WO2008085135A1

WO2008085135A1 - A method and system for marking and verifying an information tag

Info

Publication number: WO2008085135A1
Application number: PCT/SG2008/000011
Authority: WO
Inventors: Tieyan Li; Yong Dong Wu; Wei He; Puay Siew Tan; Tong-Lee Lim
Original assignee: Agency For Science, Technology And Research
Priority date: 2007-01-12
Filing date: 2008-01-11
Publication date: 2008-07-17

Abstract

A method and system for marking and verifying an information tag and a computer readable data storage medium having stored thereon computer code means for instructing a processor of a marking unit to execute a method of marking and verifying a received information tag are provided. The method for marking and verifying an information tag comprises generating a plurality of secret keys; transmitting one or more of the secret keys to one or more authorised marking units; and at each authorised marking unit, receiving the information tag; deriving a current access password based on a current mark associated with the information tag using one of the secret keys and verifying the current mark; setting the information tag into a rewriteable state using the derived current access password; generating a new mark and a new access password; and writing at least one of the new mark and the new access password into one or more rewriteable portions of the information tag.

Description

A Method And System For Marking and Verifying An Information Tag

FIELD OF INVENTION

The invention relates broadly to a method for marking and verifying an information tag, a system for marking and verifying an information tag and a computer readable data storage medium having stored thereon computer code means for instructing a processor of a marking unit to execute a method of marking and verifying a received information tag.

BACKGROUND

Radio Frequency Identification (RFID) technology is widely used in various industries. One disadvantage of existing anti-counterfeiting mechanisms such as holograms, smart cards, biometric markers and inks, lies in their low achievable degree of automation when checking the originality of a product. In contrast, usage of a RFID anti-counterfeiting mechanism can significantly reduce the risk or scale of counterfeiting. It can also make counterfeiting financially unattractive.

Some examples of RFID usage are as follows. Euro banknotes are typically attached with RFID chips by the European Central Bank to combat counterfeiting. In addition, the US Food and Drug Administration (FDA) has issued a report that endorses

RFID as a tool to combat counterfeiting of pharmaceuticals. As a result, a number of drug E-pedigree pilots are being conducted.

In "Cryptography and authentication on RFID passive tags for apparel products", Journal-Computers in Industry, 2006 by Kirk Wong, Patrick Hui, Allan Chan, a pseudo-ID based authentication protocol for apparel products is described. Usage of a pseudo-ID was proposed instead of the standard Electronic Product Code (EPC) ID. The proposal ensures that only authorized readers can decode the pseudo-ID. However, there exists a number of problems. For example, the jigsaw encoding/decoding schemes are designed - in-house (ie. not conforming to standards and having no proof of security) and have relatively weak security even to brute force attacks. In addition, the pseudo-ID scheme is assumed to be used in a closed ring that is significantly limited on scalability and openness, as compared with EPC item level tag application scenarios. For EPC standards, refer to EPCglobal Ratified standard: "EPC RFID Class 1 Generation 2 UHF Air Interface Protocol Standard Version 1.0.9", 2005.

In "Extending the EPC Network - The Potential of RFID in Anti-Counterfeiting",

Auto-ID Lab St.Gallen, by Thorsten Staake, Frederic Thiesse, Elgar Fleisch, the potential of using RFID tags for anti-counterfeiting from a systematic viewpoint was mentioned. However, although the importance of the anti-counterfeiting subject and several research directions were mentioned, no detailed solution has been provided.

In "Strengthening EPC Tags Against Cloning", WiSe '05, by A. Juels, strengthening techniques for protecting EPC tags against cloning were presented. It is described how PIN based access control and privacy enhancement mechanisms in EPC tags are used to achieve crude challenge-response authentication. Further, in Υoking- Proofs for RFID Tags", First International Workshop on Pervasive Computing and Communication Security, IEEE Press, 2004, by A. Juels, an authentication protocol of proving the validity of two tags simultaneously was described. However, such challenge- response authentication and authentication protocol may not be adequate for verification against counterfeiting e.g. a cloned tag may not be detectable once a PIN of a tag has been compromised.

Further, another problem of the above schemes is that the schemes do not address how to prevent any protective marks to be readable by any third party. It will be appreciated that protective marks may disclose private information which is undesirable.

Hence, there exists a need for a method for marking an information tag, a system for marking an information tag and a computer readable data storage medium having stored thereon computer code means for instructing a processor of a marking unit to execute a method of marking a received information tag that seek to address at least one of the above problems. SUMMARY

In accordance with a first aspect of the present invention, there is provided a method for marking and verifying an information tag, the method comprising generating a plurality of secret keys; transmitting one or more of the secret keys to one or more authorised marking units; and at each authorised marking unit, receiving the information tag; deriving a current access password based on a current mark associated with the information tag using one of the secret keys and verifying the current mark; setting the information tag into a rewriteable state using the derived current access password; generating a new mark and a new access password; and writing at least one of the new mark and the new access password into one or more rewriteable portions of the information tag.

The new mark and the new access password may be generated using a different one of the secret keys.

Verifying the current mark may be based on whether or not access is allowed to set the information tag into a rewriteable state using the derived current access password.

The method may further comprise generating an initial mark; transmitting the initial mark to said one or more authorised marking units; at each authorised marking unit, deriving one or more previous marks based on the current mark using said one of the secret keys; and verifying the information tag as authentic based on matching one of the previous marks to the initial mark.

For a batch marking scenario, the method may further comprise, at each authorised marking unit, mapping the information tag to another information tag based on the current mark; deriving a current access password for said another information tag using said one of the secret keys; setting said another information tag into a rewriteable state using the derived current access password for said another information tag; generating a new mark and a new access password for said another information tag; and writing the new mark and the new access password into one or more rewriteable portions of said another information tag. For an undetachable tag marking scenario, the method may further comprise, at each authorised marking unit, reading the current mark from a first other information tag; writing the new mark into said one or more rewriteable portions of the information tag; and writing the new access password into one or more rewriteable portions of a second other information tag.

The new mark may function as the new access password.

The new access password may be written into a password accessible rewriteable portion of the information tag.

The method may further comprise, at an unauthorised marking unit, receiving the information tag; reading the current mark associated with the information tag; transmitting the current mark to a trusted party; obtaining the current access password derived based on the current mark from the trusted party and verifying the current mark.

The method may further comprise secure-wrapping an identification of the authorised marking unit using one of the secret keys.

The method may further comprise generating a new private key using a current secret key and an identification of the authorised marking unit; and secure-wrapping the identification using the new private key.

In accordance with a second aspect of the present invention, there is provided a system for marking and verifying an information tag, the system comprising a trust center generating a plurality of secret keys and transmitting one or more of the secret keys to one or more authorised marking units; and each authorised marking unit comprises, a processor for deriving a current access password based on a current mark associated with the information tag using one of the secret keys and verifying the current mark; setting the information tag into a rewriteable state using the derived current access password and generating a new mark and a new access password; and a writing module for writing at least one of the new mark and the new access password into one or more rewriteable portions of the information tag. The new mark and the new access password may be generated using a different one of the secret keys .

The processor may verify the current mark based on whether or not access is allowed to set the information tag into a rewriteable state using the derived current access password.

The system may further comprise the trust center generating an initial mark and transmitting the initial mark to said one or more authorised marking units; at each authorised marking unit, the processor deriving one or more previous marks based on the current mark using said one of the secret keys and verifying the information tag as authentic based on matching one of the previous marks to the initial mark.

The system may further comprise, for a batch marking scenario, at each authorised marking unit, the processor mapping the information tag to another information tag based on the current mark; the processor deriving a current access password for said another information tag using said one of the secret keys; the processor setting said another information tag into a rewriteable state using the derived current access password for said another information tag; the processor for generating a new mark and a new access password for said another information tag; and the writing module writing the new mark and the new access password into one or more rewriteable portions of said another information tag.

The system may further comprise, for an undetachable tag marking scenario, at each authorised marking unit, a reader module for reading the current mark from a first other information tag; and the processor writing the new mark into said one or more rewriteable portions of the information tag and writing the new access password into one or more rewriteable portions of a second other information tag.

The new mark may function as the new access password.

The new access password may be written into a password accessible rewriteable portion of the information tag. The system may further comprise, at an unauthorised marking unit, the unauthorised marking unit comprising a reader module for reading the current mark associated with the information tag; a transmitting module for transmitting the current mark to a trusted party; a receiving module for obtaining the current access password derived based on the current mark from the trusted party and verifying the current mark.

The system may further comprise the processor secure-wrapping an identification of the authorised marking unit using one of the secret keys.

The system may further comprise the processor generating a new private key using a current secret key and an identification of the authorised marking unit; and secure-wrapping the identification using the new private key. ^*

In accordance with a third aspect of the present invention, there is provided a computer readable data storage medium having stored thereon computer code means for instructing a processor of a marking unit to execute a method of marking and verifying a received information tag, the method comprising generating a plurality of secret keys; transmitting one or more of the secret keys to one or more authorised marking units; and at each authorised marking unit, receiving the information tag; deriving a current access password based on a current mark associated with the information tag using one of the secret keys and verifying the current mark; setting the information tag into a rewriteable state using the derived current access password; generating a new mark and a new access password; and writing at least one of the new mark and the new access password into one or more rewriteable portions of the information tag.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the invention will be better understood and readily apparent to one of ordinary skill in the art from the following written description, by way of example only, and in conjunction with the drawings, in which: Figure 1 is a schematic logical memory map of an EPC tag in an example embodiment.

Figure 2(a) is a schematic diagram of a supply chain system in the example embodiment.

Figure 2(b) is a schematic diagram showing a key chain generated by a trust center in the example embodiment.

higure 3 is a schematic diagram illustrating a TraceMark in the example embodiment.

Figure 4 is a schematic diagram illustrating calculation of a new Hashmark in the example embodiment.

Figure 5 is a schematic diagram for illustrating offline verification in the example embodiment.

Figure 6(a) is a schematic diagram illustrating a TraceMark of a batch tag in another example embodiment.

Figure 6(b) is a schematic diagram illustrating a TraceMark of an ordinary tag in the example embodiment.

Figure 7 is a schematic diagram illustrating preparation of a mark for a pair-wise tag in the example embodiment.

Figure 8 is a schematic flow diagram illustrating a demarking process in the example embodiment.

Figure 9 is a schematic diagram for illustrating offline verification in the example embodiment. Figure 10 is a schematic diagram illustrating a relationship between a TraceMark and a PIN in another example embodiment.

Figure 11 is a schematic diagram illustrating a sample demarking process in the example embodiment.

Figure 12 is a schematic diagram for illustrating offline verification in the example embodiment.

Figure 13 is a schematic diagram of a supply chain system in yet another example embodiment.

Figure 14 is a schematic diagram of a supply chairr system in the example embodiment.

Figure 15 is a schematic diagram illustrating calculation of a new TraceMark in the example embodiment.

Figure 16 is a schematic diagram illustrating offline verification in the example embodiment.

Figure 17 is a schematic diagram illustrating a participant in a number of supply chains in the example embodiment.

Figure 18 is a flowchart illustrating a method for marking and verifying an information tag in an example embodiment.

Figure 19 is a schematic block diagram illustrating a system for marking and verifying an information tag in an example embodiment.

DETAILED DESCRIPTION Some portions of the description which follows are explicitly or implicitly presented in terms of algorithms and functional or symbolic representations of operations on data within a computer memory. These algorithmic descriptions and functional or symbolic representations are the means used by those skilled in the data processing arts to convey most effectively the substance of their work to others skilled in the art. An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities, such as electrical, magnetic or optical signals capable of being stored,^" transferred, combined, compared, and otherwise manipulated.

Unless specifically stated otherwise, and as apparent from the following, it will be appreciated that throughout the present specification, discussions utilizing terms such as "scanning", "calculating", "determining", "replacing", "generating", "initializing", "outputting", or the like, refer to the action and processes of a computer system, or similar electronic device, that manipulates and transforms data represented as physical quantities within the computer system into other data similarly represented as physical quantities within the computer system or other information storage, transmission or display devices.

In the example embodiments described below, at a higher level, a Personal

Identification Number (PIN) based access command and a writable portion of an EPC tag memory (both conforming to EPC standards) are used. In the following description the PIN refers to an access password of a tag. A trust center initializes a tag and authorizes a set of readers. Only authorized readers can write specially formatted data onto the tag when the tag is traversing various stations. For writing operations on a tag, each authorised reader presents a current PIN to set the tag into a writeable state. Updated data written by an authorised reader can be recognized by other authorized readers.

Figure 18 is a flowchart 2100 illustrating a method for marking and verifying an information tag in an example embodiment. At step 2102, a plurality of secret keys is generated. At step 2104, one or more of the secret keys is transmitted to one or more authorised marking units. At each authorised marking unit, at step 2106, the information tag is received. At step 2108, a current access password is derived based on a current mark associated with the information tag using one of the secret keys and the current mark is verified. At step 2110, the information tag is set into a rewriteable state using the derived current access password. At step 2112, a new mark and a new access password are generated. At step 2"H 4, at least one of the new mark and the new access password are written into one or more rewriteable portions of the information tag.

The new mark and the new access password are generated using a different one of the secret keys. In one example embodiment, the new mark functions as the new access password.

Figure 19 is a schematic block diagram illustrating a system 2200 for marking an information tag in an example embodiment. The system comprises a trust center 2202 for generating a plurality of secret keys and transmitting one oτ more of the secret keys (see 2203) to one or more authorised marking units e.g. 2204. Each marking unit e.g. 2204 comprises a processor 2206. The processor 2206 derives a current access password based on a current mark associated with the information tag using one of the secret keys and verifying the current mark. The processor 2206 is capable of setting the information tag into a rewriteable state using the derived current access password and generating a new mark and a new access password. Each marking unit e.g. 2204 further comprises a writing module 2208 coupled to the processor 2206 for writing at least one of the new mark and the new access password into one or more rewriteable portions of the information tag. In the example embodiments, each marking unit, authorised or unauthorised, can further comprise a reader module 2210 for reading the current mark associated with the information tag, a transmitting module 2212 for transmitting the current mark to a trusted party, a receiving module 2214 for obtaining the current access password derived based on the current mark from the trusted party and verifying the current mark.

The example embodiments can provide a number of different schemes, of which each deals with a different situation. Further, the example embodiments can provide an invisible marking scheme and a privacy enhanced scheme. In one example embodiment, a basic scheme is provided that uses a per-tag based marking process. The tags, being independent of each other are marked and verified individually.

In another example embodiment, a batch scheme is provided that works on a package of tags comprising a batch tag and a plurality of ordinary tags. The batch scheme marks a batch tag pair-wisely with only one additional tag at each step. In this example embodiment, the batch scheme is significantly more efficient than the basic scheme (ejj. for a batch of n tags, the complexity of operation at each step is 0(1), compared with O(n) of the basic scheme).

In yet another example embodiment, for a set of undetachable tags, an undetachable scheme is provided to chain-lock a set of urrdetachable tags so that operating on one tag improperly can affect the overall integrity of the set.

The example embodiments can integrate item/case/set level security mechanisms to achieve a strong system level anti-counterfeiting solution.

In another example embodiment, an invisible marking scheme is provided such that the PIN is used as a mark for a tag and therefore, the mark is invisible to unauthorised readers.

In another example embodiment, a privacy enhanced scheme is provided such that authorised readers can choose privacy options from a public option, a limited option or a private option for marking tags. These options allow each reader to choose a privacy level for its reader ID.

For description purposes, tags referred to in the description are assumed to be EPC class 1 generation 2 Ultra High Frequency (UHF) tags. Such tags can be used for item level tagging of a supply chain.

Before describing the example embodiments for the basic scheme, the batch scheme and the undetachable scheme in detail, an introduction of an EPC tag memory map, a schematic supply chain system and key management procedures are first provided.

Figure 1 is a schematic logical memory map 102 of an EPC tag in an example embodiment. The logical memory comprises a TraceMark" field 104 (hereinafter referred to as TraceMark for description purposes). It will be appreciated by a person skilled in the art that although the TraceMark 104 is referred to as 32 bits in length for the following description, the length is not limited as such. Rather, the length of the

TraceMark 104 can be arbitrarily assigned as 64 bits, 128 bits or 160 bits etc., depending on the security and practicability requirements of different RFID deployment situations.

The EPC tag logical memory is organized into four blocks, each comprising one or more 32 bits words. The logical memory comprises a memory bank 00 (at numeral 106) that is reserved for a "Kill" password 108 (32 bits) and an "Access" password 110 (32 bits). In the description, the "Access" password 110 is also known as the PIN. The logical memory further comprises a memory bank 01 (at numeral 112) that contains protocol control bits (16 bits), error check bits (16 bits) and a unique EPC identifier or ID 114 (96 bits). The logical memory further comprises a memory bank 10 (at numeral 116) that contains a tag identifier (TID) 117 (32 bits) which is distinct from the EPC ID 114. In other words, the TID 117 is a number identifying the tag itself and not the object to which the tag is attached. The logical memory further comprises a memory bank 11 (at numeral 118) that is user defined and comprises the TraceMark 104.

It is noted that the "Access" command (compare numeral 110) whose implementation is optional in the EPCglobal standard is used in the example embodiments. By presenting a valid 32 bits access PIN 110, the tag is transitioned into a "secured" state. The tag can only be accessed in a "secured" state for a number of restricted functions such as reading from a reserved memory bank and writing to a user memory bank. On one hand, since PINs are resistant to skimming attacks, they can be exploited to provide certain security services. On the other hand, the word level granularity of writable operations is exploited to update the user memory. It will be appreciated that although PIN is described as 32 bits in length, the length is not limited to 32 bits and can be increased to 64 bits, 128 bits etc. A longer PIN can make it more difficult to guess the PIN and therefore, can increase the security of the example embodiments.

Figure 2(a) is a schematic diagram of a supply chain system 200. It will be appreciated that although there are multiple parties (e.g. manufacturers, warehouses, distributors, retailers and end customers) involved in a RFID supply chain application scenario, three main roles assumed for description purposes are a trust center 202 (e.g. maintained by the manufacturers), a plurality of intermediate RFID interrogators or readers e.g. 204 (ie. for carrying out processing at different locations of a supply chain) and the end customers 206. The trust center 202 is responsible for key generation, key updating and system initialization. It will be appreciated that the trust center 202 is not limited to manufacturers and can also be e.g. a trusted third party that processes security value added services for various parties/roles.

The trusted center 202 regulates a security policy on how to authenticate or authorize the readers e.g. 204 as well as tags. Each RFID reader e.g. 204 in the system 200 is first enrolled at the trust center 202 and thus can obtain forward secure secrets from the trust center 202 periodically. Whenever an item tag of a certain product is received and interrogated, a reader e.g. 204 is able to verify the tag, modify the tag contents and pass the tag to a successor in the system 200. At the end of a chain, a customer e.g. 206, with or without an interrogator or reader e.g. 204, can verify the product via online verification (see 208). In other words, when a tag goes through the supply chain, it is initialized at the trust center 202, processed by different readers e.g. 204 and can be verified offline or online at various locations.

Security can be provided using a number of security mechanisms including key management, the various tag marking schemes and provision of online/offline verification. In key management, the trust center 202 generates secret keys for intermediate readers e.g. 204 so that only the authorized readers e.g. 204 can access the tags. The keys are also updated periodically to achieve time based forward security. Conversely, unauthorized readers (e.g. in a certain period) can not access the tags. Using the tag marking schemes, an authorized reader e.g. 204 can verify a tag and additionally, can add its own mark on the tag so that an instance of "being accessed by the reader" is recorded. At numeral 205, the type of marking scheme can be the basic scheme (ie. per tag marking), the batch scheme or the undetachable scheme. The chosen scheme can implicitly assist in a complete verification of the product's E- pedigree. In online/offline verification, the marking schemes (at numeral 205) enables offline verification between consecutive readers e.g. 204 and online verification for the end customers 206.

"For the system 200, a "skimming" attack is assumed. In such an attack, an adversary can scan a tag and obtain its valid EPC ID for the purpose of cloning the EPC tag. However, since the PIN cannot be skimmed, a complete verifiable clone cannot be constructed. This attack is weaker than a "reverse engineering" attack where a moderately sophisticated adversary can compromise a tag" and extract its PIN for fabricating a cloned tag perfectly. The marking schemes can protect the tags from "skimming" attacks and can also limit the "reverse engineering" attacks to a short time period. Further, PIN guessing can be countered by temporarily disabling a tag when multiple incorrect PINs are presented. For 32 bits PIN lengths, this type of attack is not practical. It is assumed that the database at the trust center 202 is secure. Also, the example embodiments can limit this kind of attack to a certain time period.

Below is a description of the key management procedures. At the system initialization phase, the trust center 202 generates a whole construction of keys. The trust center 202 holds a pair of valid public keys (K_pub, K_pπ). In the example embodiments, a hash chain based approach is employed for generating a key chain and the keys are then released periodically in an inverse order of the generation process (ie. in an order opposite to that for the hash generation process). Other key generation approaches may also be used as long as the authorization of readers e.g. 204 is updated securely. A secure channel is assumed between each subscribed reader e.g. 204 and the trust center 202. Thus, an authorized reader e.g. 204 means that the reader e.g. 204 holds the latest refreshed key from the trust center 202.

For description purposes, the following set of standardized cryptographic primitives is used: M: an l-bit plain text M <- {0,1}'. SIG_K(M): a signature scheme using a private key K on input M.

H(M): a collision free hash function that outputs a m-bit string on input M of length I bits and H: {0,1}' -» {0,1}^m. E.g. using Secure Hash Algorithm-1 (SHA-1 ). Hⁿ(M): a collision free hash function is repeated n times on input M. H_k(M): a keyed hash function that uses key k on input M of length I bits and outputs a m- bit result. H: k * {0,1}' -> {0,1}^m. E.g. using keyed-Hash Message Authentication Code (HMAC). X||Y: a concatenation of X and Y.

Figure 2(b) is a schematic diagram showing a key chain generated by the trust center. During key generation, the trust center 202 generates a hash chain based on a random seed (r 4- PRNG) (see numeral 210). It then assigns each hash value to a key value as:

Ki = H⁰Ir) (i=0,1, ..., n) (1)

Additionally, a time period T (e.g. 1 year) is divided into n short time periods reasonably resulting in a period t = T/n (e.g. n =365 and t = 1 day) (see numeral 212). A first time period (e.g. the first day) is assigned as to and the i+1"¹ time period as tj. For each time period, a key from the key chain is assigned such as K₁ -> tj (see numeral 214). Since these keys are transmitted only to authorised readers or marking units, the keys can be known as secret keys.

It is noted that a hash chain has the following security property. It may be easy to compute H'(r) from H^1-V) (ie. from the previous hash value) but it is almost computationally impossible for the inverse computation. Thus, if key K_M is released, it is computationally difficult to guess the next key K, while knowing K₁ means it is possible to derive all previous released keys K_j (where j=0,1, ..., i-1).

After generating the key chain, the trust center 202 publishes the initial chain value K₀. The trust center 202 computes its signature on K₀ and publishes a set [K_pUb, K₀, SIGκpri(Ko)]. Subsequently, any released key Kj can be verified by hashing the key itself repeatedly to check whether K₀ is the root. At this stage, loose time synchronization is assumed all over the system 200 for calculating any time period. The exactness on timing can be minutes or even hours, which can be considered to be reasonable.

Key updating is carried out at the beginning of every time interval. It is assumed that the intermediate organizations using readers e.g. 204 have set up secure channels with the trust center 202 via subscription e.g. the trust center 202 can dispatch a smart card to each subscriber and the smart card stores all secrets for setting up the secure channels. It will be appreciated that the smart card is one of a number of ways for downloading keys and the intermediate organizations have other choices for downloading the keys securely. An organization can have multiple reading points where a hierarchical key structure is assumed by default e.g. a current access key received from the trust center can be a root (master) key in an internal key hierarchy of the organisation and subsequent keys are derivable from the master key. The update of the root key by the trust center changes the subsequent keys within the organization. Deriving subsequent keys is optional and can be made possible according to any internal (hierarchical) key generation framework of the organisation.

In addition to key generation and updating, the trust center 202 also initializes a number of values on each tag, such as an initial PIN (refer to 110 of Figure 1) and the TraceMark (refer to 104 of Figure 1 ).

Following the description of the key management procedures, the example embodiment for the basic scheme is described below.

Figure 3 is a schematic diagram illustrating the TraceMark 104. In the example embodiment, the TraceMark module 104 comprises an optional "Distance" field 302 of d bits (e.g. if d=6, "Distance" is from 00_h to 05_h with a maximum value of 64) and a "HashMark" field 304 of 32-d bits (e.g. if d=6, ΗashMark" is 26 bits, from 06_h to 1F_h). For description purposes, d=6 is assumed throughout the description. MSB refers to the most significant bits and LSB refers to the least significant bits.

The "Distance" field 302 represents the number of total stop points starting from the trust center when a tag traverses through a supply chain. The denotation 'Dist' is used to represent the "Distance" field 302 and the value of Dist is calculated as: Dist_new = DiSt₀Id +1 (where Dist_init = 0) (2)

Disti_ni_t is initialized at the trust center as 0 and incremented by 1 whenever a tag is passed to a new reader. The allocation of 6 bits for the distance allows a maximum of 64 intermediate stop points in a single supply chain.

The 26-bit "HashMark" field 304 (hereinafter referred to as Hashmark) contains a compressed value of aggregating all past stop points (with respect to authorized readers). The HashMark 304 is initialized by the trust center as HashMark_inj_t = LSB₂₆(H[EPCID||RID_ιni_t]) and subsequent values are calculated as follows:

HashMark_new = HashMarkow XOR LSB₂6(H[EPCID||RrD_new]) (3)

where RID^ is the current reader ID (assuming every reader has a unique ID), and LSB₂₆ means the least significant 26 bits are being retained. The new HashMark_new is used to prepare a new TraceMark. It is noted that Dist is a known value and can be obtained from the tag.

Figure 4 is a schematic diagram illustrating calculation of a new Hashmark. The new Hashmark 402 is calculated based on an old Hashmark 404, the EPCID 406 and the RID 408.

In the example embodiment, a demarking process is provided and is the reverse procedure of the marking process. Demarking can be carried out at any locations. Given the knowledge of the past reader IDs, the EPC ID and the current ΗashMark" field 304 value, the former "HashMark" value can be derived as follows:

HashMark_M = HashMark* XOR LSB₂₆(H[EPCIDIIRIDi]) (4)

As long as the reader IDs are known and correct, the above equation (4) can be used to derive all past values of the "HashMark" 304 and can be used to retrieve the trust center initialised HashMark_iniι . To proceed with marking operations, a valid PIN is presented to the tag. The access PIN is stored in the reserved memory (ie. memory bank 00, see numeral106 of Figure 1). When a current reader (Rj) recognizes the tag, the current reader presents to the tag an old PIN (ie. assigned by a former reader R_M at time t_j). Suppose that the current time period is tj and the current reader obtains the key Kj, the current reader can derive the old key K_j and identify the old PIN by calculating

PIN_j = H_KJ [TraceMark_j] (5)

Using limited calculations (up to about 3), the old PIN can be known. Once the old PIN is found, the current reader can launch an "access" command and transition the tag into a "secure" state. A new TraceMark is then written to the user memory as TraceMark 104 (Figure 1) and a new PIN is assigned as follows:

PIN_new = H_Kl [TraceMarknew] (6)

This new PIN overwrites the old PIN at the memory bank 00 (refer to numeral 106 of Figure 1 ) from the address 20_h to 3F_h. Thus, clearly, any authorized reader holding the latest updated key can unlock the old PIN and assign/mark a new TraceMark and new PIN.

In the example embodiment, offline verification can be carried out by any authorized reader in the intermediate organizations. Offline verification combines the described processes of demarking and PIN checking.

Figure 5 is a schematic diagram for illustrating offline verification. Given the HashMark value at a current location (ie. HashMarkj at numeral 502), a verifier at i can derive the last HashMark (ie. HashMark_M at numeral 504) according to equation (4). The verifier can then calculate the former PIN using equation (5). The verification can only proceed with the demarking process only when the PIN is correct. Checking of the PIN is by trying the PIN successfully on the tag using the "Access" command. Once the distance is decreased to 0 (see numeral 506), a final match between HashMarko and H[EPCID||RID₀] can be used to indicate a valid or invalid result. To use offline verification, the current verifier uses all the previous reader IDs. The current verifier can acquire such knowledge based on past transaction experiences or some public portals.

In the example embodiment, for an unauthorized reader or an end user without a recognised RFID interrogator, a kind of online verification is provided. For online verification, the trust center sets up an online network connection and a web based online server. An end customer wishing to carry out online verification obtains the EPC

ID and TraceMark" of the tag, either from e.g. a relevant retailer or using an unauthorized reader. It is noted that such information can be scanned due to their readable property.

As an illustration, suppose that a User (Alice) is currently buying a product on which is attached a tag. The retailer of the product can provide Alice with a valid PIN_R, EPC ID and TraceMark on-site. Alice can communicate online with the trust center using the EPC ID and TraceMark so that the trust center can provide Alice with a PIN_T online. Alice can then communicate with the retailer on-site to check whether PIN_R = PIN_T. If the result is negative, the tag is verified as invalid. If the result is positive, Alice can have full control of the tag off-site.

It will be appreciated that any authorized reader (e.g. readers used in the offline verification) can perform the above online verification process. The authorized organizations using such authorised readers can provide the online checking service substantially identical to that provided by the trust center. A number of benefits may be provided such as it may be more convenient for Alice to contact e.g. trusted and nearby (local) verifiers in the case of a global supply chain and also, the load of the trust center can be reduced with such distributed trust services.

After describing the example embodiment for the basic scheme, the example embodiment for the batch scheme is described below.

Multiple tags (e.g., 100 tags) can be packaged into a single case and transmitted as a whole object. Applying the basic scheme described in the above example embodiment requires marking operations on all tags at each station which may not be efficient. With the batch scheme, only a batch tag and an additional tag (randomly selected at each time for forming a pair-wise tag with the batch tag) is securely marked. Hence, an overall efficient and secure tracing of the supply chain can be achieved by pair-wising an additional tag with the batch tag at each step. In this example embodiment, whenever a batch of tags (e.g. in a case) is received at a reader, the batch tag is interrogated first and from thereon, a chain of ordinary tags may also be queried for checking their marks. Successful verifications can allow the reader to proceed with updating operations on the batch tag and one additional ordinary tag. The end customer who receives the case, with or without an interrogator/reader, can verify the product via online verification.

Figure 6(a) is a schematic diagram illustrating a TraceMark 602 of a batch tag. Figure 6(b) is a schematic diagram illustrating a TraceMark 604 of an ordinary tag. The TraceMark 602 of the batch tag, denoted as "TraceMark_B", is substantially identical to the TraceMark 104 described in the basic scheme. The TraceMark 604 of the ordinary tag, denoted as "TraceMark/, has no "Distance" field but only a "HashMark" field 606 of 32 bits.

To prepare a mark for the batch tag, the Dist value 608 is treated substantially identical to equation (2) described above. For the "HashMark" field 610, "HashMark_B" is initialized by the trust center as: HashMark_B0 = LSB₂₆(H[EPCID_BIIRIDO]) and at stage i, it is calculated as follows:

HashMarkβi = HashMark_BM XOR LSB₂₆(H[EPCID_BIIRIDi]) (7)

where RID₁ is the current reader ID (assuming every reader has a unique ID), and LSB₂₆ means that the least significant 26 bits are being retained. The marking process for "TraceMark_B ⁿ is substantially identical to the "TraceMark" used in the basic scheme of the previous example embodiment.

In the example embodiment, the batch tag is mapped to a pair-wise ordinary tag.

At each stage, the current reader finds a pair-wise tag for the batch tag for storing additional marking information into this pair-wise tag. Although the pair-wise tag is chosen randomly, it can be traced back by any authorized reader. The design of the mapping algorithm is as follows: H_Ki [TraceMark_Bi] mod n = Map[EPCIDj] (8)

where a keyed hash function is applied onto a newly generated batch tag TraceMark_Bi" at stage i. The hash value is then modulated and mapped to an ordinary tag (e.g. j in an ordered series of n tags). Thus, equation (8) acts as a mapping function that provides a pointer to a specific tag (ie. tag j having EPCID_j). The calculation can be carried out at any time to identify the tag j. It is noted that the batch scheme allows a tag to be marked multiple times. In case the selected tag is to avoid conflict with another tag selected at an earlier stage, one can repeat the hash operation or by using a hash table, until a non- conflict tag is selected.

In the example embodiment, after mapping, a mark for the pair-wise ordinary tag is prepared. Figure 7 is a schematic diagram illustrating the preparation of a mark for the pair-wise tag. Since the new selected tag j has no conflict with the previously marked tags, this tag can be marked using its initialized value and batch tag EPCID_B: HashMarkj_jo = LSB₃₂(H[EPCID_B || EPCIDJ ||RID_O]). See numeral 702. Thus, at stage i (see numeral 704), TraceMarkηi" is calculated as follows:

HashMarkηi = HashMark_Tj0 XOR LSB₃₂(H[EPCID₈IIEPCID_jIIRIDi]) (9)

In the example embodiment, new PINs are prepared for the batch tag and the pair-wise tag. For both the batch tag and the new pair-wise tag, respective new access

PINs are assigned to each of them at stage i for writing operations. Based on equation (9), the newly generated "TraceMarkη" is used for generating the new PINs for the above two tags:

PIN_Bi = LSB_[63:3_2](Hκi P^"raceMarkτjiJ) (1 Oa)

PIN_Tji = LSBp₁: o_](Hκι [TraceMark_Tji]) (1 Ob)

To conduct the writing operations, since PINs are stored in the reserved memory, the current reader presents the old PINs for both tags before being allowed to update the PINs. For the batch tag, suppose that the current time period is tj, the current reader obtains the key Kj and the reader can find the old PIN (assigned at an earlier time t_j) of the batch tag PIN_Bj (compare equations (7), (8), (9) , (10a) and (1Ob)). Thus, the PIN_Bj and TraceMark_Bj (ie. at time j) can be replaced with new PIN_Bι and TraceMark_Bi (ie. at time i).

For the pair-wise ordinary tag (selected at time period tj), the initial PIN is assigned by the trust center. The current reader can derive the initial key K₀ from Kj and compute PIN_Tj0 = LSB_pi_: o)(H_Ko [TraceMarky_jo]) to conduct writing operations on the pair- wise tag.

In the example embodiment, a demarking process is provided and is the reverse procedure of the described marking process. The demarking process can be carried out at any time and location.

Figure 8 is a schematic flow diagram illustrating the demarking process. Given a

HashMark_Bi+1 (e.g. TraceMark _Bi+i at 802), using equation (7), a current reader can derive HashMark_Bi (e.g. TraceMark _Bi at 804). Further, using equations (8) to (10a) and (10b), the pair-wise tag's EPCIDj at time tj as well as its TraceMarkηj may also be obtained. Thus, one by one, all readers and all pair-wised tags on the chain can be derived. The initialised values provided by the trust center (see numeral 806) can also be retrieved. In the example embodiment, if the system information (e.g. the reader IDs, EPC IDs and all the mark values) provided are correct, the batch scheme marking and demarking processes can work securely and efficiently.

Figure 9 is a schematic diagram for illustrating offline verification. It is noted that only the i^th step verification at the time period t, is illustrated. Given the current HashMark of the batch tag (ie. HashMark_Bi at 902), the verifier can apply the keyed hash function with the current key Kj and derive the EPC ID (EPCID_j at 904) of the i^m pair-wise tag according to equation (8). By applying the keyed hash function again on TraceMarkηj (e.g. based on HashMarkηi at 906 and equation (9)), the reader can now verify two values PIN_Bi and PIN_Tji respectively using equations (10a) and (10b). The verification proceeds with the (i-i)"¹ step when the respective PINs are correctly presented (see numeral 908). The above demarking process is repeated until the distance is decreased to 0 (not shown). A final check can be conducted on obtained values of HashMark_Bo and HashMarkjo to indicate whether the verification is a valid or invalid result. To use offline verification, the current verifier uses all the previous reader IDs. The verifier can acquire this knowledge based on past transaction histories (e.g., E-pedigree) or some public portalsr

In the example embodiment, online verification is also possible. As an example, supposing that a user (e.g. Alice) is currently checking a case of products on which is attached a batch tag and a set of ordinary tags. The i^m step of online verification is described. Alice reads the EPCID_B and TraceMark_Bi of the batch tag and transmits the information to the trust center. The trust center provides Alice with a PIN_B and the EPCID_j by applying the key Kj (compare equation (8)). The PIN_B provided to Alice is checked by Alice applying the PIN_B to the batch tag. If the PIN_B is valid, Alice obtains TraceMarkηi (compare equation (1Oa)). The trust center can then provide Alice with a PIN_TJ_I and also transmits to Alice the EPCID_j-1 by applying the key K₁ again(compare equation (8)). The PINηi provided to Alice is checked by Alice applying it to the identified pair-wise tag. If the PINηj is valid, Alice obtains TraceMark_T(j-i)i (compare equation (1Oa)). The process is continued until initialisation values are compared to check whether the verification is a valid or invalid result.

It will be appreciated that any authorized reader (e.g., readers used in offline verification) can replace the trust center in providing the verification service for end customers. It is noted, however, that there is a significant number of interactions involved in the above verification process. To shorten the interaction period, a user (e.g. Alice) can choose to submit all IDs and TraceMarks at once and check all PINs from the trust center at the same time.

After describing the example embodiment for the batch scheme, the example embodiment for the undetachable scheme is provided below. There can be a number of applications where several undetachable tags are deployed together. For example, in pharmaceutical distribution, there may be a legal requirement for a certain medication to be dispensed together with a leaflet describing its side effects. One tag can be embedded on the container of the medication while another tag is embedded in the accompanying leaflet. Another example is in manufacturing where it may be required to dispatch a certain component with a safety cap attached. The tags attached on the component and the safety cap can provide evidence on verifiable safe delivery.

In such cases, a complete verification of the package can rely on the presence of all tags with valid verifications. The undetachable scheme links tags with each other so that any missing tag can cause a failed verification. In the example embodiment, for efficiency, one tag in a set is selected to be marked at each stage. A complete verification is completed only when all marks in the whole set are presented.

In the example embodiment, TraceMark and PIN values of the tags are initialized at the trust center and updated as described in the following. For initial marking at the trust center, assume that there are in total 'n' ordered tags in a set. TraceMark^ denotes the TraceMark of the i"¹ (where i={1 ,2,... ,n}) tag at time period t_j.

Figure 10 is a schematic diagram illustrating a relationship between TraceMark and PIN in this example embodiment. The trust center assigns the initial values at time period to as follows:

TraceMarkio = LSB₃₂(H[EPCIDiIIRIDo]) (i={1,2 n}) (11)

PIN_i0 = LSB₃₂(H_K0 [TraceMark^p]) (i={2,...,n}) (12)

where the PIN for the first tag of the set is linked to the TraceMark of the nth tag ie. PIN₁₀ = LSB₃₂(H_K0 [TraceMarkno]) for i=1 (see numeral 1002).

At each stage, a reader selects a random tag for updating its mark. This is also known as mapping to the tag. After the reader collects all tag data at time period t_j, the reader uses the following mapping algorithm to select the tag: H_Kj [TraceMarki_j ||TraceMark_2j ||... ||TraceMark_nj] mod n = Map[EPCIDj] (13)

where a keyed hash function is applied onto all concatenated TraceMarks. The hash value is then modulated and mapped to an i^m tag (e.g., i in an ordered series of n tags). Thus, equation (13) acts as a mapping function that provides a pointer to a specific tag (ie. tag i having EPCIDi). Calculation can carried out at any time to identify the tag i.

AffeTYelection of the random tag, a mark is prepared for the selected tag. Suppose that the tag i is selected in equation (13), and its last update time period is time t_k with TraceMarkj_k. Thus, its new mark value given current time period t_j, is computed as:

TraceMarki_j = TraceMarki_k XOR LSB₃₂(H[EPCIDiIIRID_j]) (14)

Since the new mark value affects the PIN of the next tag in order (compare Figure 10 and equation (12)), a new PIN for the i+i*¹ tag is assigned as:

PIN_n+11J = LSB₃₂(Hκ_j UraceMarki_j]) (15)

It is noted that for updating/marking the above new mark value (compare equation (14)) and new PIN value (compare equation (15)) to the respective tags, the former PINs of the relevant tags must be presented. It will be appreciated by a person skilled in the art that these former PINs can be derived from former assignments (see Figure 10 and equation (15)).

In the example embodiment, a demarking process is provided and is the reverse of the described marking process. The demarking process can be carried out at any time and location. Based on equations (11) to (15), the TraceMarks of the tags at time t_j can be collected and all their PINs can be derived. The initialised values provided by the trust center can also be retrieved.

Figure 11 is a schematic diagram illustrating a sample demarking process. There is provided three undetachable tags 1102, 1104, 1106. At different time stages, different tags can be selected for marking (e.g. tag ID_A 1102 is selected to be marked at time periods t₂ 1108, t₅ 1110, U 1112 and t,₀ 1114). Aggregated reports on the tags 1102, 1104, 1106 can be demarked to show a full chain of visited readers along the time line. If all collected system information (e.g., the reader IDs, EPC IDs and all the mark values) are correct, the demarking process can be completed successfully.

As described above, the undetachable marking scheme or chain-marking carries out two write operations at each updating (ie. marking a randomly selected tag and updating the_PIN of a subsequent tag). In comparison to the described basic scheme ie. marking all tags, the undetachable scheme can be considered as a more efficient process. However, for a very small set (e.g. with a size of 2 or 3), there may be only a small overhead for marking all tags. In such a case, different marking schemes can be chosen flexibly. For example, for a pair of undetachable tags; both can be marked at each stage and therefore their PINs are interlocked. For another example, on another extreme, there is a choice of marking only one tag and leaving all other tags in the undetachable set blank. At each time stage, one mark is aggregated with its PIN and all other tags¹ PINs being changed as well. A tag with a blank marking field but a valid PIN can be checked by issuing the "Access" command. In other words, as long as the tags can be linked or interlocked together, the respective marking schemes can meet different requirements and can be customized for any application scenarios.

Figure 12 is a schematic diagram for illustrating offline verification. A one step PIN checking verification of a tag IDj at a time period t_jis illustrated. Suppose the PIN of IDj is assigned at time period t*, using equation (15), the PIN of the tag IDj at t_k can be computed as PIN_ik = LSB₃₂(H_Kk [TraceMarkp-uiJ) (see numeral 1202). The PIN_ik is then checked to indicate whether it is correct. Again, suppose the PIN of a subsequent tag IDj₊₁ is assigned at U, the PIN_p+1]m = LSB₃₂(Hκ_m [TraceMark_jm]) (see numeral 1204) can be computed using the TraceMark of tag ID₁ at t_m at 1206 and checked whether it is correct. If both PINs are valid, then the verification proceeds with demarking TraceMark_[j_+1jι (ie. assigned at t|) using equation (14). Every tag undergoes the above procedure until all tags are verified. After successful offline verification, all the tags can be ensured as having correct and complete marking information. It is assumed that these tags are in an undetachable set.

In the example embodiment, online verification can also be carried out. As an example, assume that a user (e.g. Alice) is currently checking a set of n undetachable tags. Alice reads the EPCID, and TraceMarkj (for all i={1,2,...,n}) and transmits the information to the trust center. The trust center applies a key K_j at tj to the received TraceMarki (for all i={1,2,...,n}) to obtain PINj (for all i={1,2,...,n}) and transmits the PINj information to Alice. Alice conducts PIN checking on all the tags using the received PIN, (for all i={1,2,...,n}). If all the PINs are correct, Alice transmits a "valid" reading to the trust center. If any PIN is incorrect, Alice transmits an "invalid" reading to the trust center. As an additional option, the trust center can be configured to send Alice demarking results once a "valid" reading is received at the trust center.

It will be appreciated that for the example embodiments, any authorized reader (e.g., readers used in offline verification) can replace the trust center in providing the verification service for end customers.

After describing the example embodiments for the basic scheme, the batch scheme and the undetachable scheme, a security analysis is hereby described.

Firstly, the security of a single tag is analysed. In a "skimming" attack, an adversary can scan a tag and obtain the valid EPC ID and TraceMark" on the tag. A cloned tag may be produced. However, without a valid PIN, the cloned tag can be detected as a faulty one immediately at an entry point of a supply chain. The described offline verification processes can provide detection mechanisms. For a "reverse engineering" attack, a moderately sophisticated adversary can compromise a tag's PIN. It is noted that only a centralized solution (e.g. a database duplication detection mechanism) can detect a "reverse engineering" attack. The example embodiments can fully protect the tags from a "skimming" attack and can restrict a "reverse engineering" attack to a limited time period. Also, a "reverse engineering" attack is typically time consuming and an adversary is not expected to be able to fabricate a large bulk of tags in a short period. Further, although an adversary may guess the PIN of a tag, it is highly impractical for 32 bits PIN lengths.

Although other stronger attacks such as a database attack and active attacks (e.g., man-in-the-middle attack) are not assumed in this security analysis, a "key disclosure" attack which is also quite strong can still be analysed. Suppose that at time tj, an updated key Ki is captured by an adversary. The key can be used to generate all marks as well as PINs as long as they are based on the same key chain. The adversary can clone the tags at will (e.g. pretend to be authorized readers) and push the tags to any downstream players. The cloned tags may not be detected if the downstream players do not check the immediate source of the tags/goods or if they collude with the adversary. In such a situation, incentive mechanisms (or more strict policies) for downstream players or end customers may be implemented to update transactions to solve the above problem centrally.

The batch scheme utilizes relationships between tags. It is harder to break the batch scheme than the basic scheme since cloning a batch tag alone can not break the overall security due to usage of pair-wise tags. Thus, without an up to date key chain, an adversary cannot find out the marked tags. Instead, the adversary has to "reverse engineer" the whole batch to obtain all correct PINs and this is highly impractical.

The undetachable scheme ensures that tags in a set are interlocked with each other. Thus, if an adversary cannot obtain the PINs of all the tags, it cannot break the overall security due to the chaining property of the undetachable scheme. Compared with the batch scheme, the undetachable scheme is even more secure since there is still a small chance in the batch scheme that if only the marked tags are verified, the adversary may clone only those marked tags instead of all tags. However, it is appreciated that this is highly impractical.

After describing the security analysis, a performance evaluation is described in the following. For the basic scheme, a simplified deployment model is assumed: the trust center attaches up to 2²⁰ (about 1 million) tags to 2²⁰ items of a product. For the whole lifecycle of a tag in the supply chain, as denoted as T, T is divided into 2²⁰ time pieces. If at time to, the trust center initializes the system, 2x2²⁰ hash computations and 2²⁰ keyed hash computations are completed by the trust center. Given 1 μs per hash operation over a short message, the trust center takes about 3 seconds for system setup. Additionally, the trust center takes a few milliseconds for signature generation. However, the above computation time is negligible compared with configuration time for programming the tags. Suppose for each tag, the initial PIN and TraceMark, together with the EPC ID, are all field programmed into the tag at once, the security overheads may thus be negligible as well at the trust center. After initialization, the trust center updates the key periodically (e.g. 2²⁰ times). Moreover, the trust center provides online verification jervice to disruptive requests. To participate in this supply chain, an intermediate reader subscribes at the trust center before any transaction happens. Subsequently, periodical key updates are received with the setting up of a secure channel for each operation. With each received tag, the reader performs several hash operations for checking and refreshing which are also negligible compared with the writing operation. The readers have one more write operation (ie. via the "Access" and "Write" commands) instead of having only a read operation. This can result in a major security overhead on processing a single tag at each site.

With regard to the batch scheme, it will be appreciated that the batch scheme is more efficient than the basic scheme for processing a batch of tags. Suppose n tags are installed in a case. At the i^m intermediate organization, i computations are carried out on verification and 2 write operations are conducted. While verification procedures involve only mathematical computations (e.g. 1 μs per hash operation over a short message), given all EPC IDs and their TraceMarks are read in one session, these computational overheads can be ignored. Thus, only the overhead on write operations is considered. It is assumed that the batch scheme performs O(1) write operations at each case level tag processing, as compared with the performance of O(n) of the basic scheme.

With regard to the undetachable scheme, it will be appreciated that the undetachable scheme is more efficient than the basic scheme for processing a set of tags. Suppose n undetachable tags are packaged in a set. At the i^m intermediate organization, the undetachable scheme uses O(i) computations on verification (with respect to demarking and PIN checking) and 2 write operations (e.g. one for updating a mark and one for updating a PIN). Thus, the undetachable scheme performs O(1) write operations at each stage, which is the same as the batch scheme in this regard and is more efficient than the basic scheme. However, the "undetachable" property increases its overheads by O(n) on PIN checking (ie. for all tags at each stage which is the same as the basic scheme), which can make the undetachable scheme not as efficient as the overhead O(i) of the batch scheme.

The described example embodiments can protect EPC RFID tags. For example, the basic scheme works on a single tag and enables authorized readers to mark a tag traversing a supply chain and to check the validity of the mark offline. For example, the batch scheme assumes a batch of tags is attached to goods (e.g., packaged in a case) and instead of marking all the tags in the batch, the batch scheme marks a batch tag at each time. Moreover, besides the batch tag, an additional (randomly selected) tag, namely a pair-wise tag with the batch tag, is also securely marked. By pair-wising an additional tag at each step, an efficient and secure tracing on the overall security of the supply chain may be achieved. For example, the undetachable scheme may be suitable for scenarios that require the presence of all tags for a complete verification. The undetachable scheme makes these tags linked with each other so that any missing tag may cause a failed verification. To be efficient, one tag in the set is chosen to be marked at each stage. A complete verification can only be established by presenting all marks in the whole set. In summary, the example embodiments make use of standard security primitives and conform to the EPC class 1 generation 2 RFID tag specifications. The example embodiments are secure, scalable, efficient and easy to deploy. On one hand, the example embodiments can resist counterfeiting vendors from producing authentic tags quickly and massively, thus raising the bar of difficulty for counterfeiting behaviors. On the other hand, the example embodiments can stimulate the distributors or retailers of a supply chain on validating the goods/tags. This may maintain the integrity of e.g. the E-pedigree of a certain product (and may finally form a complete EPCglobal network).

In yet another example embodiment, an invisible marking scheme is provided to hide tag marks and still maintain security functionality. The example embodiment employs the PIN-based access command as described in the above example embodiments but does not store the mark in the read/write-able portion of the EPC tag user memory. In addition, the example embodiment uses a centralized trust center for initializing tags and authorizing a set of readers. In the example embodiment, the invisible scheme uses a keyed hash with temporal keys constructed from a hash chain to compute a mark for authentication and verification. This mark is stored in the protected access password memory (refer to 110 of Figure 1) of an EPC Class-1 Gen-2 tag and is not readable/writeable by entities/readers that do not have knowledge of the mark, i.e. the mark is 'invisible' to unauthorized entities. The 'invisible' mark can be verified using the PIN checking mechanism specified in the EPCglobal Class-1 Gen-2 standards.

With reference to Figure 1, the access password-PIN is contained in the memory bank 00 (numeral 106) with a password protected read/write function. In the example embodiment, the "Access" command is used to change a tag's status into the "secured" state. The access password is also presented to carry out verification.

The threat model for this example embodiment assumes the "skimming" attack, where an adversary can scan a tag and get its valid EPC ID for the purpose of cloning the EPC tag. However, to construct a complete verifiable clone, the adversary would also need to know the access password of the tag, which cannot be skimmed in this example embodiment. For a stronger attack, the "PIN guessing" attack is assumed, where an adversary can try different PINs on a tag. However, PIN guessing is countered by temporarily disabling a tag when multiple incorrect PINs are presented. For 32 bits

PIN lengths, this attack is highly impractical. Hence, this example embodiment can protect tags from the "skimming" and "PIN guessing" attacks.

Figure 13 is a schematic diagram of a supply chain system 1300. Multiple parties, for example manufacturers (e.g. 1302), warehouses, distributors, retailers (e.g. 1304) and end customers (e.g. 1306), are involved in a simplified RFID supply chain application scenario. Three roles are assumed, namely a trust center 1308 (e.g. maintained by the manufacturers), several intermediate RFID interrogators/readers e.g. 1310 (e.g. carrying out processing at different locations of a supply chain) and the end customers e.g. 1306. The trust center 1308 carries out key generation, key updating as well as system initialization (see 1312). It will be appreciated that the trust center 1308 can also be a trusted third party that processes security value added services for all above parties/roles. Furthermore, the trust center 1308 regulates the security policies that determine how tags and readers are to be authenticated. An RFID reader e.g. 1310 in the system 1300 is first enrolled (or registered) with the trust center 1308, and thus can obtain any forward secure secrets from the trust center 1308 periodically.

In this example embodiment, e.g. when a set of undetachable tags is received at a reader, the set is interrogated first with all IDs being polled and all marks being read.

Successful verifications allow the reader to proceed with updating operations on a selected tag. Referring to the previously described undetachable scheme, the chaining property ensures that the tags in a single set are locked so that any missing fraction of the set can cause the verification to fail. The marking can be made invisible using this example embodiment.

In the example embodiment, security is provided using a number of security mechanisms including key management, an invisible marking scheme and online/offline verification. In key management, the trust center 1308 generates secret keys for intermediate readers e.g. 1310 so that only authorized readers e.g. 1310 can access the tags e.g. 1314. The keys are also updated periodically to achieve time based forward security. Conversely, unauthorized readers (e.g. in a certain period) cannot access the tags. These keys can be seen as temporal keys, with each key corresponding to a particular instance in time. In the invisible marking scheme, an authorized reader e.g. 1310 can verify the tags and also mark itself invisibly into each tag. In the online/offline verification process, the invisible marking scheme enables offline verification between consecutive readers and online verification along the supply chain.

In this example embodiment, the key management process, inclusive of algorithm notations, key generation and updating, is substantially identical to the key management process of the above example embodiments.

The invisible marking scheme is described in detail below. In the example embodiment, the "PIN" is defined as a mark for any tag.

In the example embodiment, for initializing a tag at the trust center, the trust center constructs a key chain using repeated hash computations over a random seed r to obtain K_n = r, K_n-1 = H(r), K_n-2 = H²(r), ... , K₀ = Hⁿ(r). Assume that a tag is assigned an identification number denoted by EPCID and a reader ID at the trust center is RID₀, the trust center then assigns an initial PIN value (or initial mark value) to the tag at time period to using key K₀ from the key chain as follows:

PIN₀ = LSB₃₂(H_KO[EPCIDIIRID₀]) (16)

When the tag reaches a k^m reader (ie. RID_k) at time tj, a new mark is calculated using key K₁ from the key chain as follows:

PIN_k = PIN_k-1 XOR LSB₃₂(H_KJtEPCIDIIRID₁J) (17)

PIN_k-1 can be calculated by obtaining past keys using K₁ and using past reader IDs. Using equations (16) and (17), the generation process can be reconstructed until PIN_k-i is obtained. It is noted that a keyed hash function with the current key Kj is applied to the tag's ID (ie. EPCID) and the current reader's ID (ie. RID_k). The least significant 32 bits of the hash value is obtained and is used in an exclusive OR operation with the last PIN (ie. PINn).

For verifying a tag, assume that a tag has traversed a set of readers (e.g. RID₀, RID₁ RID_k). The current holder of the tag can verify the tag using the following procedure. The current holder collects necessary information regarding all the marking parties such as a list of the previous reader IDs as well as their marking time periods (these information are obtainable from transaction details e.g. the tag's E-pedigree). In the example embodiments, transaction details of a tag can be obtained by a current holder of the tag via a signed document flow such as an E-pedigree. It will be appreciated that transaction details are not stored on tags. From equations (16) and (17), the holder can re-construct the current PIN based on initial values. The current reconstructed "PIN_k" is checked by issuing it to the tag for an accessing trial. If access is allowed, the tag is successfully verified. A new mark value, ie. a new PIN, (compare equation (17)) can then be assigned/marked to the tag. If access is not allowed, the tag is considered compromised and can be abandoned.

Following description of the invisible marking scheme, a security analysis is described below. A "skimming" attack would fail in this example embodiment since an adversary cannot scan a tag and obtain a valid PIN. Thus, the clone of the skimmed tag can be identified immediately as a faulty tag at its entry point of a supply chain. However, if a moderately sophisticated adversary can break a tag with a "reverse engineering" attack, then the PIN of the tag may be disclosed to the adversary. This may allow a perfect clone of the tag at a certain stage but this attack can be detected by the use of updated keys. The security of the example embodiment is thus based on the secret keys ie. the example embodiment is secure as long as the up to date key chain is secure. In an extreme case that the adversary "reverse engineers" the tag (which is typically expensive and time consuming) to obtain all correct PINs, it is noted that stricter instant/online checking mechanisms may be required. However, this type of attack, being expensive and time consuming, is not practical. Thus, this example embodiment has the same security level as the above example embodiments.

After describing the security analysis, a performance evaluation is described below. The invisible marking scheme of the example embodiment is compared with the basic scheme of the above example embodiments. A simplified deployment model is assumed: the trust center attaches up to 2²⁰ (about 1 million) tags to 2²⁰ items of a product. For the whole Hfecycle of a tag in the supply chain, which is denoted as T, T is divided into 1 minute interval pieces. Assume that T = 2 years. Thus, at time to, when the trust center initializes the system, 2x365x24x60 = 1.05 million hash computations for the key chain and 2²⁰ keyed hash computations for the invisible marks on the tags are computed. Given 1 μs per hash operation over a short message, only a few seconds is required for system setup. Additionally, several milliseconds are used for signature generation. However, the sum of the above computation times is negligible when compared with the configuration time for programming the tags. Assuming that the initial PIN/Mark, together with the EPC ID, are all field programmed into the tag at once, the security overheads are thus negligible as well at the trust center. After initialization, the trust center updates the key periodically (e.g. once every minute). Moreover, the trust center provides online verification service to disruptive requests. To participate in the supply chain, an intermediate reader registers itself with the trust center before any transaction happens. Thereafter, periodical key updates are received with setting up a secure channel for each operation. With each received tag, the registered reader performs a series of hash operations for re-constructing, checking and refreshing the invisible mark. Again, the total amount of computations carried out is negligible compared with the writing operation. In some of the above example embodiments, when a participant of a supply chain leaves its mark on a tag, it also discloses its identity which may not be a good "privacy" property for the participant if it wishes to preserve its identity.

Thus, in another example embodiment, a privacy enhanced scheme is provided for marking EPC RFID tags. The scheme can be used to preserve the privacy of participants in a secure RFID based supply chain. In this example embodiment, participants can choose from three privacy levels/options ie. public, limited and private options.

For the public option, the identity of a participant can be verified publicly by any other participants in a supply chain. For the limited option,^* verification can only be conducted by a limited set of e.g. authorized participants. For the private option, the identity of a participant can not be derived by authorised participants and can only be recovered by a trust authority e.g. being recovered by a legal authority in case of a dispute.

Although description of this example embodiment is directed at a single tag, it will be appreciated that the example embodiment can be extended to a set of tags. The example embodiment can also be compatible with marking schemes described in above example embodiments. This example embodiment also employs a PIN based access command and a writable portion of an EPC tag memory.

The example embodiment can be secure, efficient and flexible. A participant can choose a privacy option at any time for any goods on any supply chain. The example embodiment makes use of standard and lightweight security primitives and conforms to EPC RFID tag specification.

The logical memory map of the EPC tags in this example embodiment is substantially identical to the logical map 102 of Figure 1. The TraceMark used in this example embodiment is of 64 bits in size. Figure 14 is a schematic diagram of a supply chain system 1600. Multiple parties such as manufacturers e.g. 1602, warehouses, distributors, retailers e.g. 1604 and end customers e.g. 1606, are involved in a simplified RFID supply chain application scenario. Three roles are assumed, namely, a manufacturer acting as a trust center 1608 for initiating a supply chain, several intermediate RFID interrogators/readers e.g. 1610 (e.g. carrying out processing at different locations of the supply chain) and a trust authority (not shown). In the example embodiment, the manufacturer 1608 is responsible for key generation, key updating as well as system initialization (see 1612) for all tags (e.g. attached on_ goods) produced. The intermediate interrogators/readers e.g. 1610 are participants of the supply chain. The trust authority can be a trusted third party (ie. independently operated) that processes security value added services for all above parties/roles. The trust authority can also recover secret values in case of any dispute. An intermediate RFID reader e.g. 1610 in the system 1600 is first enrolled at the manufacturer 1608, and thus can obtain forward secure secrets (e.g. for the limited option, including an access key, as well as a privacy key) from the manufacturer 1608 periodically. In the example embodiment, whenever a tag of a certain product item is received and interrogated, the relevant reader is able to verify the tag, modify the tag contents (according to the desired privacy level) and pass the tag to its successor reader. Further, the reader has to request an additional personalized privacy key from the trust authority if it chooses the private option. At the end of the supply chain, the customer, with or without an interrogator/reader, can verify the product via online verification. In other words, when a tag goes through the supply chain, it is initialized at the manufacturer, processed by different readers with different privacy levels, and verified offline or online at various locations.

In the example embodiment, security is provided using a number of security mechanisms including key management, tag marking, selection of privacy options and online/offline verification. In key management, the manufacturer 1608 in a supply chain generates secret access keys (K_A) and privacy keys (K_L) for the limited option for intermediate readers e.g. 1610 so that only authorized readers can access the tags. The keys are also updated periodically to achieve time based forward security. Conversely, unauthorized readers (e.g. in a certain period) can not access the tags. In tag marking, an authorized reader can verify a tag and can also add its own mark on the tag so that an instance of "being accessed by the reader" is recorded. This implicitly assists the completion of verifying the tags (in a physical flow) with their E-pedigrees (in an information flow). In a privacy options selection process, when a reader is writing the marks, it has an option of choosing a desired privacy level ie. public, limited or private. Different sets of verifiers are defined for different privacy levels. In online/offline verification, the privacy enhanced scheme enables offline verification between consecutive readers and online verification for the end customers.

The threat model for this example embodiment assumes a "skimming" attack, where an adversary can scan a tag and get its valid EPC ID for the purpose of cloning the EPC tag. Also, a "PIN guessing" attack is assumed where an adversary can try different PINs on a tag. However, PIN guessing can be countered by temporarily disabling a tag when multiple incorrect PINs are presented. In the example embodiment, for 32 bits PIN lengths, this attack is largely impractical. Moreover, a kind of stronger attack or a "reverse engineering" attack is assumed where a moderately sophisticated adversary can compromise a tag and extract its PIN for fabricating a cloned tag. However, the adversary has to clone all the tags in a set ie. verification cannot be successful if only a portion of the tags is cloned. Thus, the example embodiment can protect tags from the "skimming" attack at all times and can limit the "reverse engineering" attack to a short time period. The threat model can be considered as realistic and customizable in real life RFID supply chains.

The key management process of the example embodiment is described below. There are some differences in the key management process here as compared to the key management process of above example embodiments given that privacy keys are also generated.

At the system initialization phase, the manufacturer 1608 generates a whole construction of keys. The manufacturer 1608 is assumed to hold a pair of valid public keys (Kp_Ub, K_pn). A hash chain based approach is employed for generating a key chain and the keys are then released periodically in an inverse order of the generation process. A secure channel is assumed between each subscribed reader e.g. 1610 and the manufacturer 1608 for key retrieving. Thus, an authorized reader e.g. 1610 means that the reader e.g. 1610 holds the latest refreshed keys from the manufacturer 1608. In the example embodiment, the access keys (K_A) and privacy keys (K_L) are generated using the same key generation methods. Notations used in this example embodiment are substantially identical to those of above example embodiments.

As described in the above example embodiments, with reference to Figure 2(b), each key from the key chain is assigned as Kj -> ti_¬

lt is noted that a hash chain has the following security property ie. it may be easy to compute H'(r) from H^h1(r) (ie. from the previous hash value) but it is almost computationally impossible for the inverse computation. Thus, if key Kj_-1 is released, it is computationally difficult to guess the next key Kj, while knowing Kj means it is possible to derive all previous released keys K₁ (where j=0,1, .... i-1).

After generating the key chains (i.e. two key chains in this example embodiment for access keys and privacy keys), the manufacturer publishes the initial chain values K_A0 and K_L0for verification purposes. The manufacturer computes its signatures on K_Ao, K_L0 and publishes a set [Kp_Ub, K_A0, K_L0, SIG_Kpri(K_A0, K_L0)]. Subsequently, any released keys K_/y and K₄ can be verified by hashing the keys repeatedly to check whether K_A0, K_L0 are the roots. At this stage, loose time synchronization is assumed all over the system 1600 (Figure 14) for calculating any time period. The exactness on timing can be minutes or even hours, which can be considered to be reasonable.

In the example embodiment, key updating is carried out at the beginning of every time interval. It is assumed that the intermediate organizations have set up secure channels with the manufacturer via subscription e.g. the manufacturer can dispatch a smart card to each subscriber and the smart card stores all the secrets for setting up the secure channels. It will be appreciated that the smart card is one of a number of ways for downloading the keys and the intermediate organizations have other choices for downloading the keys securely.

After describing the key generation and updating processes, the privacy enhanced scheme of the example embodiment is described in more detail below. It is noted that the manufacturer initializes a number of values on each tag, such as an initial PIN and a TraceMark. Below is a description for the public option of the example embodiment.

The TraceMark (compare 104 of Figure 1) is a compressed value for aggregating all past stop points (with respect to authorized readers). For each tag, the TraceMark is initialized by the manufacturer 1608 as TraceMarko = LSB₆₄(H[EPCIDIIRID_O]), where EPCID is the ID of the EPC tag and RID₀ is the ID of the manufacturer.

Fiqure 15 is a schematic diagram illustrating calculation of a new TraceMark. Assuming that the current time period is tj and the current reader is RID_k, a new TraceMark (at 1802) is calculated using the old TraceMark (at 1804), the current reader ID RID_k (at 1806) and the EPC ID (at 1808) as:

TraceMai-kj = TraceMark_M XOR LSB₆₄(H[EPCIDIIRID₁J) (19)

where RID_k is a unique reader ID and LSB₆₄ means the least significant 64 bits are retained.

A demarking process is the reverse procedure of the marking process. Demarking can be carried out at any locations. Given the knowledge of the past reader IDs (e.g., as described/recorded in the E-pedigree), EPC ID and the current TraceMark, the former TraceMark can be derived as follows:

TraceMarkn = TraceMarkj XOR LSB₆₄(H[EPCIDIIRID_k]) (20)

It will be appreciated that as long as all past reader IDs are known and correct, the above equation (20) can be used to derive all past values of TraceMark and can retrieve the initialised values provided by the source (ie. the manufacturer 1608).

With regard to PIN control mechanisms and writing operations, when the current reader (ie. RID_k) recognizes a tag, it presents to the tag an old PIN (ie. assigned by a former reader RID_k-1 at time t_j). Assuming that at the current time period tj, the reader RID_k obtains an access key K_Ai, the reader RID_k can calculate the old PIN (PIN_j) by: PINj = LSB₃₂(H_KAJ [TraceMarkJ) (21 )

The old key K_AJ can be derived based on current access key K_A|. With up to three calculations, the old PIN (PIN_j) can be calculated. Once the old PIN is calculated, the current reader RID_k can launch the "access" command and convert the tag into a "secure" state. A new TraceMark (compare equation (19)) can then be written to the user memory and a new PIN is assigned as follows:

PINi = LSB₃₂(H_KAI [TraceMarki]) (22)

This new PIN overwrites the old PIN at memory bank 00 (see 106 of Figure 1) from address 20_h to 3F_h. It is noted again that the TraceMark can be read by any party but can only be written by those who present the correct access PIN.

Thus, selection of the public option means that all the reader IDs are processed without any privacy. Selection of the limited option can provide more privacy. Description of the limited option of the example embodiment is provided below.

To provide a limited privacy service, the reader IDs can be hidden in a form called pseudo-IDs (PIDs). Since the manufacturer 1608 has already dispatched the privacy key (K_LO) at time to, then at a time period t, a reader's ID (RID_k) can be converted to PIDi_ύ using a current privacy key K_u as:

In the example embodiment, therefore, the identification of the reader is hidden by secure-wrapping the identification using the current privacy key K_1J. It will be appreciated by a person skilled in the art that "secure-wrapping" can be achieved using, but not limited to, encryption techniques, encoding techniques etc. Thus, a new TraceMark at the time period t can be generated using PID_ki as:

TraceMarki = TraceMarkn XOR LSB₆₄(H[EPCIDIIPID_kJ]) (24) Thus, with the usage of pseudo-IDs, when a party wishes to demark the TraceMark, the party obtains the PID_ki first (such as from a signed transaction, e.g. the E-pedigree). The party can then demark and verify the result. However, it is noted that using PID_kj does not mean that the original reader ID cannot be found. Using equation (23), authorized parties (ie. using the updated privacy key Ky) can still derive the reader ID. The PIN control mechanisms for the limited option are substantially the same as those described with reference to equations (21) and (22).

Therefore, in the example embodiment, the limited option limits the knowledge of reader IDs within an authorized group. This can improve the privacy of the marking schemes.

After the description of the limited option, description of the private option of the example embodiment is provided below.

The private option can provide an even higher level of privacy protection than the limited option. Under this option, for anonymity, a reader can generate a random number and use it as an ID. However, it is desired that a reader can be identified for purposes such as resolving a dispute in a lawsuit. Thus, a "recoverable identity" (e.g. recoverable by a trusted third party) is provided. In the example embodiment, readers subscribe to the trust authority (TA) to obtain respective initial keys. Assuming that the TA holds a certified master key (K_M) (a current secret key), for a reader with an ID_k (i.e. RID_k), its new private key/initial key (K_k) is calculated as:

K_k = H_KM [RIDJ (25)

The reader can use this key to generate its own anonymous ID (AIDig) using the generated initial key K_k and ID (RID_k) as:

AIDn = H^[RIDJ 0=1. 2, ...) (26)

In other words, the reader identification is secure-wrapped using the new private key/initial key (K_k). A new TraceMark at the time period tj is generated as: TraceMarki = TraceMark_M XOR LSB₆₄(H[EPCID||AID_ki]) (27)

If any party wishes to demark the TraceMark, the party extracts the AID_ki first (such as from a signed transaction, e.g. the. E-pedigree). The party can then demark and verify the result. However, it will be appreciated that the party can have no way to derive the original reader ID (i.e. RID_k) from AID_kidue to equation (26).

In cases of dispute, the party can submit AID_ki to the TA and the TA can recover the original reader ID using the master key (based on equations (25) and (26)).

Under this option, the PIN control mechanisms are the substantially the same as those described with reference to equations (21) and (22).

In this example embodiment, offline verification can be carried out by any authorized reader in the intermediate organizations. Offline verification combines the described processes of demarking and PIN checking.

Figure 16 is a schematic diagram illustrating offline verification in the example embodiment. Given the current TraceMark (TraceMarki at 1902), the verifier can derive the last TraceMark (TraceMark_M at 1904) based on equation (20) (or reverse equations (24) and (27)). The verifier can calculate the old PIN using equation (21). The verification can proceed with demarking procedures only when the PIN is correct ie. when the PIN is successfully presented to the tag with the "Access" command. At a last stage e.g. at 1906, a final match between TraceMarko and H[EPCID||RID₀] can indicate a valid or invalid result. It will be appreciated that to carry out offline verification, the current verifier uses all the previous reader IDs. It can acquire this knowledge based on past transaction experiences or some public portals.

For an unauthorized reader or an end user without an authorized RFID interrogator/reader, a type of online verification can be made available. For online verification, the manufacturer sets up an online network connection and a web based online server. The end customer can obtain the EPC ID and TraceMark associated with a tag either from the retailer or using an unauthorized reader. It is noted that such information can be scanned from the tag due to their readability. The end customer requires the PIN to check the validity of the tag. As an example, assume that a user (e.g. Alice) is currently checking a tag with TraceMark,. Alice transmits the EPCID and TraceMarkj to the manufacturer. The manufacturer applies the key K_AJ and provides Alice with a PIN. Alice can conduct PIN checking on the tag by applying the received PIN to the tag. If the PIN is correct, Alice can feedback to the manufacturer a "valid" reading. Conversely, if the PIN is incorrect, Alice can feedback to the manufacturer an "invalid" reading. As an additional option, the trust center or the manufacturer can be configured to send Alice demarking results (e.g. by using reader IDs in the supply chain) once a "valid" reading is received from Alice.

It will be appreciated that any authorized reader (e.g. readers used in offline verification) can replace the manufacturer or trust center in providing the verification service for end customers. The benefits of the above verification procedure can be two folds e.g. it may be more convenient for Alice to connect her most trusted and nearby (local) verifiers in case of a global supply chain and it can also reduce the load at the manufacturer with such distributed trust services. It is noted that a number of interactions are involved for a complete verification.

As a case study for this example embodiment, a participant in several supply chains is considered.

Figure 17 is a schematic diagram 2000 illustrating a participant of a number of supply chains. The participant/retailer 2002 is participating in three supply chains 2004, 2006, 2008. In this case study, upon receiving goods (ie. attached with a tag) from Supply Chain 1 2004, the retailer 2002 may consider Supply Chain 1 2004 as a "non- privacy" chain and proceed to use its original ID in transaction documents as well as in the marking schemes previously described. Thus, the retailer 2002 chooses to insert its original ID RID (e.g. =ABCDEF) (see 2010) in the tag marking equations. When the mark on the tag is recovered at a later stage, the original ID is posed to the verifier. Further, assume that goods received from Supply Chain 2 2006 are placed in a limited option where the retailer's ID can be protected limitedly. For Supply Chain 2 2006, the retailer 2002 uses a pseudo-ID (e.g., PID=s&W-#v) (see 2012) for using the limited option. Thus, only authorized readers (in Supply Chain 2 2006) can recover the original ID of the retailer 2002. For Supply Chain 3 2008, assume that the retailer 2002 wishes to hide itself against all other parties (except a trust authority). The retailer 2002 can assign an AID (e.g., =xxxxxx, randomly) (see 2014) for marking tags so that only the trust authority can recover the original ID of the retailer 2002.

A security and privacy analysis is described below for this example embodiment.

In a "skimming" attack, an adversary can scan a tag and obtain the valid EPC ID and TraceMark on the tag. However, without a valid PIN, a cloned tag can be detected as a faulty tag immediately at an entry point of a supply chain. The described offline verification procedure can provide detection. For a moderately sophisticated adversary, the adversary may break a tag with a "reverse engineering" attack where the tag's PIN can be compromised. It is noted that a centralized solution (e.g. a database duplication detection mechanism) can detect such an attack. The example embodiment can fully protect tags from "skimming" attacks and can restrict "reverse "engineering" attacks to a limited time period. Further, a "reverse engineering" attack is typically time consuming and an adversary may not be able to fabricate a large bulk of tags in a short time period. Although an adversary may try guessing the PIN of a tag, guessing is highly impractical for 32 bits PIN lengths (and even more so for 64 bits PIN lengths).

It is noted that other stronger attacks such as database attacks, active attacks (e.g., man-in-the-middle attacks) and eavesdropping are not assumed. A "key disclosure" attack, which is appreciated to be quite strong, can be analysed with this example embodiment. Assume that at time t, an updated key (K_N) is captured by an adversary. The key can be used to generate all marks as well as PINs as long as they are based on the same key chain. The adversary is free to clone the tags (ie. pretending to be an authorized reader) and push the cloned tags to any downstream players. The cloned tags may not be detected if the downstream players do not check the immediate source of the tags/goods or if they collude with the adversary. In such a situation, incentive mechanisms (or more strict policies) for downstream players or end customers may be implemented to update transactions to solve the above problem centrally.

For the privacy analysis, for the limited option, an adversary has to capture a correct privacy key (e.g. K_u) at time t, to recover a hidden ID. Even if a brute force attack is used, it takes about 2^L/2 times of calculation to obtain the key. It will be appreciated that such an attack can be computationally impossible (e.g., for L=160 bits). For the private option, it is equally difficult for repeating the attack on an individual key (ie. generated by the master key of the trust authority) for recovering the original ID from an anonymous ID (AID). It will be appreciated that the private option can defend against a colluding attack, where an authorized reader colludes with an outsider to share its knowledge on captured PIDs, since only the trust authority is able to recover reader IDs. Thus, flexible privacy protection can be provided by the example embodiment for participants in a supply chain.

Following the description of the security and privacy analysis, a performance evaluation of the example embodiment is described below.

A simplified deployment model is assumed: a trust center or manufacturer attaches up to 2²⁰ (about 1 million) tags to 2²⁰ items of a product. For the whole lifecycle of a tag in the supply chain, as denoted as T, T is divided into 2²⁰ time pieces. If at time to, the manufacturer initializes the system, 3x2²⁰ hash computations (ie. for generating 2 hash chains and initializing each tag's mark) and 2²⁰ keyed hash computations (ie. for generating the initial PIN of each tag) are completed by the manufacturer. Given 1 μs per hash operation over a short message, the manufacturer takes about 4 seconds for system setup. Additionally, the manufacturer takes a few milliseconds for signature generation. However, the above computation time is negligible compared with configuration time for programming the tags. Suppose for each tag, the initial PIN and TraceMark, together with the EPC ID, are all field programmed into the tag at once, the security overheads may thus be negligible as well at the manufacturer. After initialization, the manufacturer updates the key periodically (e.g. 2²⁰ times). Moreover, the manufacturer provides online verification service to disruptive requests. To participate in this supply chain, an intermediate reader subscribes at the manufacturer before any transaction happens. Subsequently, periodical key updates are received with the setting up of a secure channel for each operation. With each received tag, the reader performs several hash operations for checking its mark and refreshing the mark, as well as hiding its ID. These computations are also negligible compared with the writing operation (e.g. the computation overhead takes a few microseconds while a writing operation is counted in a scale of milliseconds). The reader does have one more write operation (ie. via the "Access" and "Write" commands) instead of having only a read operation. This can result in a major security overhead on processing a single tag at each site. The above example embodiment can preferably be used in cases where multiple tags are tied up in their whole life cycle along a supply chain.

The above described example embodiments may be used in a number of anti- counterfeiting scenarios such as for item level tag processing (e.g. using the basic marking process) and for case level tag processing(e.g. using the batch marking process). Such scenarios can include applications in the drug industry e.g. complimenting the existing anti-counterfeiting standards efforts of the US FDA, namely E-pedigree, as a smart pedigree-on-the-tag solution; as general anti-counterfeiting mechanisms which are transparently embedded into overall anti-counterfeiting platforms for serving various markets such as cigarette, liquor, apparel, dangerous goods or expensive goods markets; or in generic track and trace approaches of any supply chain used in wide industry cases. Additionally, in scenarios where multiple tags are tied up in their whole life cycle along a supply chain, the above described example embodiment for the undetachable marking process may be suitable. Such scenarios can include applications in Pharmaceutical distribution e.g. where a certain medication is to be dispensed together with a leaflet describing its side effects; in manufacturing industries e.g. where one or several components are attached together for providing safety checks; or in the anti-counterfeiting industry where the undetachable marking process can be embedded into overall anti-counterfeiting platforms for serving various markets such as cigarette, liquor, apparel, dangerous goods or expensive goods markets.

It will be appreciated by a person skilled in the art that numerous variations and/or modifications may be made to the present invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects to be illustrative and not restrictive.

Claims

1. A method for marking and verifying an information tag, the method comprising generating a plurality of secret keys; transmitting one or more of the secret keys to one or more authorised marking units; and at each authorised marking unit, receiving the information tag; deriving a current access password based on a current mark associated with the information tag using one of the secret keys and verifying the current mark; setting the information tag into a rewriteable -state using the derived current access password; generating a new mark and a new access password; and writing at least one of the new mark and the new access password into one or more rewriteable portions of the information tag.

2. The method as claimed in claim 1, wherein the new mark and the new access password are generated using a different one of the secret keys.

3. The method as claimed in claims 1 or 2, wherein verifying the current mark is based on whether or not access is allowed to set the information tag into a rewriteable state using the derived current access password.

4. The method as claimed in any one of claims 1 to 3, further comprising generating an initial mark; transmitting the initial mark to said one or more authorised marking units; at each authorised marking unit, deriving one or more previous marks based on the current mark using said one of the secret keys; and verifying the information tag as authentic based on matching one of the previous marks to the initial mark.

5. The method as claimed in any one of claims 1 to 4, for a batch marking scenario, the method further comprising at each authorised marking unit, mapping the information tag to another information tag based on the current mark; deriving a current access password for said another information tag using said one of the secret keys; setting said another information tag into a rewriteable state using the derived current access password for said another information tag; generating a new mark and a new access password for said another information tag; and writing the new mark and the new access password into one or more rewriteable portions of said another information tag.

6. The method as claimed in any one of claims 1 to 4, for an undetachable tag marking scenario, the method further comprising at each authorised marking unit, reading the current mark from a first other information tag; writing the new mark into said one or more rewriteable portions of the information tag; and writing the new access password into one or more rewriteable portions of a second other information tag.

7. The method as claimed in any one of claims 1 to 6, wherein the new mark functions as the new access password.

8. The method as claimed in claim 7, wherein the new access password is written into a password accessible rewriteable portion of the information tag.

9. The method as claimed in any one of claims 1 to 8, further comprising, at an unauthorised marking unit, receiving the information tag; reading the current mark associated with the information tag; transmitting the current mark to a trusted party; obtaining the current access password derived based on the current mark from the trusted party and verifying the current mark.

10. The method as claimed in any one of claims 1 to 9, further comprising secure-wrapping an identification of the authorised marking unit using one of the secret keys.

11. The method as claimed in any one of claims 1 to 9, further comprising generating a new private key using a current secret key and an identification of the authorised marking unit; and secure-wrapping the identification using the new private key.

12. A system for marking and verifying an information tag, the system comprising a trust center generating a plurality of secret keys and transmitting one or more of the secret keys to one or more authorised marking units; and each authorised marking unit comprises a processor for deriving a current access password based on a current mark associated with the information tag using one of the secret keys and verifying the current mark; setting the information tag into a rewriteable state using the derived current access password and generating a new mark and a new access password; and a writing module for writing at least one of the new mark and the new access password into one or more rewriteable portions of the information tag.

13. The system as claimed in claim 12, wherein the new mark and the new access password are generated using a different one of the secret keys .

14. The system as claimed in claims 12 or 13, wherein the processor verifies the current mark based on whether or not access is allowed to set the information tag into a rewriteable state using the derived current access password.

15. The system as claimed in any one of claims 12 to 14, further comprising the trust center generating an initial mark and transmitting the initial mark to said one or more authorised marking units; at each authorised marking unit, the processor deriving one or more previous marks based on the current mark using said one of the secret keys and verifying the information tag as authentic based on matching one of the previous marks to the initial mark.

16. The system as claimed in any one of claims 12 to 15, for a batch marking scenario, the system further comprising at each authorised marking unit, the processor mapping the information tag to another information tag based on the current mark; the processor deriving a current access password for said another information tag using said one of the secret keys; the processor setting said another information tag into a rewriteable state using the derived current access password for said another information tag; the processor for generating a new mark and a new access password for said another information tag; and the writing module writing the new mark and the new access password into one or more rewriteable portions of said another information tag.

17. The system as claimed in any one of claims 12 to 15, for an undetachable tag marking scenario, the system further comprising at each authorised marking unit, a reader module for reading the current mark from a first other information tag; and the processor writing the new mark into said one or more rewriteable portions of the information tag and writing the new access password into one or more rewriteable portions of a second other information tag.

18. The system as claimed in any one of claims 12 to 17, wherein the new mark functions as the new access password.

19. The system as claimed in claim 18, wherein the new access password is written into a password accessible rewriteable portion of the information tag.

20. The system as claimed in any one of claims 12 to 19, further comprising, at an unauthorised marking unit, the unauthorised marking unit comprising a reader module for reading the current mark associated with the information tag; a transmitting module for transmitting the current mark to a trusted party; a receiving module for obtaining the current access password derived based on the current mark from the trusted party and verifying the current mark.

21. The system as claimed in any one of claims 12 to 20, further comprising the processor secure-wrapping an identification of the authorised marking unit using one of the secret keys.

22. The system as claimed in any one of claims 12 to 20, further comprising the processor generating a new private key using a current secret key and an identification of the authorised marking unit; and secure-wrapping the identification using the new private key.

23. A computer readable data storage medium having stored thereon computer code means for instructing a processor of a marking unit to execute a method of marking and verifying a received information tag, the method comprising: generating a plurality of secret keys; transmitting one or more of the secret keys to one or more authorised marking units; and at each authorised marking unit, receiving the information tag; deriving a current access password based on a current mark associated with the information tag using one of the secret keys and verifying the current mark; setting the information tag into a rewriteable state using the derived current access password; generating a new mark and a new access password; and writing at least one of the new mark and the new access password into one or more rewriteable portions of the information tag.