Generally, a Radio Frequency Identification (RFID) system is classified into a mutual induction scheme and an electromagnetic wave scheme depending on a mutual communication scheme between a reader and a tag, and is classified into an active type and a passive type depending on whether the tag operates under its own power. Also, the RFID system is classified into a long wave, a medium wave, a short wave, an ultrashort wave, and a microwave depending on a used frequency.
Since all data packets transceived between an RFID tag, and more particularly, a passive tag, for example a tag in accordance with ISO/IDC 18000-6 Type C standard, are exposed to readers in an electric wave coverage, all the data packets are in a weak security state in that information in the packets may be eavesdropped by a malicious third person.
In the weak security state, there are many risks that personal information stored in a tag memory or other important information may be stolen or forged. Also, when an unauthenticated third person accesses the tag memory and deletes some data items or writes random information, the reader and the tag exchanges invalid data. A security method using a password and a key value between a tag and a reader is disclosed in order to solve the above-described problem, however, this may not prevent a replay attack and may simply limit access to the tag memory.