EP1257974A1 - Method of authenticating a tag - Google Patents

Method of authenticating a tag

Info

Publication number
EP1257974A1
EP1257974A1 EP00936230A EP00936230A EP1257974A1 EP 1257974 A1 EP1257974 A1 EP 1257974A1 EP 00936230 A EP00936230 A EP 00936230A EP 00936230 A EP00936230 A EP 00936230A EP 1257974 A1 EP1257974 A1 EP 1257974A1
Authority
EP
European Patent Office
Prior art keywords
tag
data set
stored
security block
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP00936230A
Other languages
German (de)
French (fr)
Inventor
Robert W. Baldwin
Chester Piotrowski
Paul A. Sevcik
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
3M Innovative Properties Co
Original Assignee
3M Innovative Properties Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 3M Innovative Properties Co filed Critical 3M Innovative Properties Co
Publication of EP1257974A1 publication Critical patent/EP1257974A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/28Individual registration on entry or exit involving the use of a pass the pass enabling tracking or indicating presence
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0806Details of the card
    • G07F7/0813Specific details related to card security
    • G07F7/082Features insuring the integrity of the data on or in the card
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators

Definitions

  • the invention relates to a method of authenticating a device, tag, label, or similar item, and in one embodiment to a method of cryptographically verifying a tag of a matched component system so that hardware that is part of the matched component system will only interrogate tags that are authenticated as part of the matched component system.
  • Encryption has been used for many years to make information secure against the efforts of those who should not have access to that information.
  • Information is first encoded by a first authorized user, and then decoded by a second authorized user to obtain access to the information.
  • An example of simple encryption would be to equate a unique number with each letter of the alphabet, and then to represent the information of interest using those numbers, instead of letters. A person who knows the encryption algorithm (the substitution of a unique number for each letter) could then decode the information to obtain access to it. This type of simple encryption is easily broken however, and thus is not very secure.
  • the patent literature includes a number of references related to the uses of encryption for tracking manufactured articles, or for performing article authentication.
  • Tags or labels containing information about an article can be provided as part of a matched component system along with the hardware used to read, scan, or interrogate those tags or labels.
  • Examples of such systems include bar code labels (or printing equipment) and scanners, and radio frequency identification (RFLD) tags and RFLD interrogators.
  • RFLD radio frequency identification
  • One reason to encourage the use of matched component systems is to enable the system to avoid interrogating tags belonging to another system. Thus, error messages may be reduced, and it may be possible to use two or more systems to identify various materials in the same location. Another reason is related to the product or system warranties.
  • a system provider may warrant the operation of the system if a tag interrogator is used in conjunction with authentic tags, but not otherwise. Specifically, a system provider may warrant the operation of an RFLD system when that provider sells the RFLD tags, and also sells the equipment used to write information to, and/or read information from, those tags.
  • the authentication method described herein enables a system or user to authenticate, for example, radio frequency identification (RFLD) tags by providing an
  • RFID tag having a stored security block that is cryptographically related to the tag address, obtaining the tag address from the tag, applying a cryptographic transformation to at least the tag address and a private data set to obtain a security block, and then comparing that security block to the stored security block. If the two security blocks match, then the tag can be presumed to be authentic. Alternatively, the stored security block can be cryptographically transformed using at least a private data set to obtain a tag address, and that tag address can then be compared with the stored tag address. If the two tag addresses match, then the tag can be presumed to be authentic. Also described is an RFID tag for use with the present invention. The invention finds particularly useful application in the interrogation by portable or stationary RFID interrogators of RFID tags placed in library materials, such as books.
  • Figure 1 is a process diagram illustrating one embodiment of the inventive method for providing a tag with a security block that is a cryptographic transformation of the tag address;
  • Figure 2 is a process diagram illustrating one embodiment of the inventive method for authenticating a tag by field encryption and comparison
  • Figure 3 is a process diagram illustrating one embodiment of the inventive method for authenticating a tag by field decryption and comparison; and Figure 4 is a schematic diagram of an RFLD tag in accordance with the present invention.
  • a preferred method of authenticating an RFLD tag involves the following steps. First, a tag address that identifies the tag is obtained from the memory of the tag. Second, the tag address and a private data set, and optionally a public data set, are cryptographically transformed to provide a security block that is stored in the memory of the tag. Third, when it is desired to authenticate the tag, the tag address is again obtained and, along with the data set(s) is cryptographically transformed to provide a security block that is compared with the stored security block. Or, alternatively, the security block is cryptographically transformed, using the inverse of the original transformation, including appropriate data set(s), to obtain a tag address that is compared to the stored tag address.
  • RFLD tag 10 generally includes an antenna 12 connected to a memory device 14 such as an integrated circuit (IC).
  • the tag may include a power source, such as a battery or capacitor, or may be powered solely by the RFLD interrogator such that it receives both energy and information in the form of radio waves from the RFLD interrogator.
  • the tag may be provided with adhesive (typically pressure sensitive adhesive) so that it may be adhered to, for example, a library book. It will be appreciated by those skilled in the art that Figure 4 represents only one of the many embodiments of geometry and antenna design suitable for use in an RFID tag.
  • a commercial example of a suitable RFLD tag is one available from the Texas Instruments.
  • the Tag-it brand RFLD tag includes a first memory storage area that stores unalterable data (referred to as “permanent tag memory”), such as unique unalterable data identifying that specific tag (referred to herein as the "tag address”), and a second memory storage area that stores variable information provided by a user (referred to herein as "variable tag memory”).
  • Current Tag-it brand RFLD tags include 256 bits of variable tag memory, although more memory is likely to become available on that and other RFID tags in the future.
  • the Tag-it brand RFLD tag operates at a 13.56 MHz communication frequency, although tags and interrogators that operate at other frequencies may be used instead.
  • Tag-it brand RFLD tag systems may also be used with Windows- compatible software available from Texas Instruments to simplify the use of Tag-it brand RFLD tags and equipment.
  • the tag address is stored in the permanent tag memory. It is also preferred that this tag address be unique to insure that it is possible to identify and address a specific tag during use. This tag address might, for example, be 32 bits long, allowing over 4 billion unique addresses. Typically this tag address is programmed into the tag during manufacture and "factory locked" so that it cannot be changed later.
  • a tag address may include information stored in both the permanent tag memory and the variable tag memory, described below.
  • Variable tag memory may be used to store information about the manufacturer of the tag or the tag itself (such as when and where the tag was made), and/or about the article to which the tag is attached or to be attached. For example, where the RFLD tag will be attached to a library book or other material, the title, author, call number, checkout status, and usage statistics associated with that book may be stored in the variable tag memory. Other information that may be stored in the variable tag memory includes the name of the library that owns the book or material, the specific library branch from which it was borrowed, the appropriate location (such as the specific shelf location) for the book or material, type of item (book, CD, video tape), and the like.
  • variable tag memory may be locked, so that it cannot be inadvertently modified.
  • the data on a tag associated with an item belonging to a library can thereby be protected from accidental modification by an RFID-based airline baggage handling system or other RFID writer.
  • the locking procedure differs among RFLD tag suppliers. In the case of the Texas Instruments Tag- it brand RFLD tags, the smallest block of variable memory that can be locked in this manner is 32 bits, which may be used to store certain cryptographically transformed information in the manner described herein.
  • RFLD tags used in one embodiment of the invention are both readable and programmable. That is, the RFLD tag can be read or interrogated by an interrogation source to obtain some or all of the information stored in the variable tag memory of the tag for use or manipulation by a user, and can also be programmed (written) with information provided by a system or user.
  • Suitable RFLD interrogation sources and RFID writers are commercially available from Texas Instruments of Dallas, Texas under the designation "Commander 320.”
  • certain information is cryptographically transformed and written into a portion of the available variable tag memory by an RFLD writer, and in use the tag is interrogated by an RFID reader that determines whether the tag is authentic, as described in greater detail below.
  • RFID readers preferably can interrogate multiple RFLD tags virtually simultaneously (the Commander 320 brand interrogation source currently is able to interrogate 30 RFID tags per second), though this feature is not required.
  • Tag address is obtained from the tag, cryptographically transformed as described below, and the resulting security block is then stored on the tag.
  • Figure 1 One exemplary process for providing a tag having a stored security block in accordance with the present invention is shown in Figure 1.
  • Step 100 is to read or interrogate the tag to obtain the tag address 102.
  • the tag address is then concatenated with at least one data set, and preferably two data sets. If one data set is used, then that data set should be a private data set 106 that is not generally available to the public, but is stored in and used by the interrogation source.
  • one data set may be private and the other a public data set 104, as represented in Figure 1.
  • the tag address and the data set(s) could be interleaved or otherwise scrambled (instead of being concatenated) if desired, though this is not believed to add significantly to the security or reliability of the system.
  • the public and private data sets may consist of any string of characters and/or numbers, and can be human readable strings that are represented as binary data using standard methods such as ASCII, UTF-8 or Unicode.
  • the public data set may be widely distributed or not, as desired. In other words, the public and private data sets are simply two data sets, which may have different levels of secrecy imposed on them by the user.
  • the data set(s), and particularly the private data set is preferably a string of random characters and/or numbers, so that it is difficult or impossible to reverse engineer the data set from the cryptographically transformed information.
  • a random or substantially random process may be used, such as a random number generator.
  • the public or private data set may be subsumed within software used to create and authenticate the tags.
  • the software in general, will consist of machine language instructions, which are not readily intelligible to people and cannot be deciphered except by highly specialized individuals expending a great deal of time.
  • the data set(s) will preferably be sufficiently difficult to locate within that software that it may be considered for all practical purposes to be private even when the software itself is widely distributed.
  • the form of the public or private data sets may also be chosen to facilitate legal protection under copyright, trade secret or other law, so that any unauthorized user of the data set(s) would also be infringing on a legally protected right.
  • tag address may be of any desired length and content
  • the tag address may have, for example, 32 bits of information
  • the public data set may have at least 32 bytes of information
  • the private data set may have at least 32 bytes of information.
  • An exemplary tag address could be the hexadecimal value 0x012345678, and exemplary public data set may be the ASCII string "3M Radio Frequency Identification Systems," and an exemplary private data set may be
  • the tag address 102 and private data set 106, and optionally the public data set 104, are then fed into a cryptographic transformation algorithm 108, such as a cryptographic hash algorithm, which transforms the data and outputs a message digest 110 of, for example, 160 bits in length.
  • Cryptographic transformations encompass both conventional reversible encryption such as the Data Encryption Standard (DES, which is also referred to as the Data Encryption Algorithm (DEA) by ANSI, and as the DEA-1 by the ISO), and other related techniques such as the use of a one-way cryptographic hash such as the Secure Hash Algorithm 1, or SHAl. Examples of both types of algorithms along with detailed source code in the C programming language are including in the book Applied Cryptography. Protocols.
  • DES-CBC-MAC and DES-DMAC may be used as the cryptographic transformation method of the present invention
  • cryptographic hash algorithms such as SHAl, MD5, and RTPEMD-160 are preferred because they provide a relatively high level of security against attempts to reverse-engineer the private data set when the message digest and the public data set are known, and also because they are readily available, easy to implement, and free of significant governmental restrictions on use.
  • the source code associated with the SHAl described in the Applied Cryptography reference cited above is currently available on computer disc from Bruce Schneier, Counterpane Systems, 7115 W. North Ave., Suite 16, Oak Park, LL 60302-1002.
  • a specified portion of the message digest may be designated and stored in (written to) the variable tag memory of the RFLD tag.
  • This portion of the message digest is security block 112.
  • a lockable unit or block of the variable tag memory perhaps 32 bits, may determine the appropriate size of the security block of information from among the message digest which should be designated and stored in the variable tag memory. It may also or instead be desirable to store the message digest or the security block in the permanent tag memory, which would normally be done by or for the manufacturer of the tag.
  • the output of the cryptographic transformation (such as SHAl) will be referred to as the "message digest,” and the entirety or portion of the message digest that is stored on the RFLD tag will be referred to as the “security block.”
  • the security block 112 may be created by designating at least part of the message digest, and then written to the RFID tag in the manner described above as shown at 114.
  • the tag may be used for authentication in the field. Authentication may be performed in several different manners, 'two of which are described below. The first involves following the same process used to encrypt the tag, and then comparing the result (the security block) with the stored security block to determine whether they are the same. If the two security blocks are the same, then the tag is authentic. If they are different, then the tag is not authentic. This is referred to as "field encryption and comparison.”
  • the second authentication process described below involves essentially the reverse. That is, the authentication process begins by obtaining the stored security block from the memory of the tag, performing an encryption transformation in reverse using the private data set and, if needed, the public data set, to obtain a tag address. The tag address is then compared with the stored tag address. If the two tag addresses are the same, then the tag is authentic. If they are different, then the tag is not authentic. This is referred to as "field decryption and comparison.” In order to use this second authentication process, the security block should comprise the entire message digest.
  • Figure 2 illustrates the field encryption and comparison process steps used to determine whether a certain tag is authentic.
  • the user in the field follows the same method as shown in Figure 1, and then compares the resulting value with the stored security block to determine whether the tag is authentic.
  • steps 200 through 212 are the same as their counterparts in Figure 1. That is, the tag address is obtained 200; the tag address 202, the private data set 206, and optionally the public data set 204 are provided to the cryptographic transformation algorithm 208 that provides a message digest 210, from which a security block is created 212.
  • the RFID reader obtains the stored security block from the tag, as shown at 214, and compares the results (shown as 216) of the security block 212 with the stored security block obtained from the tag at 214. If the two security blocks are the same, then the tag is authentic. If the two messages do not match, then the user could conclude that the item is not authentic, and take any appropriate action. Such action could, for example, include terminating processing of the item to which the tag was affixed.
  • Figure 3 illustrates the field decryption and comparison process steps used to determine whether a certain tag is authentic. As shown in Figure 3, the security block
  • the tag 300 (which in this embodiment should be identical to the message digest) is obtained from the tag 300; the security block 302, the private data set 306, and optionally the public data set 304 are provided to the cryptographic transformation algorithm 308 that provides the tag address 310.
  • the RFLD reader then obtains the stored tag address from the tag 312, and compares the results (shown as 314) of the tag address 310 with the stored tag address at 312. If the two tag addresses are the same, then the tag is authentic. If the two tag addresses are not the same, the tag is not authentic.
  • the cryptographic transformation can be a reversible block cipher, stream cipher, or other suitable process.
  • the cryptographic transformation 308 could be the inverse of the cryptographic transformation used to create the security block stored on the RFLD tag.
  • the cryptographic transformation could be a block cipher such as DES running in encrypt mode (to encrypt the security block) and decrypt mode (to field decrypt the security block), where the key to the block cipher would be a function of the public and private data sets.
  • the data set(s) could be passed through a cryptographic hash function to produce a 160-bit message digest and a predetermined subset of these bits would be selected to create the 56-bit key for the DES block cipher.
  • the key could be a concatenation or other predetermined arrangement of the bits that make up the data set(s).
  • the role of the tag address and security block can be reversed. This reversal can be useful when the tag address and security block are stored such that one is more difficult to change than the other. If the tag manufacturer writes the tag address and the application vendor writes the security block, then reversing the roles of the tag address and security block may be useful in some circumstances.
  • This Example is a representation of an arbitrary tag address, public data set, and private data set that could be used in conjunction with the method of the present invention.
  • a tag address expressed in hexadecimal, could be 0x12345678. This address would be concatenated with an ASCII-string public data set "Copyright (c) 2000, 3M IPC. All Rights Reserved", which in hexadecimal notation is "0x43 0x6f
  • This concatenated data would further be concatenated with a hexadecimal private data set "OxeO 0x34 0xc7 OxfO 0xf9 0xf7 0x37 0x26 0xf6 0x19 0x53 0x15 Oxl 1 0x64 0xe5 0x30 0x45 0x4b 0xe3 Oxbf 0x6a Oxca Oxdc 0x6e Oxbe 0xb4 0x84 Oxe3 Oxbl 0x2d 0x77 0x38", which could be generated by computer using a pseudo-random number generator.
  • the full concatenated string would be processed using the SHAl cryptographic hash algorithm, and the resulting message digest, expressed in hexadecimal, would be 0x3385275891ceb2e69cdc4a56031276413d6d702d. From that one could select the low-order nibble (4 bits) of each of the first eight (8) bytes of the message digest (shown as 'the underlined characters in the preceding message digest) which would then be concatenated to provide a security block, expressed in hexadecimal, of 0x35781 e26 that could be stored on an RFLD tag by an RFLD writer. The tag could then be authenticated by using the field encryption and comparison process described above to determine whether the tag was authentic.
  • the authentication method described herein finds particularly useful application in the authentication of RFLD tags used with library materials such as books.
  • a portable (handheld, for example) RFID interrogator may be used to interrogate the RFID tags and, if the tags are authentic, to obtain other information from the RFLD tag that is useful to library staff members.
  • Stationary RFLD interrogators such as patron self-service devices, staff work stations, and stations at which library materials having only optical bar codes are converted to have RFLD tags, may also use the authentication method of the present invention.

Abstract

A method is disclosed for authenticating, for example, radio frequency identification (RFID) tags by providing an RFID tag having a stored security block that is cryptographically related to the tag address, obtaining the tag address from the tag, cryptographically transforming at least the tag address and a private data set to obtain a security block, and then comparing that security block to the stored security block. If the two security blocks match, then the tag can be presumed to be authentic. Alternatively, the stored security block can be cryptographically transformed using at least a private data set to obtain a tag address, and that tag address can then be compared with the stored tag address. If the two tag addresses match, then the tag can be presumed to be authentic.

Description

METHOD OF AUTHENTICATING A TAG
Field of the Invention
The invention relates to a method of authenticating a device, tag, label, or similar item, and in one embodiment to a method of cryptographically verifying a tag of a matched component system so that hardware that is part of the matched component system will only interrogate tags that are authenticated as part of the matched component system.
Background of the Invention
Encryption has been used for many years to make information secure against the efforts of those who should not have access to that information. Information is first encoded by a first authorized user, and then decoded by a second authorized user to obtain access to the information. An example of simple encryption would be to equate a unique number with each letter of the alphabet, and then to represent the information of interest using those numbers, instead of letters. A person who knows the encryption algorithm (the substitution of a unique number for each letter) could then decode the information to obtain access to it. This type of simple encryption is easily broken however, and thus is not very secure.
Other more sophisticated forms of encryption have been used, particularly in modern times, to secure information that is to be electronically transferred from one authorized user to another. For example, it is often desirable to transmit private information such as a message, credit card number, or the like over the Internet, and thus to encrypt that information in a suitably secure manner. A suitable type of encryption for these purposes is the "public/private key" encryption technique that is described in common texts and patents on encryption.
The patent literature includes a number of references related to the uses of encryption for tracking manufactured articles, or for performing article authentication.
See, for example, European Patent Application 0 710 934 A2, entitled "Methods and Systems for Performing Article Authentication"; European Patent Application 0 889 448 A2, entitled "Method of Preventing Counterfeiting of Articles of Manufacture"; and U.S. Patent No. 5,768,384, entitled "System for Identifying, Authenticating and Tracking Manufactured Articles." The methods described in these and other references are not, however, suitable for use with tags as a means of authentication, as described below with reference to the present invention.
Summary of the Invention
Tags or labels containing information about an article can be provided as part of a matched component system along with the hardware used to read, scan, or interrogate those tags or labels. Examples of such systems include bar code labels (or printing equipment) and scanners, and radio frequency identification (RFLD) tags and RFLD interrogators. One reason to encourage the use of matched component systems is to enable the system to avoid interrogating tags belonging to another system. Thus, error messages may be reduced, and it may be possible to use two or more systems to identify various materials in the same location. Another reason is related to the product or system warranties. That is, manufacturers often warrant their products for a given period or to perform a given function only if they are used with other components with which they have been repeatedly tested by the manufacturer, but offer no warranty or a reduced warranty if they are not. In the case of a matched component system of the type described herein, a system provider may warrant the operation of the system if a tag interrogator is used in conjunction with authentic tags, but not otherwise. Specifically, a system provider may warrant the operation of an RFLD system when that provider sells the RFLD tags, and also sells the equipment used to write information to, and/or read information from, those tags.
The authentication method described herein enables a system or user to authenticate, for example, radio frequency identification (RFLD) tags by providing an
RFID tag having a stored security block that is cryptographically related to the tag address, obtaining the tag address from the tag, applying a cryptographic transformation to at least the tag address and a private data set to obtain a security block, and then comparing that security block to the stored security block. If the two security blocks match, then the tag can be presumed to be authentic. Alternatively, the stored security block can be cryptographically transformed using at least a private data set to obtain a tag address, and that tag address can then be compared with the stored tag address. If the two tag addresses match, then the tag can be presumed to be authentic. Also described is an RFID tag for use with the present invention. The invention finds particularly useful application in the interrogation by portable or stationary RFID interrogators of RFID tags placed in library materials, such as books.
Brief Description of the Drawings
The present invention is described in greater detail with reference to the appended Figures, in which:
Figure 1 is a process diagram illustrating one embodiment of the inventive method for providing a tag with a security block that is a cryptographic transformation of the tag address;
Figure 2 is a process diagram illustrating one embodiment of the inventive method for authenticating a tag by field encryption and comparison;
Figure 3 is a process diagram illustrating one embodiment of the inventive method for authenticating a tag by field decryption and comparison; and Figure 4 is a schematic diagram of an RFLD tag in accordance with the present invention.
Detailed Description of the Invention
I. Overview
In simple terms, a preferred method of authenticating an RFLD tag according to the present invention involves the following steps. First, a tag address that identifies the tag is obtained from the memory of the tag. Second, the tag address and a private data set, and optionally a public data set, are cryptographically transformed to provide a security block that is stored in the memory of the tag. Third, when it is desired to authenticate the tag, the tag address is again obtained and, along with the data set(s) is cryptographically transformed to provide a security block that is compared with the stored security block. Or, alternatively, the security block is cryptographically transformed, using the inverse of the original transformation, including appropriate data set(s), to obtain a tag address that is compared to the stored tag address. Fourth, if the two security blocks (or tag addresses, depending on which process was used) are the same, then the tag is authentic. If not, the tag is not authentic. These steps, and other features, variations, and embodiments of the present invention are described in greater detail below. Although the invention is described in terms of an RFLD system, other systems in which information can be read from and written to a tag (preferably electronically) are also within the scope of the present invention.
π. The Tag
An RFID tag suitable for use in conjunction with the present invention is described in PCT Publication 99/65006 entitled "Identification Tag With Enhanced Security," the rights to which are assigned to the assignee of the present invention. As shown in Figure 4, RFLD tag 10 generally includes an antenna 12 connected to a memory device 14 such as an integrated circuit (IC). The tag may include a power source, such as a battery or capacitor, or may be powered solely by the RFLD interrogator such that it receives both energy and information in the form of radio waves from the RFLD interrogator. The tag may be provided with adhesive (typically pressure sensitive adhesive) so that it may be adhered to, for example, a library book. It will be appreciated by those skilled in the art that Figure 4 represents only one of the many embodiments of geometry and antenna design suitable for use in an RFID tag.
A commercial example of a suitable RFLD tag is one available from the Texas
Instruments Company of Dallas, Texas, under the designation "TLRIS Tag-it." The Tag-it brand RFLD tag includes a first memory storage area that stores unalterable data (referred to as "permanent tag memory"), such as unique unalterable data identifying that specific tag (referred to herein as the "tag address"), and a second memory storage area that stores variable information provided by a user (referred to herein as "variable tag memory"). Current Tag-it brand RFLD tags include 256 bits of variable tag memory, although more memory is likely to become available on that and other RFID tags in the future. The Tag-it brand RFLD tag operates at a 13.56 MHz communication frequency, although tags and interrogators that operate at other frequencies may be used instead. Tag-it brand RFLD tag systems may also be used with Windows- compatible software available from Texas Instruments to simplify the use of Tag-it brand RFLD tags and equipment. A. Permanent Tag Memory
It is preferred that the tag address is stored in the permanent tag memory. It is also preferred that this tag address be unique to insure that it is possible to identify and address a specific tag during use. This tag address might, for example, be 32 bits long, allowing over 4 billion unique addresses. Typically this tag address is programmed into the tag during manufacture and "factory locked" so that it cannot be changed later. A tag address may include information stored in both the permanent tag memory and the variable tag memory, described below.
B. Variable Tag Memory
Variable tag memory, subject to any applicable restrictions on the amount of memory available, may be used to store information about the manufacturer of the tag or the tag itself (such as when and where the tag was made), and/or about the article to which the tag is attached or to be attached. For example, where the RFLD tag will be attached to a library book or other material, the title, author, call number, checkout status, and usage statistics associated with that book may be stored in the variable tag memory. Other information that may be stored in the variable tag memory includes the name of the library that owns the book or material, the specific library branch from which it was borrowed, the appropriate location (such as the specific shelf location) for the book or material, type of item (book, CD, video tape), and the like.
A portion of the variable tag memory may be locked, so that it cannot be inadvertently modified. For example, the data on a tag associated with an item belonging to a library can thereby be protected from accidental modification by an RFID-based airline baggage handling system or other RFID writer. The locking procedure differs among RFLD tag suppliers. In the case of the Texas Instruments Tag- it brand RFLD tags, the smallest block of variable memory that can be locked in this manner is 32 bits, which may be used to store certain cryptographically transformed information in the manner described herein.
LTI. Readers (Interrogation Sources) and Writers (Programmers
RFLD tags used in one embodiment of the invention are both readable and programmable. That is, the RFLD tag can be read or interrogated by an interrogation source to obtain some or all of the information stored in the variable tag memory of the tag for use or manipulation by a user, and can also be programmed (written) with information provided by a system or user. Suitable RFLD interrogation sources and RFID writers are commercially available from Texas Instruments of Dallas, Texas under the designation "Commander 320."
In one embodiment of the present invention, certain information is cryptographically transformed and written into a portion of the available variable tag memory by an RFLD writer, and in use the tag is interrogated by an RFID reader that determines whether the tag is authentic, as described in greater detail below. RFID readers preferably can interrogate multiple RFLD tags virtually simultaneously (the Commander 320 brand interrogation source currently is able to interrogate 30 RFID tags per second), though this feature is not required.
IV. Encryption
Before the tag can be authenticated, certain information is obtained from the tag and other information is stored on it. Specifically, the tag address is obtained from the tag, cryptographically transformed as described below, and the resulting security block is then stored on the tag. One exemplary process for providing a tag having a stored security block in accordance with the present invention is shown in Figure 1.
Step 100 is to read or interrogate the tag to obtain the tag address 102. The tag address is then concatenated with at least one data set, and preferably two data sets. If one data set is used, then that data set should be a private data set 106 that is not generally available to the public, but is stored in and used by the interrogation source.
If two data sets are used, as exemplified in the remainder of this description, then one data set may be private and the other a public data set 104, as represented in Figure 1. The tag address and the data set(s) could be interleaved or otherwise scrambled (instead of being concatenated) if desired, though this is not believed to add significantly to the security or reliability of the system.
The public and private data sets may consist of any string of characters and/or numbers, and can be human readable strings that are represented as binary data using standard methods such as ASCII, UTF-8 or Unicode. The public data set may be widely distributed or not, as desired. In other words, the public and private data sets are simply two data sets, which may have different levels of secrecy imposed on them by the user. The data set(s), and particularly the private data set, is preferably a string of random characters and/or numbers, so that it is difficult or impossible to reverse engineer the data set from the cryptographically transformed information. To create the data set(s), a random or substantially random process may be used, such as a random number generator.
The public or private data set may be subsumed within software used to create and authenticate the tags. The software, in general, will consist of machine language instructions, which are not readily intelligible to people and cannot be deciphered except by highly specialized individuals expending a great deal of time. Thus, the data set(s) will preferably be sufficiently difficult to locate within that software that it may be considered for all practical purposes to be private even when the software itself is widely distributed. The form of the public or private data sets may also be chosen to facilitate legal protection under copyright, trade secret or other law, so that any unauthorized user of the data set(s) would also be infringing on a legally protected right.
Although the tag address, the public data set, and the private data set may be of any desired length and content, by way of example the tag address may have, for example, 32 bits of information, the public data set may have at least 32 bytes of information, and the private data set may have at least 32 bytes of information. An exemplary tag address could be the hexadecimal value 0x012345678, and exemplary public data set may be the ASCII string "3M Radio Frequency Identification Systems," and an exemplary private data set may be
0x0001E2882AC7B5C613FAF447170E90702957A5053C5C013D7235168E268DE99 0.
The tag address 102 and private data set 106, and optionally the public data set 104, are then fed into a cryptographic transformation algorithm 108, such as a cryptographic hash algorithm, which transforms the data and outputs a message digest 110 of, for example, 160 bits in length. Cryptographic transformations encompass both conventional reversible encryption such as the Data Encryption Standard (DES, which is also referred to as the Data Encryption Algorithm (DEA) by ANSI, and as the DEA-1 by the ISO), and other related techniques such as the use of a one-way cryptographic hash such as the Secure Hash Algorithm 1, or SHAl. Examples of both types of algorithms along with detailed source code in the C programming language are including in the book Applied Cryptography. Protocols. Algorithms, and Source Code in C. by Bruce Schneier (John Wiley and Sons, Inc. 1996 (2d edition)) beginning at page 442, and in the Handbook of Applied Cryptography. A. Menezes et al. (CRC Press 1997) beginning at page 348. Although other cryptographic algorithms such as
DES-CBC-MAC and DES-DMAC may be used as the cryptographic transformation method of the present invention, cryptographic hash algorithms such as SHAl, MD5, and RTPEMD-160 are preferred because they provide a relatively high level of security against attempts to reverse-engineer the private data set when the message digest and the public data set are known, and also because they are readily available, easy to implement, and free of significant governmental restrictions on use. The source code associated with the SHAl described in the Applied Cryptography reference cited above is currently available on computer disc from Bruce Schneier, Counterpane Systems, 7115 W. North Ave., Suite 16, Oak Park, LL 60302-1002.
If, due to variable tag memory limitations, it is desirable not to store the entire message digest on the tag, then a specified portion of the message digest may be designated and stored in (written to) the variable tag memory of the RFLD tag. This portion of the message digest is security block 112. Additionally, if it is desired to lock the security block in the variable tag memory against inadvertent alteration, as described above, then a lockable unit or block of the variable tag memory, perhaps 32 bits, may determine the appropriate size of the security block of information from among the message digest which should be designated and stored in the variable tag memory. It may also or instead be desirable to store the message digest or the security block in the permanent tag memory, which would normally be done by or for the manufacturer of the tag. For convenience, the output of the cryptographic transformation (such as SHAl) will be referred to as the "message digest," and the entirety or portion of the message digest that is stored on the RFLD tag will be referred to as the "security block." Thus the security block 112 may be created by designating at least part of the message digest, and then written to the RFID tag in the manner described above as shown at 114.
V. Authentication
Once a security block that represents the message digest, or a portion of the message digest, from a cryptographic transformation has been stored on a tag, the tag may be used for authentication in the field. Authentication may be performed in several different manners, 'two of which are described below. The first involves following the same process used to encrypt the tag, and then comparing the result (the security block) with the stored security block to determine whether they are the same. If the two security blocks are the same, then the tag is authentic. If they are different, then the tag is not authentic. This is referred to as "field encryption and comparison."
The second authentication process described below involves essentially the reverse. That is, the authentication process begins by obtaining the stored security block from the memory of the tag, performing an encryption transformation in reverse using the private data set and, if needed, the public data set, to obtain a tag address. The tag address is then compared with the stored tag address. If the two tag addresses are the same, then the tag is authentic. If they are different, then the tag is not authentic. This is referred to as "field decryption and comparison." In order to use this second authentication process, the security block should comprise the entire message digest.
These authentication processes are described in further detail with reference to
Figures 2 and 3.
A Field Encryption and Comparison
Figure 2 illustrates the field encryption and comparison process steps used to determine whether a certain tag is authentic. The user in the field follows the same method as shown in Figure 1, and then compares the resulting value with the stored security block to determine whether the tag is authentic. In the embodiment shown in Figure 2, steps 200 through 212 are the same as their counterparts in Figure 1. That is, the tag address is obtained 200; the tag address 202, the private data set 206, and optionally the public data set 204 are provided to the cryptographic transformation algorithm 208 that provides a message digest 210, from which a security block is created 212. To authenticate the tag by comparison, the RFID reader obtains the stored security block from the tag, as shown at 214, and compares the results (shown as 216) of the security block 212 with the stored security block obtained from the tag at 214. If the two security blocks are the same, then the tag is authentic. If the two messages do not match, then the user could conclude that the item is not authentic, and take any appropriate action. Such action could, for example, include terminating processing of the item to which the tag was affixed.
B. Field Decryption and Comparison
Figure 3 illustrates the field decryption and comparison process steps used to determine whether a certain tag is authentic. As shown in Figure 3, the security block
(which in this embodiment should be identical to the message digest) is obtained from the tag 300; the security block 302, the private data set 306, and optionally the public data set 304 are provided to the cryptographic transformation algorithm 308 that provides the tag address 310. The RFLD reader then obtains the stored tag address from the tag 312, and compares the results (shown as 314) of the tag address 310 with the stored tag address at 312. If the two tag addresses are the same, then the tag is authentic. If the two tag addresses are not the same, the tag is not authentic. The cryptographic transformation can be a reversible block cipher, stream cipher, or other suitable process.
The cryptographic transformation 308 could be the inverse of the cryptographic transformation used to create the security block stored on the RFLD tag. In one embodiment, the cryptographic transformation could be a block cipher such as DES running in encrypt mode (to encrypt the security block) and decrypt mode (to field decrypt the security block), where the key to the block cipher would be a function of the public and private data sets. For example, the data set(s) could be passed through a cryptographic hash function to produce a 160-bit message digest and a predetermined subset of these bits would be selected to create the 56-bit key for the DES block cipher. For block ciphers like RC5 that accept long keys, the key could be a concatenation or other predetermined arrangement of the bits that make up the data set(s).
VI. Variations of the Inventive Process It will be appreciated that certain steps shown in Figures 1, 2, and 3 can be done in an order different than that shown in the respective illustrations. For example, in Figure 2 the step 214 of obtaining the stored security block from the tag could take place at an earlier stage in the process, perhaps even as the first step in the process. Similarly, in Figure 3 the Step 312 of obtaining the stored tag address from the tag could take place at an earlier stage in the process. Also, although the tag address, the public data set, and the private data set are shown as independent inputs into the cryptographic transformation algorithm, they can as described above be concatenated, interleaved, or otherwise grouped prior to being input to the cryptographic transformation algorithm.
In other embodiments the role of the tag address and security block can be reversed. This reversal can be useful when the tag address and security block are stored such that one is more difficult to change than the other. If the tag manufacturer writes the tag address and the application vendor writes the security block, then reversing the roles of the tag address and security block may be useful in some circumstances.
The present invention is described in even greater detail in regard to the following Example.
EXAMPLE
This Example is a representation of an arbitrary tag address, public data set, and private data set that could be used in conjunction with the method of the present invention. A tag address, expressed in hexadecimal, could be 0x12345678. This address would be concatenated with an ASCII-string public data set "Copyright (c) 2000, 3M IPC. All Rights Reserved", which in hexadecimal notation is "0x43 0x6f
0x70 0x79 0x72 0x69 0x67 0x68 0x74 0x20 0x28 0x63 0x29 0x20 0x32 0x30 0x30 0x30 0x2c 0x20 0x33 0x4d 0x20 0x49 0x50 0x43 0x2e 0x20 0x41 0x6c 0x6c 0x20 0x52 0x69 0x67 0x68 0x74 0x73 0x20 0x52 0x65 0x73 0x65 0x72 0x76 0x65 0x64". This concatenated data would further be concatenated with a hexadecimal private data set "OxeO 0x34 0xc7 OxfO 0xf9 0xf7 0x37 0x26 0xf6 0x19 0x53 0x15 Oxl 1 0x64 0xe5 0x30 0x45 0x4b 0xe3 Oxbf 0x6a Oxca Oxdc 0x6e Oxbe 0xb4 0x84 Oxe3 Oxbl 0x2d 0x77 0x38", which could be generated by computer using a pseudo-random number generator. The full concatenated string would be processed using the SHAl cryptographic hash algorithm, and the resulting message digest, expressed in hexadecimal, would be 0x3385275891ceb2e69cdc4a56031276413d6d702d. From that one could select the low-order nibble (4 bits) of each of the first eight (8) bytes of the message digest (shown as 'the underlined characters in the preceding message digest) which would then be concatenated to provide a security block, expressed in hexadecimal, of 0x35781 e26 that could be stored on an RFLD tag by an RFLD writer. The tag could then be authenticated by using the field encryption and comparison process described above to determine whether the tag was authentic.
The authentication method described herein finds particularly useful application in the authentication of RFLD tags used with library materials such as books. A portable (handheld, for example) RFID interrogator may be used to interrogate the RFID tags and, if the tags are authentic, to obtain other information from the RFLD tag that is useful to library staff members. Stationary RFLD interrogators such as patron self-service devices, staff work stations, and stations at which library materials having only optical bar codes are converted to have RFLD tags, may also use the authentication method of the present invention.
Although most of the foregoing disclosure has been in the specific context of the authentication of RFLD tags by an RFLD reader through the use of certain encryption (and in some cases decryption) techniques, variations of the methods described are also within the scope of the invention. For example, tags, readers, and writers that operate at frequencies other than radio frequencies may be used in place of those described. With suitable modifications, the present invention may be adapted for use with bar codes (including two-dimensional bar codes), wherein a bar code address would be substituted for an RFID tag address, and the like.

Claims

We claim:
1. A method of providing an RFLD tag with a security block, comprising the steps of: (a) obtaining the tag address;
(b) performing a cryptographic transformation on at least the tag address and a private data set to provide a security block; and
(c) storing the security block on the tag.
2. The method of claim 1, wherein the tag includes a permanent tag memory and a variable tag memory.
3. The method of claim 2, wherein the tag address is stored in the permanent tag memory.
4. The method of claim 2, wherein at least part of the tag address is stored in the variable tag memory.
5. The method of claim 2, wherein step (c) comprises storing the security block in the variable tag memory.
6. The method of claim 5, further comprising the step of:
(d) locking at least the portion of the variable tag memory in which the security block is stored to prevent inadvertent modification of the security block.
7. The method of claim 2, wherein step (c) comprises storing the security block in the permanent tag memory.
8. The method of any one of claims 1 through 7, wherein the cryptographic transformation includes the use of a cryptographic hash algorithm. O 01/57807 _ι 4_ PCT/USOO/14191
9. The method of any one of claims 1 through 1, wherein the cryptographic transformation includes the use of a block or stream cipher.
10. The method of any one of claims 1 through 7, wherein step (b) comprises cryptographically transforming at least the tag address and the private data set to provide a message digest, and designating at least a portion of the message digest as the security block.
11. The method' of claim 10, wherein the cryptographic transformation includes the use of a cryptographic hash algorithm.
12. The method of any one of claims 1 through 7, wherein step (b) comprises cryptographically transforming the tag address, the private data set, and a public data set.
13. The method of claim 12, wherein step (b) comprises cryptographically transforming the tag address, the private data set, and a public data set to provide a message digest, and designating at least a portion of the message digest as the security block.
14. The method of claim 11, wherein step (b) further comprises cryptographically transforming the tag address, the private data set, and a public data set.
15. The method of claim 12, wherein the public data set is "Copyright (c)
2000, 3M IPC. All Rights Reserved".
16. The method of claim 13, wherein the public data set is "Copyright (c) 2000, 3M IPC. All Rights Reserved".
17. The method of claim 14, wherein the public data set is "Copyright (c) 2000, 3M IPC. All Rights Reserved".
18. The method of claim 12, wherein the public data set is protectable by copyright, trade secret, trademark, or service mark law.
19. The method of claim 13, wherein the public data set is protectable by copyright, trade secret, trademark, or service mark law.
20. The method of claim 14, wherein the public data set is protectable by copyright, trade secret, trademark, or service mark law.
21. A method of authenticating an RFLD tag having a stored tag address that identifies the tag and a stored security block derived at least in part from that tag address, comprising the steps of:
(a) obtaining the tag address;
(b) performing a cryptographic transformation on at least the tag address and a private data set to provide a security block; and
(c) comparing the security block of step (b) with the security block stored on the tag to determine whether the two security blocks are the same.
22. The method of claim 21, wherein the tag includes a permanent tag memory and a variable tag memory.
23. The method of claim 22, wherein the tag address is stored in the permanent tag memory.
24. The method of claim 22, wherein at least part of the tag address is stored in the variable tag memory.
25. The method of claim 22, wherein the stored security block is stored in the variable tag memory.
26. The method of claim 25, wherein at least the portion of the variable tag memory in which the stored security block is stored is locked to prevent inadvertent modification of the stored security block. O 01/57807 .16- PCT/USOO/14191
27. The method of claim 22, wherein the stored security block is stored in the permanent tag memory.
28. The method of any one of claims 21 through 27, wherein the cryptographic transformation includes the use of a cryptographic hash algorithm.
29. The method of any one of claims 21 through 27, wherein the cryptographic transformation includes the use of a block or stream cipher, where the cipher is run in encryption mode.
30. The method of any one of claims 21 through 27, wherein step (b) comprises cryptographically transforming at least the tag address and the private data set to provide a message digest, and designating at least a portion of the message digest as the security block.
31. The method of claim 30, wherein the cryptographic transformation includes the use of a cryptographic hash algorithm.
32. The method of any one of claims 21 through 27, wherein step (b) comprises cryptographically transforming the tag address, the private data set, and a public data set.
33. The method of claim 32, wherein step (b) comprises transforming the tag address, the private data set, and a public data set to provide a message digest, and selecting at least a portion of the message digest as the security block.
34. The method of claim 31, wherein step (b) further comprises cryptographically transforming the tag address, the private data set, and a public data set.
35. The method of claim 32, wherein the public data set is "Copyright (c) 2000, 3M IPC. All Rights Reserved". O 01/57807 .17. PCT/USOO/14191
36. The method of claim 33, wherein the public data set is "Copyright (c) 2000, 3M IPC. All Rights Reserved".
37. The method of claim 34, wherein the public data set is "Copyright (c) 2000, 3M IPC. All Rights Reserved".
38. The method of claim 32, wherein the public data set is protectable by copyright, trade secret, trademark, or service mark law.
39. The method of claim 33, wherein the public data set is protectable by copyright, trade secret, trademark, or service mark law.
40. The method of claim 34, wherein the public data set is protectable by copyright, trade secret, trademark, or service mark law.
41. A method of authenticating an RFLD tag having a stored tag address that identifies the tag and a stored security block derived at least in part from that tag address, comprising the steps of: (a) obtaining the security block;
(b) performing a cryptographic transformation on the security block using at least a private data set to provide a tag address; and
(c) comparing the tag address of step (b) with the stored tag address to determine whether the two tag addresses are the same.
42. The method of claim 41, wherein the tag includes a permanent tag memory and a variable tag memory.
43. The method of claim 42, wherein the stored tag address is stored in the permanent tag memory.
44. The method of claim 42, wherein at least part of the stored tag address is stored in the variable tag memory.
45. The method of claim 42, wherein the stored security block is stored in the variable tag memory.
46. The method of claim 45, wherein at least the portion of the variable tag memory in which the stored security block is stored is locked to prevent inadvertent modification of the security block.
47. The method of claim 42, wherein the stored security block is stored in the permanent tag memory.
48. The method of any one of claims 41 through 47, wherein the cryptographic transformation includes the use of a block or stream cipher, where the cipher is run in decryption mode.
49. The method of any one of claims 41 through 47, wherein step (b) comprises cryptographically transforming the security block, the private data set, and a public data set to provide the tag address.
50. The method of claim 49, wherein the cryptographic transformation includes the use of a block or stream cipher, where the cipher is run in decryption mode.
51. The method of claim 49, wherein the public data set is "Copyright (c) 2000, 3M IPC. All Rights Reserved".
52. The method of claim 50, wherein the public data set is "Copyright (c) 2000, 3M IPC. All Rights Reserved".
53. The method of claim 49, wherein the public data set is protectable by copyright, trade secret, trademark, or service mark law.
54. The method of claim 50, wherein the public data set is protectable by copyright, trade secret, trademark, or service mark law.
55. A method of providing an RFLD tag having a stored tag address that identifies the tag and a stored security block derived at least in part from that tag address, and of authenticating the tag, comprising the steps of:
(a) providing the stored security block by (i) obtaining the tag address;
(ii) performing a cryptographic transformation on at least the tag address and a private data set to provide a security block; and
(iii) storing the security block on the tag; and
(b) authenticating the tag by
(i) obtaining the tag address;
(ii) performing a cryptographic transformation on at least the tag address and the private data set to provide a security block; and
(iii) comparing the security block of step (b)(ii) with the stored security block to determine whether the two security blocks are the same.
56. The method of claim 55, wherein the tag includes a permanent tag memory and a variable tag memory.
57. The method of claim 56, wherein the tag address is stored in the permanent tag memory.
58. The method of claim 56, wherein at least part of the tag address is stored in the variable tag memory.
59. The method of claim 56, wherein step (a)(iii) comprises storing the security block in the variable tag memory.
60. The method of claim 59, wherein at least the portion of the variable tag memory in which the stored security block is stored is locked to prevent inadvertent modification of the stored security block.
61. The method of claim 56, wherein step (a)(iii) comprises storing the security block in the permanent tag memory.
62. The method of any one of claims 56 through 61, wherein the cryptographic transformations in steps (a) and (b) both include the use of a cryptographic hash algorithm.
63. The method of any one of claims 56 through 61, wherein the cryptographic transformations in steps (a) and (b) both include the use of a block or stream cipher.
64. The method of claim 63, wherein the cipher is run in encryption mode.
65. The method of any one of claims 56 through 61, wherein steps (a)(ii) and (b)(ii) comprise cryptographically transforming at least the tag address and the private data set to provide a message digest, and designating at least a portion of the message digest as the security block.
66. The method of claim 65, wherein the cryptographic transformations in steps (a) and (b) include the use of a cryptographic hash algorithm.
67. The method of any one of claims 56 through 61, wherein steps (a)(ii) and (b)(ii) comprise cryptographically transforming the tag address, the private data set, and a public data set.
68. The method of claim 67, wherein steps (a)(ii) and (b)(ii) comprise cryptographically transforming the tag address, the private data set, and a public data set to provide a message digest, and designating at least a portion of the message digest as the security block.
69. The method of claim 66, wherein steps (a) and (b) further comprise cryptographically transforming the tag address, the private data set, and a public data set.
70. The method of claim 67, wherein the public data set is "Copyright (c) 2000, 3M IPC. All Rights Reserved".
71. The method of claim 68, wherein the public data set is "Copyright (c) 2000, 3M IPC. All Rights Reserved".
72. The method of claim 69, wherein the public data set is "Copyright (c) 2000, 3M IPC. All Rights Reserved".
73. The method of claim 67, wherein the public data set is protectable by copyright, trade secret, trademark, or service mark law.
74. The method of claim 68, wherein the public data set is protectable by copyright, trade secret, trademark, or service mark law.
75. The method of claim 69, wherein the public data set is protectable by copyright, trade secret, trademark, or service mark law.
76. A method of providing an RFID tag having a stored tag address that identifies the tag with a stored security block, where the security block is derived at least in part from that stored tag address, and of authenticating the tag, comprising the steps of:
(a) providing the stored security block by (i) obtaining the tag address; (ii) performing a cryptographic transformation on at least the tag address and a private data set to provide a security block; and (iii) storing the security block on the tag; and
(b) authenticating the tag by (i) obtaining the stored security block;
(ii) performing a cryptographic transformation on at least the stored security block and the private data set to obtain a tag address; and (iii) comparing the tag address of step (b)(ii) with the stored tag address to determine whether the two tag addresses are the same.
77. The method of claim 76, wherein the tag includes a permanent tag memory and a variable tag" memory.
78. The method of claim 77, wherein the tag address is stored in the permanent tag memory.
79. The method of claim 77, wherein at least part of the tag address is stored in the variable tag memory.
80. The method of claim 77, wherein step (a)(iii) comprises storing the security block in the variable tag memory.
81. The method of claim 80, further comprising the step of:
(a) (iv) locking at least the portion of the variable tag memory in which the security block is stored to prevent inadvertent modification of the security block.
82. The method of claim 77, wherein step (a)(iii) comprises storing the security block in the permanent tag memory.
83. The method of any one of claims 76 through 82, wherein the cryptographic transformation includes the use of a block or stream cipher that, in step
(a)(ii), is run in encryption mode and, in step (b)(ii), is run in decryption mode.
84. The method of any one of claims 76 through 82, wherein step (a)(ii) comprises cryptographically transforming the tag address, the private data set, and a public data set, and step (b)(ii) comprises cryptographically transforming the security block, the private data set, and the public data set.
85. The method of claim 84, wherein the public data set is "Copyright (c) 2000, 3M IPC. All Rights Reserved".
86. The method of claim 84, wherein the public data set is protectable by copyright, trade secret, trademark, or service mark law.
87. The method of claim 1, wherein the tag address is obtained by an RFID interrogation source, and the security block is stored on the tag by an RFLD writer.
88. The method of either of claims 21 or 41, wherein the method is performed by a handheld RFID reader.
89. The method of either of claims 21 and 41, wherein the method is performed by a library patron self-service unit.
90. The method of either of claims 55 and 76, wherein at least step (b) is performed by a portable RFLD reader.
91. The method of either of claims 55 and 76, wherein at least step (b) is performed by a stationary RFLD reader.
92. An RFLD tag, wherein the tag has a stored tag address and a stored security block that is cryptographically related to the tag address.
93. The RFLD tag of claim 92, wherein the tag address and a private data set are cryptographically transformed to provide the security block.
94. The RFLD tag of claim 92, wherein the tag address, a private data set, and a public data set are cryptographically transformed to provide the security block.
95. The RFID tag of claim 92, wherein the tag includes a permanent tag memory and a variable tag memory.
96. The RFID tag of claim 95, wherein the tag address is stored in the permanent tag memory.
97. The RFLD tag of claim 95, wherein at least part of the tag address is stored in the variable tag memory.
98. The RFID tag of claim 95, wherein the security block is stored in the variable tag memory.
99. The RFID tag of claim 95, wherein at least the portion of the variable tag memory in which the stored security block is stored is locked to prevent inadvertent modification of the stored security block.
100. The RFID tag of claim 95, wherein the security block is stored in the permanent tag memory.
EP00936230A 2000-02-04 2000-05-23 Method of authenticating a tag Withdrawn EP1257974A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US49890200A 2000-02-04 2000-02-04
US498902 2000-02-04
PCT/US2000/014191 WO2001057807A1 (en) 2000-02-04 2000-05-23 Method of authenticating a tag

Publications (1)

Publication Number Publication Date
EP1257974A1 true EP1257974A1 (en) 2002-11-20

Family

ID=23982972

Family Applications (1)

Application Number Title Priority Date Filing Date
EP00936230A Withdrawn EP1257974A1 (en) 2000-02-04 2000-05-23 Method of authenticating a tag

Country Status (10)

Country Link
EP (1) EP1257974A1 (en)
JP (1) JP2003524242A (en)
KR (1) KR20020074494A (en)
CN (1) CN1433558A (en)
AR (1) AR029034A1 (en)
AU (1) AU5157600A (en)
BR (1) BR0017090A (en)
CA (1) CA2399092A1 (en)
MX (1) MXPA02007518A (en)
WO (1) WO2001057807A1 (en)

Families Citing this family (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6724895B1 (en) 1998-06-18 2004-04-20 Supersensor (Proprietary) Limited Electronic identification system and method with source authenticity verification
WO2001090849A2 (en) 2000-05-22 2001-11-29 Avery Dennison Corporation Trackable files and systems for using the same
US6816075B2 (en) 2001-02-21 2004-11-09 3M Innovative Properties Company Evidence and property tracking for law enforcement
US7137000B2 (en) 2001-08-24 2006-11-14 Zih Corp. Method and apparatus for article authentication
US6894615B2 (en) 2001-10-09 2005-05-17 3M Innovative Properties Company Article with retroreflective and radio frequency-responsive features
DE60221700T2 (en) 2001-12-11 2008-04-30 Tagsys S.A. SYSTEMS FOR SAFELY MARKING DATA
US6758405B2 (en) 2001-12-19 2004-07-06 3M Innovative Properties Company Article with retroreflective and radio frequency-responsive features
US20030130912A1 (en) 2002-01-04 2003-07-10 Davis Tommy Lee Equipment management system
EP1559056A4 (en) 2002-10-25 2006-08-23 Symbol Technologies Inc Optimization of a binary tree traversal with secure communications
CZ20023713A3 (en) * 2002-11-08 2004-06-16 Atme S. R. O. Method of registering and/or protecting goods and an implementation system for this method
US20060259772A1 (en) * 2003-03-26 2006-11-16 Kruger Johan D Authentication of radio frequency transponders
US20070165861A1 (en) * 2003-09-22 2007-07-19 Carmen Kuhl Method and electronic terminal for rfid tag type encryption
EP1669877B1 (en) * 2003-09-26 2017-11-15 Nippon Telegraph And Telephone Corporation Tag privacy protecting method, tag device, backend device, updating device, update requesting device, programs for these devices, and recording medium storing these programs
JP2005338908A (en) * 2004-05-24 2005-12-08 Sato Corp Information recording medium and method for determining information alteration of information recording medium
JP2005348306A (en) * 2004-06-07 2005-12-15 Yokosuka Telecom Research Park:Kk Electronic tag system, electronic tag, electronic tag reader/writer, and program
JP4567688B2 (en) * 2004-10-28 2010-10-20 三菱電機株式会社 Communication apparatus and communication method
JP2006127228A (en) * 2004-10-29 2006-05-18 Sato Corp Warranty system and warranty
KR100628315B1 (en) 2004-11-29 2006-09-27 한국전자통신연구원 Method and system for updating RFID tag value of transferred object
JP4412162B2 (en) * 2004-12-07 2010-02-10 三菱電機株式会社 User authentication device and entrance / exit management device
DE102004059391C5 (en) * 2004-12-09 2012-01-12 Jörg Eberwein Crypto-wireless-tag
JP4139382B2 (en) 2004-12-28 2008-08-27 インターナショナル・ビジネス・マシーンズ・コーポレーション Device for authenticating ownership of product / service, method for authenticating ownership of product / service, and program for authenticating ownership of product / service
GB0428543D0 (en) * 2004-12-31 2005-02-09 British Telecomm Control of data exchange
US7677461B2 (en) * 2005-03-10 2010-03-16 Mil. Digital Labeling Inc. Digital labels for product authentication
US7647499B2 (en) * 2005-03-24 2010-01-12 Avaya Inc Apparatus and method for ownership verification
KR100818244B1 (en) * 2005-05-10 2008-04-02 삼성전자주식회사 System for protecting tag-related information and method thereof
KR100682062B1 (en) * 2005-06-23 2007-02-15 삼성전자주식회사 RFID System and method for resolving RFID tags collision
US8917159B2 (en) 2005-08-19 2014-12-23 CLARKE William McALLISTER Fully secure item-level tagging
KR100699467B1 (en) * 2005-09-28 2007-03-26 삼성전자주식회사 RF-ID tag, RF-ID privacy protection system and method thereof
GB2431545B (en) * 2005-10-24 2011-01-12 Chien Yaw Wong Security-enhanced RFID system
KR100799560B1 (en) * 2005-12-01 2008-01-31 한국전자통신연구원 Method of securing mobile RFID, mobile RFID reader, server and system for the same
KR100772521B1 (en) * 2005-12-12 2007-11-01 한국전자통신연구원 RFID tag authentication apparatus and method in RFID system
US20070205864A1 (en) * 2006-02-17 2007-09-06 Datamars S.A. Secure radio frequency identification system
KR100722363B1 (en) * 2006-03-13 2007-05-28 강민섭 Rfid system based of robust authentication protocol, and tag and method thereof
DE602007008702D1 (en) * 2006-03-31 2010-10-07 British Telecomm METHOD AND DEVICE FOR OBTAINING ARTICLE INFORMATION USING RFID LABELS
KR100760044B1 (en) 2006-04-27 2007-09-18 고려대학교 산학협력단 System for reading tag with self re-encryption protocol and method thereof
JP4913520B2 (en) * 2006-09-28 2012-04-11 株式会社横須賀テレコムリサーチパーク Data authentication system and data authentication method
JP2008143669A (en) * 2006-12-11 2008-06-26 Brother Ind Ltd Article managing system, radio tag, and radio tag information reading device
DE102007016329B4 (en) 2007-04-04 2012-08-30 Embedded Innovation Gmbh & Co. Kg Authenticable label and apparatus for authenticating an authenticatable label
CN101755275A (en) 2007-05-25 2010-06-23 胡斯曼公司 Supply-chain management system
CN101201943B (en) * 2007-07-23 2010-12-29 游忠惠 System and method for managing test paper using radio frequency recognizing technique
KR100848791B1 (en) * 2007-11-06 2008-07-28 주식회사 이시티 Tag data recording and obtaining method which security verification are capable, tag data recording and obtaining apparatus
JP5525133B2 (en) * 2008-01-17 2014-06-18 株式会社日立製作所 System and method for digital signature and authentication
CN101976365B (en) * 2010-11-05 2012-09-19 中国航天科工集团第二研究院七○六所 Safe radio frequency identification system
CN103679080B (en) * 2012-09-20 2017-02-15 天津中兴智联科技有限公司 Tag identification distance control method, reader and system
CN102930303A (en) * 2012-09-25 2013-02-13 安徽思米来电子科技有限公司 Active and passive radio frequency identification method and system for security domains
DE102012109446B4 (en) * 2012-10-04 2016-09-08 Eckhard Rüter System for the forgery-proof coding of electronic pigeon rings
CN102932338B (en) * 2012-10-24 2015-01-21 中国航天科工集团第二研究院七〇六所 System and method for safe network access of radio-frequency identification system
US9225519B1 (en) 2015-03-02 2015-12-29 Federico Fraccaroli Method, system, and apparatus for enabling secure functionalities
WO2018165146A1 (en) 2017-03-06 2018-09-13 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system
US20210248439A1 (en) * 2018-04-25 2021-08-12 Eagile Incorporated Method and apparatus for rfid authentication

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE2949351C2 (en) * 1979-12-07 1982-04-15 The Grey Lab. Establishment, 9490 Vaduz Method and device for generating and checking documents and the document used therewith
FR2653248B1 (en) * 1989-10-13 1991-12-20 Gemolus Card International PAYMENT OR INFORMATION TRANSFER SYSTEM BY ELECTRONIC MEMORY CARD.
FR2697929B1 (en) * 1992-11-10 1995-01-13 Innovatron Sa Secure protocol for data exchange between a transfer device and a portable object.
US5832090A (en) * 1995-08-10 1998-11-03 Hid Corporation Radio frequency transponder stored value system employing a secure encryption protocol
FR2764977B1 (en) * 1997-06-18 1999-08-20 Stella ELECTRONIC LABEL COMPRISING MEANS FOR DETECTING A PHYSICAL SIZE
US6154137A (en) * 1998-06-08 2000-11-28 3M Innovative Properties Company Identification tag with enhanced security
EP0982687A1 (en) * 1998-08-26 2000-03-01 Datamars SA Method for preventing or detecting fraud in an identification system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO0157807A1 *

Also Published As

Publication number Publication date
KR20020074494A (en) 2002-09-30
JP2003524242A (en) 2003-08-12
BR0017090A (en) 2003-02-25
MXPA02007518A (en) 2003-01-28
AR029034A1 (en) 2003-06-04
WO2001057807A1 (en) 2001-08-09
CA2399092A1 (en) 2001-08-09
CN1433558A (en) 2003-07-30
AU5157600A (en) 2001-08-14

Similar Documents

Publication Publication Date Title
EP1257974A1 (en) Method of authenticating a tag
USRE46447E1 (en) RFID mutual authentication verification session
CA2023872C (en) Databaseless security system
US8143995B2 (en) Control of data exchange
US7475812B1 (en) Security system for access control using smart cards
US7832001B2 (en) Identification system and method
US20050036620A1 (en) Encryption of radio frequency identification tags
US20090096574A1 (en) Rfid tag using encrypted password protection
WO2006049636A2 (en) Master tags
CA2556235A1 (en) Protection of non-promiscuous data in an rfid transponder
WO2009052059A1 (en) Rfid tag using encrypted value
WO2006132435A1 (en) Portable token device
Langheinrich et al. Practical minimalist cryptography for RFID privacy
Williamson Sr et al. Solutions for RFID smart tagged card security vulnerabilities
WO2008139387A1 (en) Apparatuses, system and method for authentication
CN106408069A (en) User's data writing and reading method and system for EPC cards
US20240056438A1 (en) Using globally-unique numbers for all secure unique transactions, authentications, verifications, and messaging identities
CN115511019A (en) Anti-counterfeiting verification method for binding RFID (radio frequency identification) label and article bar code
CN1286050C (en) Encipher / decipher method for identity information and recognition system
Grunwald New attacks against RFID-systems
Sabzevar Security in RFID Systems
Li et al. A Solution to Privacy Issues in RFID Item-level applications
Ray et al. StenoCipher to provide data confidentiality and tampered data recovery for RFID tag
Samuel RFID security in door locks
Yang et al. Applying RFID technology in warranty service information system

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20020830

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE

AX Request for extension of the european patent

Free format text: AL;LT;LV;MK;RO;SI

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20040407

REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1052243

Country of ref document: HK