RFID tags are available in different materials and shapes. They typically comprise a microchip with an antenna for communicating with readers over a radio frequency, and a storage device, in which a full identifier is stored. When requested by a reader, an RFID tag responds by transmitting its full identifier. It may, however, also upon request just transmit part of its full identifier. There have been approaches of standardizing the full identifiers of RFID tags. Such an approach is the so-called EPC global standard. EPC stands for Electronic Product Code, which is an identification scheme designed to enable the unique identification of all physical objects. The EPC code ranges from 64 to 256 bits in length, which encodes four distinct information fields. In case of the EPC 96-bit code, the first field (the header) is defined for bits 0 to 7 and indicates the length of the code. The second field is the so-called EPC manager covering, for example, bits 8 to 35 and typically contains information about the manufacturer of the product the RFID tag is attached to. The third field is the so-called object class, covering, for example, bits 36 to 59 and referring to the exact type of product in the same manner as a stock keeping unit. The fourth field is referred to as the serial number and may cover bits 60 to 96. This fourth field provides a unique 36-bit identifier for individual products depending on the length of the EPC code. It may be possible to individually mark every product with a unique full identifier.
Passive RFID tags are a class of simple tags that when queried by a reader will respond with their tag information (identifier). Such tags typically have minimal computational logic, and receive power from the readers, and are relatively cheap to manufacture. Many business cases for the deployment of RFID technology in supply chains are predicated on the widespread deployment of passive tags to replace manual inventorying solutions based on bar code systems. RFID technology enables the tracking of individual products through production, distribution and sale, when RFID readers are installed at various locations in the supply chain. Further, in retail stores, RFID tagging may reduce the time required to actually pay for goods a consumer intends to purchase by extracting the pricing information automatically, and thus rendering it unnecessary to take the goods out of a shopping cart.
The usefulness of RFID technology directly depends on the quantity and accuracy of the tag information collected by readers. Business processes that depend on RFID information for their successful and timely completion can be disrupted by “malicious” tags that introduce spurious information to a reader or block genuine information from reaching a reader. The integrity of business processes that depend on RFID tag information can be protected if there are methods to quickly identify and isolate malicious tags.
However, there are also security and privacy concerns related to RFID. The paper, “An Introduction to RFID-Information Security And Privacy Concerns” by Björn Johannsen explains basic RFID concepts and also considers the problem of information security. There are security and privacy concerns both for the supply chain, and also for consumers who purchase goods containing passive RFID tags.
With respect to supply chains, the usefulness of RFID technology directly depends on the quantity and accuracy of the tag ID information collected by readers. Business processes that depend on RFID information for their successful and timely completion can be disrupted by “malicious” tags that introduce spurious information to a reader or block genuine information from reaching a reader. The integrity of business processes that depend on RFID tag information can be protected if there are methods to quickly identify and isolate malicious tags.
With respect to consumers, one threat that has been identified with the introduction of passive tags into consumer products is that consumer privacy may be eroded. The issue here that passive tags are still able to transmit their identification information beyond the point of sale, and in fact will willingly disclose this information to any (compatible) reader. While this may be considered an advantage in the supply chain for consumer products, most consumers do not want the tag information associated with their purchases to be read by readers placed in other stores, or in public places in general. Since passive tags transmit the same information for each read request, it is possible for a consumer to be physically tracked by the reading of tag information associated with their purchases. The tags could also reveal consumer purchasing preferences.
The Blocker Tag is a technology for preventing tag information from being read by a reader unknown to a person carrying one or several tagged items. Read requests to a tag could be physically blocked by simply jamming the radio transmission between a tag and a reader. The Blocker Tag prevents tag reading not by jamming the transmission channel, but rather by preventing the read protocol between the tag and the reader from completing. In what follows, an introduction to RFID read protocols and an explanation of the operation of the Blocker Tag is given.
Many RFID applications require a reader to read all tags that are currently in its proximity, sometimes referred to as inventorying the tag population (of the reader). The channel between the reader and its tags is a broadcast channel, and the channel from tags to the reader only supports one tag sending at a time. If multiple tags send their information during the same time instance then a collision occurs and typically no tag information can be recovered by the reader. The reader must then use an anti-collision protocol whose purpose is to singulate (or isolate) each tag in turn, so that the singulated (or isolated) tag can send its information while the other tags remain silent (until they in turn are singulated).
A common singulation method is the so-called tree-walking singulation algorithm. The tree-walking singulation algorithm enables the reader to identify the serial numbers of nearby tags individually by means of a bit-by-bit query process resembling a depth-first search of a binary tree. If the RFID tags in a given system bear unique identifiers of some fixed bit length k, then the set of all possible k-bit identifiers can be viewed as the leaves of a standard binary tree of depth k. The root of this tree has a depth of 0 and is labeled with the empty string. A node of depth d is labeled with a binary string x of length d. If d is smaller than k, then the node has two children at depth d+1: a “left child” with label x0 (x∥0) and a “right child” with label x1 (x∥1). One may regard the branches (children) of a given node in this tree as bearing labels “0” and “1”, respectively associated with the left and right branches. Thus a node at depth d in this tree may be uniquely identified by a binary prefix B=b1b2 . . . bd, representing the sequence of branches traversed in a path from the root to the node. It follows that each of the 2k leaves in the tree is associated with a unique k-bit string. Each such leaf may be viewed as a unique k-bit string that could be allocated to the serial number of a tag.
Given this interpretation of the tags identifiers to be read, the tree-walking algorithm proceeds as follows. The basic step of the algorithm is for the reader to broadcast a prefix B to all tags. Each tag receives B, and if B is a prefix of its identifier, the tag then transmits information to the reader. Each tag makes this decision independently. The reader waits for responses and observes one of three outcomes:                No responses: meaning no tag had B as a prefix. In this case B cannot be used to singulate a tag, so the reader selects a new value of B.        One response: meaning that exactly one tag (say T) has B as a prefix. The reader can now use B to address B uniquely, and can read the tag information from T while the other tags remain silent. Once T has been read, the reader can select a new value of B and singulate any remaining unread tags.        A collision occurs: meaning that more than one tag matches B as a prefix. In this case B is too general (that is, too short) to singulate a single tag, and therefore B must be extended. The reader then attempts to singulate tags using the prefixes B∥0 and B∥1.        
In practice, the values of B are chosen to perform a recursive depth-first search of the binary tree defined by the tags identifiers to be read, which is equivalent to walking a binary tree. Initially the prefix B is set to the empty string (of zero length), which matches all tags identifiers, and then extended to 1 and 0 initially. The full output of the tree-walking algorithm is a list of the ID numbers of all RFID tags within range. The running time of this algorithm is bounded by the product of k and the number of tags being read. In practice, a shopping cart full of goods should be scannable in a few seconds. Importantly, the tags must follow the protocol to guarantee the singulation of each tag. In particular, when B is not a prefix of a tag's identifier, then the tag must remain silent.
The main use of a blocker tag is to maintain the privacy of a person in possession of passively tagged goods, where the privacy of the person may be threatened if the information contained these tags can be extracted by any readers sufficiently close to the person. Blocker tags interfere with the tree-walking singulation algorithm by participating in singulation protocol in non-compliant manner, which may be thought of as a type of passive jamming. If a reader broadcasts a given prefix B, and detects a collision, then the reader extends B and makes another request, eventually expecting a singulation. However, the blocker tag is designed to respond to every prefix broadcast from a reader, so if another tag responds to the same request, then a collision will be generated. In particular, if the blocker tag is protecting the identifier of a given tag T, then each response from T will result in a collision since the blocker tag will also be responding. So the blocker tag “blocks” information from being read by generating collisions in the RF channel. In this manner, for each request the reader either detects a collision (and gains no information about the tags responding) or only reads the information sent by the blocker tag (and still gains no information about the other tags). When the reader attempts to resolve a detected collision by extending the prefix, the blocker tag will cause another collision for the extended prefix, and so on.
A blocker tag effectively overwhelms the tree-walking singulation algorithm by forcing it to sweep the full space of all possible RFID tag identifiers. If the reader had enough time, memory, and processing power to complete the tree-walking algorithm in these circumstances, it would output the entire set of all 2k possible tag serial numbers. This set is very large, however—a size of at least 264 in even the most basic system—and the reading process is designed to execute very rapidly. In practice, therefore, the reader may be expected to stall after reaching only a few hundred leaves in the tree. A net effect is that the full blocker tag blocks the reading of all other RFID tags.
The blocker tag may, however, also be designed to selectively block only a given range of identifiers, and to remain silent otherwise. A blocker RFID tag is referred to as “a full blocker” or “a universal blocker” if it simulates the full set of all 2k possible RFID tag serial numbers. Thanks to the structure of the tree-walking algorithm, such blocking may be accomplished quite easily. Whenever the reader queries RFID tags in the subtree of a given node b for the next bit value, the blocker RFID tag simultaneously broadcasts both a “0” bit and a “1” bit. The blocker RFID tag may require two antennae to do this. This forced collision drives the reader to recourse on all nodes, causing the reader to explore the entire binary tree.
The blocker RFID tag may also be refined so as to simulate and, therefore, effectively block just a subset of tags. Such a blocker RFID tag may be referred to as “partial” blocker RFID tag or a “selective” blocker RFID tag. For example, a selective blocker RFID tag might reply to the reader only during execution of the tree-walking in the left subtree of the root. This selective-blocking feature will have the effect of obstructing only the reading of tags that bear a “0” prefix in their serial numbers. RFID tags with serial numbers that begin with a “1” bit could be read without interference. In this manner, the selective blocker RFID tag can target a particular zone for protection.
While blocker tags can be used to protect the privacy of information contained on (passive) RFID tags, unfortunately the same idea has malicious applications. If a (universal) blocker tag is protecting (blocking) the information on tag T from being read, it will in fact block information block all tags in the range of the reader. This is because the blocker tag responds to all broadcasted prefixes, not just the prefixes that match with the identifier of T. Because of this property, blocker tags may be used maliciously, for example, to subvert RFID applications that rely on the quantity and accuracy of the information collected by readers. The tagged goods may be in the range of the reader, but the blocker tag prevents the reader from extracting the identifiers of the goods.
It is a challenge to provide a simple method for detecting the presence of blocker RFID tags amongst the collection of RFID tags within the range of a reader. It is furthermore a challenge to provide a device for detecting a blocker RFID tag, which enables in a simple way the detection of blocker RFID tags.