1. Field of the Invention
Our invention relates generally to radio-frequency identification (“RFID”) systems and, in particular, to a method and apparatus for linking an RFID tag to an associated object while addressing issues of privacy and authentication.
2. Description of the Related Art
In general, in the descriptions that follow, we will italicize the first occurrence of each special term of art which should be familiar to those skilled in the art of radio frequency (“RF”) communication systems. In addition, when we first introduce a term that we believe to be new or that we will use in a context that we believe to be new, we will bold the term and provide the definition that we intend to apply to that term. In addition, throughout this description, we will sometimes use the terms assert and negate when referring to the rendering of a signal, signal flag, status bit, or similar apparatus into its logically true or logically false state, respectively, and the term toggle to indicate the logical inversion of a signal from one logical state to the other. Alternatively, we may refer to the mutually exclusive boolean states as logic_0 and logic_1. Of course, as is well know, consistent system operation can be obtained by reversing the logic sense of all such signals, such that signals described herein as logically true become logically false and vice versa. Furthermore, it is of no relevance in such systems which specific voltage levels are selected to represent each of the logic states.
As is known, a radio frequency identification (“RFID”) system may include multiple tags and at least one reader. Shown in FIG. 1 is prior art RFID system 10 which includes a single, exemplary tag 12 and a reader 14. Tag 12, at a minimum, includes an integrated circuit (not shown) for storing and processing information, and an antenna circuit (not shown) for exchanging data with reader 14. At a minimum, the integrated circuit of tag 12 implements a unique identifier (“ID”) 18 and control logic (not shown) adapted to facilitate the operation of tag 12 in RFID system 10. Depending on the manufacturing technology selected to implement tag 12, ID 18 may be implemented using any of the known types of persistent memory, such as read-only memory (“ROM”), programmable ROM (“PROM”), ultra-violet erasable PROM (“UV-PROM”), electrically-erasable PROM (“EE-PROM”), fast EE-PROM (“FLASH”), or the like. As may be desired, ID 18 may be as simple as a unique binary bit string or as complex as an Electronic Product Code (“EPC”) as specified, e.g., by the EPCglobal Tag Data Standards (currently at Version 1.4) and as used in many passive UHF RFID applications. As is known, the nature of ID 18 will be system specific and will, in general, be determined by a host system adapted to manage the RFID system 10.
In the illustrated form, the integrated circuit of tag 12 further includes a store 16 adapted to store a system-specific data object, hereinafter referred to as data object 20. Depending on the application, store 16 may be implemented using any of the known types of persistent memory, which may or may not be the same type as selected to implement the ID 18. Data object 20 may include such information as the name of the manufacturer, product details, pricing information, and the like. As is known, the nature of data object 20 will be system specific and will, in general, be determined by the host system.
During normal operation, reader 14 interrogates tag 12 [illustrated in FIG. 1 as transaction 1], and receives ID 18 and data object 20 from tag 12 [transaction 2]. Depending on the application, tag interrogation may comprise one or more transaction cycles. For example, in one application, tag 12 can be adapted to provide both ID 18 and data object 20 to reader 14 during a single transaction cycle. Alternatively, tag 12 can be adapted to provide ID 18 during a first transaction cycle, and to provide data object 20, if at all, during a second transaction cycle.
As is known, any of various security procedures may be employed within reader 14 to validate the ID 18 received from tag 12, and within tag 12 to verify that the reader 14 is entitled to receive the data object 20. If necessary, store 16 can be adapted to store any required control or security information. In addition, the integrated circuit of tag 12 may include special-purpose security logic, such as hash table logic and random number generation logic, to control access to data object 20.
As explained in “The Promising but Plodding RFID Industry”, Stanford Group Company, 1 Apr. 2008, (“Stanford Paper”), a copy of which is submitted herewith and incorporated herein in its entirety by reference:                “Radio Frequency Identification (RFID) technology promises to be a transformational technology, replacing barcodes and other supply chain management technologies with cheap chip-based tags that can be instantaneously and accurately read from significant distances.” [p. 1]        “Radio Frequency Identification (‘RFID’) technology refers to a wide range of microchip-based systems that can transmit and sometimes receive information via wireless interfaces.” [p. 5]        “Ranging from sophisticated government ID cards to simple asset tracking tags, RFID chips are available in a large variety of formats and security configurations, with each ‘flavor’ of RFID chip tailored specifically for certain applications.” [p. 5]        
The Stanford Paper discusses a tag as being “applied to or incorporated into a product, animal, or person for the purpose of identification and tracking using radio waves”. Far field tags, defined as operating at a distance less than 12 meters from the reader, and near field tags, defined as operating at a distance less than 0.5 meters from the reader may be used. Tags are initially powered down and will wake up upon receipt of a sufficiently strong RF signal. A brief summary of this prior art process is presented on page 7 of the Stanford Paper. The Stanford Paper then went on to note:                “Moreover, at last month's DoD RFID Summit, the Army described its plans to shift away from the data-rich tags that it currently buys . . . and instead migrate to ‘license plate tags’ that simply contain a unique number which ties to information about a container in a DoD database. The basic concept is to get away from having information across a distributed network and instead simply use the tags as a pointer to information in a centralized network. The end goal: cheaper tags available from multiple vendors . . . .” [p. 16]        
As shown in FIG. 2, a prior art RFID system 10A might include a tag 12A, a reader 14A, and a store 16A. During operation, reader 14A, at a minimum, interrogates tag 12A [illustrated in FIG. 2 as transaction 1], and receives ID 18A from tag 12A [transaction 2]. Reader 14A then provides ID 18A to store 16A [transaction 3], and receives data object 20A from store 16A [transaction 4]. As is known, any of various security procedures may be employed within reader 14A to validate the ID 18A stored on tag 12A, and within store 16A to verify that the reader 14A is entitled to receive data object 20A. In this embodiment, tag 12A is dumb, i.e., it stores no data, per se, but simply includes the unique tag ID 18A comprising information sufficient to access data object 20A now stored in store 16A. In a typical commercial application, data object 20A will typically include vendor identification information, product details, pricing and availability, etc. In a distributed network implementation, vendor-provided data object 20A may be stored locally within the reader 14A, i.e., store 16A would be integrated into reader 14A. Alternatively, in a centralized network implementation, vendor-provided data object 20A may be stored at a remote store 16A, typically provided by the vendor or an independent service provider (“ISP”). In both configurations, a public communication network, such as plain old telephone service (“POTS”) or the Internet, provides a suitable medium for data distribution. In both types of systems, however, sufficient information is provided by tag 12A to directly access the respective data object 20A.
As is known, objects may be accessed via a Uniform Resource Identifier (“URI”). A URI may comprise a Uniform Resource Locator (“URL”), a Uniform Resource Name (“URN”), or a Uniform Resource Characteristic (“URC”). Each plays a specific role within the URI scheme, namely: (i) URLs are used for locating or finding resources; (ii) URNs are used for identification; and (iii) URCs are used for including meta-information. Although the term typically refers to communication on the World Wide Web (“WWW”), it can also comprise communication over a general network. For example, a URI comprising an International Standard Book Number (“ISBN”) number may be used to retrieve a book stored in electronic form in store 16A, or a URL comprising a web link may be used to retrieve a web page stored in electronic form (or dynamically generated) in store 16A.
As is known, prior art RFID systems have several disadvantages. One such disadvantage is that smart tags tend to be relatively expensive and complex, and yet, in general, still have insufficient on-tag storage capacity to accommodate the continuously-increasing data payload. Distributed RFID databases are typically complex, difficult to understand, and time-consuming to maintain. Further, sensitive data is difficult to distribute reliably and difficult to maintain securely at all locations where the data may be stored.
Yet another disadvantage is in the area of security. In general, security issues fall into two basic categories for RFID systems: (i) privacy; and (ii) authentication. Privacy issues include the case of unauthorized readers harvesting information from valid tags. In general, RFID tags silently respond to interrogation by a reader, i.e., without express notification to any party. Often, the unique ID for the tag will comprise manufacturer, product, and serial number information. Thus, without proper security, clandestine scanning of information is a plausible threat. This threat becomes particularly sensitive when personal or proprietary information is included with the RFID tag id, or when the RFID tag id can be readily associated with that information.
Authentication issues can arise when a reader harvests information from counterfeit tags. In general, RFID tags are vulnerable to copy and counterfeit techniques because scanning and replicating tags and tag ids requires relatively little money or expertise. For example, an EPC is a well-defined bit string, easily copied like any other, and simple to emulate via a personal computer (“PC”) equipped to transmit the counterfeit codes.
In an attempt to eliminate these and other security threats, much has been done to utilize existing security methods such as passwords defined by the International Organization for Standardization (“ISO”), public key encryption, and other forms of cryptographic security. However, many such techniques add complexity and cost to the RFID tags. Optimally, to enable secure large-scale, item-level tagging, one would want to see the cost of the RFID tag driven down below what it is currently today.
These and related issues are discussed in the Parent Provisional. As a result of these and related problems, RFID technology adoption has been far slower than originally anticipated and desired. We submit that what is needed is a more efficient, reliable, and secure system for linking a tag to a corresponding object.