101053636B1 (en) | Encryption/decryption method and system for rfid tag and reader using multi algorithm | |
Sabzevar | Security in RFID Systems | |
CN113988103B (en) | RFID identification method based on multiple tags | |
US11398898B2 (en) | Secure RFID communication method | |
Dimitriou | RFID security and privacy | |
المهدي عبدالسلام عجال et al. | Networked Radio Frequency identification Systems Security and Privacy Issues |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 06821162 Country of ref document: EP Kind code of ref document: A1 |