Classifications

• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04B—TRANSMISSION
  • H04B5/00—Near-field transmission systems, e.g. inductive or capacitive transmission systems
  • H04B5/40—Near-field transmission systems, e.g. inductive or capacitive transmission systems characterised by components specially adapted for near-field transmission
  • H04B5/48—Transceivers
• • H—ELECTRICITY
  • H04—ELECTRIC COMMUNICATION TECHNIQUE
  • H04B—TRANSMISSION
  • H04B5/00—Near-field transmission systems, e.g. inductive or capacitive transmission systems
  • H04B5/70—Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes
  • H04B5/77—Near-field transmission systems, e.g. inductive or capacitive transmission systems specially adapted for specific purposes for interrogation

Definitions

• FIGS, la-b are schematic block diagrams depicting prior art Radio Frequency Identification systems (RFID systems 10).
• FIG. Ia shows how an RFID system 10 can initially seem straightforward. At one end is an entity, which we term a client 12 for reasons explained below. At the other end is an RFID tag 14, also frequently called a transponder. The goal then is for the client 12 to communicate with the RFID tag 14. The content of such communications can also seem simple: the client 12 may seek to issue commands to, or provide data to, the RFID tag 14; to receive data from the RFID tag 14; or combinations of these.
• the client 12 will include a human being or a sophisticated automated system. This means that the client 12 needs to include or itself be a sophisticated computerized system 16. Furthermore, the RFID tag 14 has to be written to and/or read with RF energy. This means that the client 12 also needs to itself be, or be able to work with, a RFID reader 18 (FIG. Ib), also frequently called an interrogator.
• a RFID reader 18 FOG. Ib
• RFID tags 14 are at the opposite end of a sophistication-complexity spectrum from the client 12.
• a passive type RFID tag typically includes an integrated circuit and an antenna (and often some material encapsulating these).
• An active type RFID tag further has a battery, fuel cell, or other power source. While these sub-systems can all entail considerable specialized development, an RFID tag 14 is actually a relatively simple system overall.
• the client 12 includes the computerized system 16.
• the computerized system 16 includes the computerized system 16.
• PCs personal computers
• PDAs personal digital assistants/appliances
• Servers and networks may also be employed, on their own or as part of a larger, distributed computerized system 16.
• the preeminent general computerized system 16 today is the PC, and many attributes that are useful in these also often exist in PDAs, cell phones, etc. Rather than being “specialized,” these devices are usually highly “standardized” and many aspects of this are potentially useful for RFID purposes. For instance, such devices tend to use standardized operating systems and programming software, and there are large numbers of talented and experienced programmers for these available. General computerized systems 16 systems also tend to use, or to have easily available, security protocols that are strong, well established, and highly trusted.
• SSL Secure sockets layer
• TLS transport layer security
• FIG. Ib therefore shows a more complete typical RFID system 10 today.
• the client 12 includes a general computerized system 16 that communicates with an RFID reader 18 via a first link 20, and the RFID reader 18 then communicates with the RFID tag 14 via a second link 22.
• the first link 20 can be as simple as a cable connection, which of course means that the computerized system 16 and the RFID reader 18 have to be in very close proximity.
• the utility of a RFID system 10 employing this scheme is accordingly severely limited.
• the first link 20 should permit communications across a formal network, like the Internet. This capability is very useful, as long as it does not undermine the security of the RFID system 10.
• adding a RFID system 10 should not undermine the security of an organizational network that the RFID system 10 is made part of.
• having the first link 20 communicate across the Internet and use a protocol like Telnet is simply not acceptable to many network administrators.
• the second link 22 is another matter. It inherently needs to be employ RF communications, and it should minimally increase the cost or complexity of the RFID tags 14 that it is used with. Yet it still also must be secure for many applications. This is the point where non-standardization is encountered in the RFID industry today. Most manufactures use their own proprietary security protocol across the second link 22. Some of these are based on standard algorithms like DES and 3DES/TDEA, but with proprietary usage models. Additionally, the protocols used vary markedly from tag manufacturer to manufacturer. The net result is that RFID tags 14 tend to be tied to specific RFID readers 18, and most present RFID systems 10 are therefore essentially non-standardized from the client 12 onwards.
• a Radio Frequency Identification (RFDD) security system includes a client having a computerized system, at least one RFID tag, and a RFID reader.
• the computerized system and RFID reader employ a first security protocol
• the RFID reader and RFID tag(s) employ a second security protocol to communicate.
• the first and second security protocols permit at least one of encryption and authentication, thus providing security for communications within the RFID security system.
• the first and second security protocol also both use at least one of the same key exchange algorithms, the same encryption algorithms, and related keys, thus providing seamless communications within the RFID security system.
• a method for providing secured communications in a Radio Frequency Identification (RFID) system includes securing communications between a client having a computerized system and at least one RFID tag, wherein the communications pass via a RFID reader.
• a network link employing a first security protocol is established between the computerized system and the RFID reader.
• a radio frequency (RF) link employing a second security protocol is established between the RFID reader and the RFID tag.
• the RF link employs a second security protocol in which at least one of the same key exchange algorithms, the same encryption algorithms, and related keys are also used by the first security protocol.
• At least one command for the RFID tag from the computerized system, instance of data for the RFID tag from the computerized system, or instance of data for the computerized system from the RFID tag is then communicated between the computerized system and the RFID tag(s).
• FIGS, la-b are schematic block diagrams depicting current RFID systems, wherein FIG. Ia shows one simple RFID system, and FIG. Ib shows a more complete typical RFID system.
• FIG. 2 is a schematic diagram stylistically depicting an embodiment of a RFID tag security system, according to an embodiment.
• FIG. 3 is a schematic diagram depicting how seamless communications between the client and the RFID tags in the RFID tag security system of FIG. 2 can follow two basic scenarios providing either a literal or a simulated session, according to an embodiment.
• FIGS. 4a-c are schematic block diagrams depicting some example mechanisms for using auditable secure protocols, according to an embodiment.
• FIG. 2 is a schematic diagram stylistically depicting RFID tag security system 100.
• a seamless link 110 permits a client 112 to communicate with one or more RFID tags 114.
• This communication is desirably secure. Additionally, in many embodiments this communication is auditable, and the client 112 and the RFID tags 114 can be authenticated.
• the client 112 includes a computerized system 116 but, unlike the general prior art, this is not a custom microprocessor-based system purpose-built and dedicated to RPID use. Rather, the computerized system 116 is a conventional PC or laptop computer or similar device and, to emphasize the scope of devices that may serve here, FIG. 2 shows a PDA being used.
• the seamless link 110 permits simulated, end-to-end communications sessions between the computerized system 116 of the client 112 and the RFID tags 114.
• the seamless link 110 includes a RFID reader 118, a network link 120, and a RF link 122. Sub-elements within RFID system 10 and seamless link 110 can differ, and the manner of their use is quite different.
• the RFID reader 118 shown in FIG. 2 includes a SSL enablement 124 enabling RFID reader 118 to engage in SSL/TSL sessions with the computerized system 116 across the network link 120.
• SSL Secure Sockets Layer
• the Secure Sockets Layer (SSL) protocol was briefly described above. The following summarizes it in more detail and is based on "Description of the Secure Sockets Layer (SSL) Handshake," Article ID: 257591, June 23, 2005 by Microsoft Corporation.
• the SSL protocol uses a combination of asymmetric cryptography (public-key), permitting easier authentication, and symmetric cryptography, permitting faster processing.
• An SSL session begins with an exchange of messages called a SSL handshake.
• Ml includes information that the server will need for SSL communications with the client. Specifically, Ml includes the client's SSL version number, cipher settings, session-specific data, and any other information the client deems it desirable for the server to have. Optionally, Ml may include a request for one or more resources for which the server will require client authentication (and the following description presumes this to be the case).
• M2 The server then sends a second message (M2) to the client, including information that the client will need for SSL communications with the server.
• M2 includes the server's SSL version number, SSL certificate, cipher settings, session-specific data, and any other information the server deems it desirable for the client to have.
• M2 also includes a request for the client's SSL certificate.
• M3 includes an encrypted pre-master secret, a signed piece of data, and the client's certificate.
• the client selects the pre-master secret, and it encrypts this using the server's public key.
• the piece of data is unique to this handshake and known by both it and the server, and the client signs this.
• the client now has a master secret or can generate it from the pre-master secret, for use at its end to generate a symmetric session key to encrypt and decrypt the information exchanged during the SSL session, and to verify its integrity.
• the server Upon receipt of the M3, the server authenticates the client, uses its private key to decrypt the pre-master secret, and generates the master secret for use at its end to encrypt, decrypt, and verify exchanged information during the SSL session.
• the client sends a fourth message (M4) to the server, informing it that future client messages will be encrypted with the session key. It also then sends a separate (encrypted) fifth message (M5) indicating that its portion of the handshake is finished.
• M4 fourth message
• M5 separate (encrypted) fifth message
• the server sends a sixth message (M6) to the client, informing it that future server messages will be encrypted with the session key. It then also sends a separate (encrypted) seventh message indicating that its portion of the handshake is finished too.
• the SSL enablement 124 depicted here includes a SSL certificate in storage, suitable processing capability to use it, and both asymmetric and symmetric cryptography to participate in SSL sessions.
• computerized system 116 has SSL capability. All devices that are suitable for use as the computerized system 116 are SSL capable. For example, the modern Internet browsers in PCs, PDAs, and some cell phones are all inherently SSL capable, and many users of such browsers use SSL on a regular basis.
• the computerized system 116 and the RFID reader 118 in RFID tag security system 100 engage in SSL/TSL sessions across the network link 120, they can communicate via a WiFi network across a room or via the Internet across the world.
• SSL/TSL session inherently authenticates the respective end-point systems, permits auditing the transactions that they engage in, and secures the content communicated between them, regardless of whether intervening points are themselves secured.
• Half of the seamless link 110 is thus secured using SSL/TSL, which is a standardized, well established security protocol that most network administrators concerned with organizational network security today find acceptable. Communications between the RFID reader 118 and the RFID tags 114 across the RF link 122 will be described below.
• FIG. 3 is a schematic diagram depicting how seamless communications between the client 112 and the RFID tags 114 can follow two basic scenarios 126, 128 providing either a literal session or a simulated session, respectively.
• scenario 126 where the RFID tag 114 or RFID tags 114 are presently in range of the RPlD reader 118, and thus where direct, literal communications with the RPID tags 114 can occur contemporaneously.
• scenario 128 is shown in the lower-depiction in FIG. 3, where the RFID tag 114 or RFID tags 114 not presently in range of the RFID reader 118, and thus where any communications content must be cached. In the latter case a seamless session is simulated, with the actual communications being time-displaced.
• An RFID reader 118 will typically not have the memory capacity to hold traffic intended for or received from multiple RFID tags 114. That may be adequate in some simple applications, but, if not, a RFID reader 118 with a dedicated, sizable cache 130 can be used instead.
• the client 112 can transparently store data or commands intended for an RFID tag 114 into the cache 130, or retrieve data from an RFID tag 114 that is already in the cache 130. In particular, the client 112 can do this regardless of whether an intended RFID tag 114 is presently in range of the RFID reader 118.
• the RFID reader 118 can "forward" what it has from its cache 130 to that RFID tag 114. Conversely, even when no client 112 is presently in communications with the RFID reader 118, the reader can receive information when a particular RFID tag 114 comes within its range and store this in its cache 130. Then, when communications is established with the client 112, the RFID reader 118 can "forward" what it has from its cache 130 to that client 112.
• the inventor has devised multiple mechanisms for achieving security in all parts of a seamless end-to-end session between a client 112 and RFID tags 114, as shown in the schematic diagrams in FIG. 4a-c. These mechanisms permit commands and data to not necessarily be decrypted and reencrypted, and for the keys used to only be constructed and stored on the client 112. These mechanisms also allow auditing, if desired.
• the seamless security of RFE ) tag security system 100 provides a significant advantage in auditing transactions that pass from the client 112 to the RFID tag 114 and also from the RFID tag 114 to the client 112, via the RFID reader 118. Rather than have two disjoint audit records (client-reader and reader-tag) for each transaction, there now can be one connected audit record.
• FIG. 4a depicts a first mechanism 140 using symmetric bulk encryption session keys 142 for both secure protocols (i.e. the client-reader protocol and the reader-tag protocol), with a well known relationship existing between each key 142.
• the most obvious of these relationships is to use the same key 142 (i.e., one key as the client-reader SSL session key and also as the reader-tag key).
• the relationship should be mathematical and not subject to easy collision (i.e., where different larger keys result in the same smaller key), such as a salted hash. This implicitly also requires that the keys 142 be managed in coordination (i.e., that both expire and are renegotiated when either expires).
• FIG. 4b depicts a second mechanism 150 using the same symmetric bulk encryption algorithm 152 for both secure protocols (i.e., as the client- reader SSL session protocol and as the reader-tag protocol; e.g., 3DES/TDEA).
• both secure protocols can utilize PKCSl 1 as the encryption algorithm 152 to access the card.
• FIG. 4c depicts a third mechanism 160 using a single key exchange algorithm 162 (e.g., D-H or EKE) being used from the computerized system 116 to the RFID tag 114, with the RFID reader 118 acting as a man-in-the-middle to facilitate and log transactions.
• SSL does not have to be used at all, or it could be used for authentication but not for key exchange.
• the client-reader authentication can also be tied to the reader-tag.
• D-H, SRP or a similar protocol can be used as an authentication protocol but not as a key exchange protocol.
• a traditional problem with D-H as a protocol is that man-in-the-middle attacks cannot be detected, but here this vulnerability can be advantageous used to hide the man-in-the-middle (the RFE) reader 118) and make the transaction seamless between the client 112 and the RFID tag 114.
• the cryptography protocol RC4 uses key lengths of 40-128 bits. For instance Mifare keys are 48 bits and EM 4035 keys are 96 bits. This permits using the same key 142 for all RFID crypto needs in today's RFID systems, without having to hash the symmetric SSL key being used. That is, the crypto capability of the RFID tag 114 itself is still used, but a common or related key 142 is used.
• DESFire specifies that a 3DES key consists of Kl, K2, then Kl (a TDEA key composed of Kl, K2, K3, but DESFire uses Kl and K2; SSL uses can K1-K3). This makes it so the computerized system 116 has to know this when doing key negotiation.
• the client 112 encrypts a command to the RFID reader 118 to write data to the RFID tag 114.
• the RFID reader 118 thus receives a packet from the computerized system 116, decrypts it, reencrypts it using the same key, and sends it on to the RFID tag 114.
• This approach allows the client 112 to possess the encryption key without requiring RFID reader 118 transmit the key from RFE) reader 118 to client 112.
• RFE tags 114 allow passwords to be required to access certain blocks in the RFE) tag 114. In the historical context of RFE) tags, this is often described as "logging in” to a RFE) tag.
• RFE) tag security system 100 can use such a tag password as a password at the client 112, simply using it now for "logging in” at the computerized system 116. For present purposes, this is effectively the same as using keys as described herein.
• RFE) tag security system 100 can also use systems such as Secure Remote Password (SRP) protocol to prevent exposure of the password.
• SRP Secure Remote Password

Landscapes

• Engineering & Computer Science (AREA)
• Computer Networks & Wireless Communication (AREA)
• Signal Processing (AREA)
• Computer And Data Communications (AREA)
• Mobile Radio Communication Systems (AREA)

Applications Claiming Priority (3)

Publications (1)

Family

ID=38228669

Family Applications (1)

Country Status (2)

Families Citing this family (3)

Family Cites Families (1)

• 2006
  • 2006-08-01 WO PCT/US2006/029586 patent/WO2007078329A2/en active Application Filing
  • 2006-08-01 EP EP06800509A patent/EP1977402A2/de not_active Withdrawn

Non-Patent Citations (1)

Also Published As

Similar Documents

Legal Events