1. Field of the Invention
The present invention relates to a system and method for communicating securely in a system including Radio Frequency Identification (RFID) tags and RFID readers.
2. Description of Related Art
Security is as much an art as it is science and mathematics. The mathematics provides development of secure algorithms for authentication, encryption and hashing which are mathematically proven to withstand attempts of others to uncover the underlying secret. Industry tested algorithms are well known in the security community. The art of security is applying these algorithms in a way that withstands attempts of others to uncover the underlying secret while making the secret available to those that need it and are authorized to have it.
Security in the Wireless Fidelity—802.11 WLAN certified by the WiFi Alliance (WiFi) is illustrative of issues in security from implementation. With encryption and authentication technologies such as VPNs, WiFi Protected Access (WPA) and 802.11i, WiFi services are secure. On a technical level, the IEEE 802.11 standard solves the problems with wireless LAN security. However, the technical advances are not always implemented. Problems with WiFi security typically result from a failure to upgrade to the latest encryption and authentication technologies due to cost, complexity and/or logistics reasons.
Radio Frequency Identification (RFID) tags and the wireless infrastructure for tag communication have become technologies for providing in-transit visibility for military and commercial logistics pipelines. Active RFID technology consists of battery powered RFID tags with resident data (128k) operating at unlicensed short-range commercial frequencies and a supporting infrastructure of interrogating antennas and handheld readers at hundreds of logistic nodes worldwide. RFID privacy and security breaches are known to occur world-wide.
U.S. Pat. No. 6,842,106 describes a system for securing communications in an RFID system comprised of sending, from the reader, a message to the tag; the tag, in response to the message, generating a challenge value and sending that challenge value back to the reader. The reader and the tag simultaneously perform a mathematical operation on the challenge value, the reader sends the challenge reply and the tag compares the challenge reply to its own computation. If they match, the reader is authenticated to the tag. Challenge-response authentication schemes like this one are well known to the industry. The patent has the limitation that it does not make use of the added security of user-defined reader group authentication codes at the point of origin or the knowledge of the prior read location for masking the tag information even after reader authentication has occurred. In addition, the patent does not provide any protection against eavesdropping in the area of an authenticated reader because the tag information is not masked once a reader is authenticated.
U.S. Pat. No. 7,108,177 describes the use of a secured or unsecured RFID tag as a means of identifying a user and allowing the user access to online resources if he or she brings the RFID device into RF range of the interrogating device. This is much like a “RF” password or access card. It also does not address secure communication between an RFID tag and a reader.
U.S. Patent Application Publication No. 2005/0058292 describes methods and apparatuses for providing secure two-way RFID communication by encrypting the RF carrier signal by modulating it with signals unknown to an unintended or unauthorized recipient (e.g., noise). A tag receives the noise-encrypted RF signal and backscatter modulates it with tag information. The noise encryption makes the tag information unreadable by eavesdroppers.
U.S. Patent Application Publication No. 2005/0123133 describes methodology and circuitry for the secure exchange of random numbers through the use of a unique tag password, which can correspond to the tag serial number, that is also known to the reader; for authenticating a data source using cyclical redundancy check (CRC) on encrypted data; for generating a seedless pseudo-random number; and for generating data encryption coding with variable clocking.
The above described patents concern using RFID devices as access tokens or implementing security technology on RFID systems such as through standard industry challenge response mechanisms, through the availability of RF noise, and through the use of random number exchanges and passwords, CRC and variable clocking mechanisms.
While security algorithms are well known in the industry, means of cost efficiently and technology-effectively implementing them has hampered their application. It is desirable to provide an improved method and system for providing comprehensive security in an RFID system.