Various electronic equipment or devices can communicate using wireless links. A popular technology for communication with low-power portable devices is radio frequency identification (RFID). Standardized RFID technology provides communication between an interrogator (or “reader”) and a “tag” (or “transponder”), a portable device that transmits an information code or other information to the reader. Tags are generally much lower-cost than readers. RFID standards exist for different frequency bands, e.g., 125 kHz (LF, inductive or magnetic-field coupling in the near field; approximately 2400 m wavelength), 13.56 MHz (HF, inductive coupling 22 m), 433 MHz (70 cm), 860-960 MHz (UHF, e.g., 915 MHz or 33 cm, RF coupling beyond the near field), 2.4 GHz (12.5 cm), or 5.8 GHz (5 cm). Tags can use inductive, capacitive, or RF coupling (e.g., backscatter, discussed below) to communicate with readers. Although the term “reader” is commonly used to describe interrogators, “readers” (i.e., interrogators) can also write data to tags and issue commands to tags. For example, a reader can issue a “kill command” to cause a tag to render itself permanently inoperative.
Radio frequency identification systems are typically categorized as either “active” or “passive.” In an active RFID system, tags are powered by an internal battery, and data written into active tags can be rewritten and modified. In a passive RFID system, tags operate without an internal power source, instead being powered by received RF energy from the reader. “Semi-active” or “semi-passive” tags use batteries for internal power, but use power from the reader to transmit data. Passive tags are typically programmed with a unique set of data that cannot be modified. A typical passive RFID system includes a reader and a plurality of passive tags. The tags respond with stored information to coded RF signals that are typically sent from the reader. Further details of RFID systems are given in commonly-assigned U.S. Pat. No. 7,969,286 to Adelbert, and in U.S. Pat. No. 6,725,014 to Voegele, both of which are incorporated herein by reference.
In a commercial or industrial setting, tags can be used to identify containers of products used in various processes. A container with a tag affixed thereto is referred to herein as a “tagged container.” Tags on containers can carry information about the type of products in those containers and the source of those products. For example, as described in the GS1 EPC Tag Data Standard ver. 1.6, ratified Sep. 9, 2011, incorporated herein by reference, a tag can carry a “Serialized Global Trade Item Number” (SGTIN). Each SGTIN uniquely identifies a particular instance of a trade item, such as a specific manufactured item. For example, a manufacturer of cast-iron skillets can have, as a “product” (in GS1 terms) a 10″ skillet. Each 10″ skillet manufactured has the same UPC code, called a “Global Trade Item Number” (GTIN). Each 10″ skillet the manufacturer produces is an “instance” of the product, in GS1 terms, and has a unique Serialized GTIN (SGTIN). The SGTIN identifies the company that makes the product and the product itself (together, the GTIN), and the serial number of the instance. Each box in which a 10″ skillet is packed can have affixed thereto an RFID tag bearing the SGTIN of the particular skillet packed in that box. SGTINs and related identifiers, carried on RFID tags, can permit verifying that the correct products are used at various points in a process.
However, RFID tags in general, and specifically passive tags, often do not have enough processing power or memory to perform cryptographic authentication or authorization functions, such as secure hashing with time-varying salt. Consequently, every read of a tag returns the same data. As a result, RFID systems can be vulnerable to attacks in which a rogue (non-authorized) reader placed near a tag reads and stores that tag's data. This process is called “skimming,” and such rogue readers are referred to as “skimmers.” The skimmer can later replay the stored data (a “replay attack”) to pretend to be the skimmed tag (“spoofing”). This can result in incorrect products being used in industrial or commercial processes, or mishandled inventory in a retail environment, possibly resulting in lost productivity or wasted product. Skimmers can actively interrogate RFID tags, or passively wait and record data sent by tags being interrogated by authorized readers. In other cases, skimmers can passively record the data transfers by which an authorized reader opens a communications session with an RFID tag. The skimmer can then use this information to open a communications session with the RFID tag and make unauthorized changes to data stored on the tag.
Various schemes have been proposed to reduce vulnerability of RFID systems to skimmers. U.S. Patent Publication No. 2009/0174556 by Home et al. describes an RFID blocker that disrupts an RFID reader's signal to a tag when the blocker is physically near the tag. However, the blocker will disrupt all accesses, not just unauthorized access. In another scheme, U.S. Patent Publication No. 2009/0021343 by Sinha describes jamming or spoofing skimmers, either using authorized electronics or intrusion-prevention tags, in response to intrusions or policy violations. U.S. Pat. No. 7,086,587 to Myllymaki describes RFID readers that can detect unauthorized tags, and tags that can detect unauthorized readers. However, none of these schemes reduces the probability of passive monitoring by a skimmer during an authorized read of the tag. Moreover, tags affixed to objects are often used in factory or retail contexts in which a large number of tagged instances or packages (e.g., as described in U.S. Patent Publication No. 2009/0302972) carry RFID tags. This can result in contention between tags for the bandwidth, reducing the number of tags that can be read in a certain amount of time. For example, U.S. Patent Publication No. 2010/0265302 describes RFID tags on liquid ink containers. However, this reference does not recognize difficulties that can be encountered in reading RFID tags attached to RF-attenuating containers of liquid. Moreover, containers can come in various sizes and shapes, which can require adjusting antenna directions and gains to read at a desired rate of read success. Various prior-art schemes use readers with directional antennas to reduce the area of operation in which a skimmer can detect that a read is in progress.
U.S. Patent Publication No. 2010/0102969 describes a “Faraday shield” that reduces reading of unwanted RFID objects. This shield affects the radiation pattern of the antennas to reduce their power in the direction of the unwanted objects, but does not control access to tags in the direction of wanted objects. Consequently, an unwanted rogue tag, which could be active instead of passive, and thus much higher-powered than a standard tag, could still be accessed by the reader. Moreover, the shield might increase gain in the wanted direction, making it easier for an attacker to place a rogue tag within range of the reader.
U.S. Patent Publication No. 2009/0174556 by Home et al. describes an RFID blocker that disrupts an RFID reader's signal to a tag when the blocker is physically near the tag. However, the blocker will disrupt all accesses, not just unauthorized access. Moreover, this scheme requires the blocker and the tag be moved apart from each other to access the tag.
There is a continuing need, therefore, for a way of controlling access to RFID tags located in known positions, e.g., attached to containers.
U.S. Pat. No. 8,025,228 describes distribution of products in a restricted access unit near the customer. Products are equipped with RF tags. A plurality of RF tagged products is placed within a cabinet that has a door or opening that can detect access to the cabinet. One or more antennas are positioned within the door. Each antenna may have a transmission line of sight and be configured to emit a signal at predefined frequencies. Each antenna generates an electromagnetic field within the micro-warehouse. In one embodiment, the products are positioned in one or more bins, compartments, or similar devices located within the micro-warehouse such that at least two of the plurality of products are spaced a distance from each other to reduce energy sharing. The electromagnetic field is moved or altered within the micro-warehouse through the use of reflectors, devices that move the antennas, or other mechanisms. However, this scheme is not applicable to environments such as retail stockrooms or production lines in which the tagged items are not confined in a cabinet.
Similar problems exist with reading tags in production environments. Tagged instances or containers, e.g., medicine bottles, are often carried along conveyors through various manufacturing steps on an assembly line. Communicating with the correct tag, especially when instances are closely spaced on the conveyor, can be difficult. It is known to pass instances through a conductive tunnel open at the ends. If the length of the tunnel is long compared to the wavelength of the RF signal, not much signal will enter the tunnel. Gaps can be opened in the tunnel at locations where RFID communication should take place. However, tunnels can be very long for LF or HF RFID operation. Tunnels also restrict access to the conveyor or instances on it, making service and visual inspection more difficult. Other schemes are described in U.S. Pat. Nos. 7,336,167 and 7,859,408, and U.S. Patent Publication No. 2012/0037696, the disclosures of which are incorporated herein by reference.
There is, therefore, a continuing need for ways of reading RFID tags securely, in tag-rich environments.