1. Field of the Invention
The present invention relates to automated computing, and deals more particularly with techniques for encoding ownership transfer transactions directly onto a product (such as by using radio-frequency identification, or “RFID”, technology) in a secure manner.
2. Description of the Related Art
Electronic article surveillance (“EAS”) technologies have been used for many years to protect assets and merchandise from theft. The basic principle behind most prior-art EAS systems includes using a transmitter to create an electromagnetic field across a store's exit area and a receiver than can detect variations in the field. Small tuned circuits or magnetic material inside security tags that pass through the exit modify the field enough for the receiver to detect the change and activate an alarm. A retailer typically attaches the security tags to high-risk items, and the EAS notifies him or her when a tag passes through the exit field. The security tag must be removed or deactivated at the point of sale to prevent the alarm from sounding.
More recently, a new technology called Radio Frequency Identification, or “RFID”, has been introduced for labeling items of merchandise and tracking their physical location, and may be used from manufacturing through distribution and retail sale. RFID differs from passive EAS technologies in several important ways. An RFID tag includes both passive elements (an antenna) and active elements (typically a read-write data memory, control circuitry, and a radio frequency transponder). RFID tags are typically not self-powered, but may receive their power via capacitative coupling from an external radio frequency source. When brought into proximity with an RFID reader at a typical effective distance of about 1 centimeter to 5 meters (depending on the type of tag), the RFID tag receives sufficient power for clocking the semiconductor and analog portions comprising its transponder, control circuits, and data memory through enough clock cycles that the tag can return the data bits from its memory as a digitally-encoded radio frequency signal. This is advantageous because the tag can be read (or written) from a distance without the necessity of line-of-sight, as had been required to read a bar code with a laser scanner.
A representative RFID tag 100 of the prior art is illustrated in FIG. 1, showing a coiled antenna 120 (which in this example takes on a generally square shape) embodied on some type of substrate 130. The tag 100 includes an integrated circuit 110 containing non-volatile memory, logic circuitry, and communications circuitry. This integrated circuit is attached to antenna 120, which may be implemented as an inductor coil. The substrate 130 onto which the electronic equipment is fabricated may be, for example, a clear, flexible film.
The capacity of an RFID tag's data memory today is typically 5 to 256 bytes. The memory typically stores an Electronic Product Code or “EPC” that assigns a searchable number to each object that bears an RFID tag. Whereas the Universal Product Code or “UPC” commonly used in bar-coding applications identifies a product only by product type, an EPC goes farther and identifies a consumer product individually. Present versions of the EPC use 96 bits of information: an 8-bit header, two sets of 24 bits identifying the manufacturer and product type, and a 40-bit serial number. Ninety-six bits encode enough information to uniquely identify trillions of objects. (See “Beyond the Bar Code” and companion article “What's My Number” by Charlie Schmidt, Technology Review Magazine, March 2001, p. 80–85.)
Rather than an EPC, an RFID tag of the prior art may bear an item SKU (“stock-keeping unit”) and a unique item serial number. An SKU is an identifier used for categorizing products, for example by item type. The serial number may be globally unique, or unique within the SKU number. A combination of SKU and serial number may therefore be used to uniquely identify a particular item of that particular type. References herein to using an EPC on an RFID tag are therefore by way of illustration and not of limitation. Whether using an EPC or an SKU with serial number with an RFID tag, this identifying information is stored in the small memory area on the RFID tag.
RFID technology has generally been utilized for inventory control (e.g., in a warehouse, manufacturing, or distribution facility) and for item identification at the point of sale as an improvement over today's nearly-ubiquitous laser-scanned bar codes. The use of RFID to deter theft has been suggested in several contexts. Notably, early RFID literature suggested that RFID could prevent employees from stealing items from a store's inventory by improving inventory control. The literature also suggested that RFID could deter theft in the distribution chain between the manufacturer and retailer by actively monitoring inventory in trucks and shipping containers to ensure that merchandise was not diverted to unintended destinations.
The passive transponder in an RFID chip can return a series of bits, such as the EPC, on command. Some kinds of RFID tags are also updateable, providing a small amount of read/write storage. With reference to FIG. 1, for example, when the tag 100 is subjected to a radio-frequency signal, the integrated circuit 110 reads the radio-frequency signal from the antenna 120 and interprets the signal as a command to read or write data from or to memory located on the integrated circuit.
Commonly-assigned and co-pending U.S. patent application Ser. No 09/790,104 (filed on Feb. 21, 2001; now U.S. Pat. No. 7,000,834), titled “Method To Address Security And Privacy Issues of the Use of RFID Systems to Track Consumer Products” (hereinafter referred to as “the first related invention” and hereby incorporated herein by reference) discloses overwriting an RFID tag's memory with new data, such as a shortened version of the product's serial number, at a point of sale to signify that the tagged item has been paid for. This patent application also discloses formatting the data memory on an RFID tag with control bits, thereby providing a type field to dictate access control such as whether a field can be overwritten. According to preferred embodiments of this first related invention, logic invoked when an update of the data memory is requested checks the associated control field, and if updating is not allowed, the logic exits rather than performing the update. Using the disclosed techniques, an unscrupulous store employee can be prevented from reprogramming the RFID tag of an expensive item with data representing an inexpensive item in order to pay a lower price for the expensive item.
RFID tags can be created using very inexpensive manufacturing techniques; the antenna portion can be printed on packaging material with conductive carbon ink, and the semiconductor portion—as small as 3 millimeters square—can be mounted to the antenna with glue. The cost of RFID tags is expected to decline to the point of being cost-effective even on small-value retail items. Thus one can assume that in the near future, RFID tags on merchandise will become nearly ubiquitous. One can also assume that the capacities of the non-volatile memories in RFID tags will grow far beyond today's typical 256 bytes. It is also likely that advances in data storage technologies will make large, inexpensive write-once read-many (“WORM”) non-volatile memories, which are designed to prevent erasure or overwriting of data, feasible and ubiquitous.