WO2012067487A1 - A system and method for providing integrity verification in radio frequency identification (rfid) - Google Patents

A system and method for providing integrity verification in radio frequency identification (rfid) Download PDF

Info

Publication number
WO2012067487A1
WO2012067487A1 PCT/MY2011/000109 MY2011000109W WO2012067487A1 WO 2012067487 A1 WO2012067487 A1 WO 2012067487A1 MY 2011000109 W MY2011000109 W MY 2011000109W WO 2012067487 A1 WO2012067487 A1 WO 2012067487A1
Authority
WO
WIPO (PCT)
Prior art keywords
rfid tag
rfid
integrity
integrity value
value
Prior art date
Application number
PCT/MY2011/000109
Other languages
French (fr)
Inventor
Mohd Faizal Bin Mubarak
Jamalul-Lail Abd Manan
Abdulrahman Ahmed Abdu Muthana
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Berhad filed Critical Mimos Berhad
Publication of WO2012067487A1 publication Critical patent/WO2012067487A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • Back End Server (10) trust RFID tag (RT) when integrity value of RFID tag matches (20) integrity value stored in Back End Server (10) (322), else Back End Server (10) does not trust RFID tag (20) when integrity value of RFID tag does not match (20) integrity value stored in Back End Server (10) (324).
  • Machine readable instruction services (SS) (28) from Trusted Service Server (TSS) (26) measures machine readable instruction module (SM) (22) and configurations and stores measurement value in trusted platform module (TPM) (21).
  • Service ticket generator (STG) (29) generates new service ticket from RFID tag (RT) (20) and stores it in trusted platform module (TPM) (21).
  • RFID tag (RT) (20) through machine readable instruction module (SM) (22) retrieves service ticket and integrity value from trusted platform module (TPM) (21). Thereafter, machine readable instruction (SM) (22) encrypts the same through encryption engine (EE) and sends it to RFID device (RD) (14) and Back End Server (10) for verification.
  • EE encryption engine

Abstract

The present invention provides a trusted Radio Frequency Identification (RFID) system for providing integrity verification using Trusted Platform Module (TPM). The system comprises a RFID tag, a Trusted Service Server (TSS), a RFID device and a Back End Server (BES), each comprising an embedded TPM storing the integrity values. The TSS also comprises a service ticket list, service ticket generator, verification engine and encryption engine. The integrity value of RFID device is sent to BES which is verified by comparing it to integrity value stored in BES. Then integrity value of BES is sent to RFID device, which is verified by comparing it to integrity value stored in RFID device. Then integrity value of RFID device is sent to RFID tag and is verified by comparing it to integrity value stored in RFID tag and requesting machine readable instructions as service from TSS by RFID tag.

Description

A SYSTEM AND METHOD FOR PROVIDING INTEGRITY VERIFICATION IN RADIO
FREQUENCY IDENTIFICATION (RFID)
FIELD OF INVENTION
The present invention relates to a system and method for providing integrity verification in Radio Frequency Identification (RFID) using Trusted Platform Module (TPM).
BACKGROUND ART
Radio Frequency Identification (RFID) tags are intelligent bar codes that communicate information to a networked system and are applied to or incorporated into a tangible medium, such as, a product, animal, or person for the purpose of identification and tracking via radio waves. RFID system which does not provide for platform integrity verification is not trustable as it can be easily tampered and compromised by any adversary system. RFID system which does not provide for platform integrity verification is easily accessible by malware through machine instructions which exposed the application to security threats. In addition, security capabilities of the RFID tag is limited due to low resources in the tag.
Thus, establishing trusted Radio Frequency Identification (RFID) environment by embedding trusted platform module (TPM) in Radio Frequency Identification (RFID) system for integrity verification provides for a trusted environment. Trusted platform module (TPM) is tamper proof and produces encryption keys, identity keys and also providing integrity values. The ability of trusted platform module (TPM) as tamper proof security product is used to provide platforms integrity verifications in Radio Frequency Identification (RFID) system.
The system and method of the present invention establishes a trusted RFID environment by embedding a trusted platform module (TPM) in RFID system. Thereafter, integrity verification is performed on RFID device, tag and back end server. A trusted service server is providing services in RFID tag to compensate for limitation of resources within RFID tag. The present invention also provides for protection of secret keys and data by sealing and storing the said data in the non-volatile memory of trusted platform module (TPM) in RFID tag, RFID device and back-end server. In addition, mutual attestation is provided between RFID device and back end server as well as between RFID device and RFID tag.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one exemplary technology area where some embodiments described herein may be practice.
SUMMARY OF INVENTION
The present invention provides trusted Radio Frequency Identification (RFID) system (100) for providing integrity verification using Trusted Platform Module (TPM) The system (100) comprises at least one RFID tag, at least one Trusted Service Server (26), at least one RFID device (14) and at least one Back End Server (10). The at least one RFID tag (20) comprises at least one machine readable instruction module (22) and at least one embedded trusted platform module (21), the at least one machine readable instruction module (22) further comprises at least one verification engine (23) and at least one encryption engine (25).
The said Trusted Service Server (26) comprises at least one machine readable instruction services (28), at least one service ticket list (32) and at least one embedded trusted platform module (27), the said machine readable instruction services (28) further comprises at least one service ticket generator (29), at least one verification engine (30) and at least one encryption engine (31).
The said RFID device (14) comprises at least one attestation module (16), at least one service ticket list (17) and at least one embedded trusted platform module, the said attestation module (16) further comprises at least one encryption engine (19) and the said Back End Server (10) comprises at least one attestation module (13), at least one database (12) and at least one embedded trusted platform module (11).
Another aspect of the present invention provides a method (200) for providing integrity verification in Radio Frequency Identification (RFID) system using Trusted Platform Module. The method (200) comprising steps of sending integrity value of RFID device (14) to Back End Server (10) (202), verifying integrity value of RFID device (14) (204), comparing integrity value of RFID device (14) to integrity value stored in Back End Server (10) (206), sending integrity value of Back End Server (10) to RFID device (14) when integrity value of RFID device (14) matches integrity value stored in Back End Server (10) (208) else verification is terminated, verifying integrity value of Back End Server (10) (210), comparing integrity value of Back End Server (10) to the integrity value stored in RFID device (14) (212) else verification is terminated, sending integrity value of RFID device (14) to RFID tag (20) when integrity value of RFID device (14) matches integrity value stored in RFID tag (20) (214) else verification is terminated, verifying integrity value of the RFID device (216), comparing integrity value of RFID device (14) to integrity value stored in RFID tag (20) (218) and requesting machine readable instructions as service from Trusted Service Server (26) by RFID tag (20) when integrity value of RFID device matches integrity value stored in RFID tag (20) (220).
A further aspect of the present invention provides a further method (300) for providing integrity verification in Radio Frequency Identification (RFID) system using Trusted Platform Module. The method (300) comprising steps of verifying service ticket of RFID tag (20) to value stored in Trusted Service Server (26) (302), comparing service ticket value of RFID tag (RT) to value stored in Trusted Service Server (26) (304), connecting RFID tag (20) to Trusted Service Server (26) when service ticket value of RFID tag (20) matches value stored in Trusted Service Server (26) (306) else verification is terminated, measuring components of RFID tag (20) and storing the said measurements in trusted platform module (27) of Trusted Service Server (26) (308), sending service ticket and integrity value of RFID tag (20) to RFID device (14) (310), verifying service ticket of RFID tag (20) (312), comparing value of service ticket of RFID tag (20) with value stored in RFID device (14) (314), sending integrity value of RFID tag (20) to Back End Server (10) when value of service ticket of RFID tag (20) matches value stored in RFID device (14) (316) else verification is terminated, verifying integrity value of RFID tag (20) (318), and comparing integrity value of RFID tag (20) to integrity value stored in Back End Server (10) (320). Back End Server (10) trust RFID tag (RT) when integrity value of RFID tag matches (20) integrity value stored in Back End Server (10) (322), else Back End Server (10) does not trust RFID tag (20) when integrity value of RFID tag does not match (20) integrity value stored in Back End Server (10) (324).
The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention. BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which: FIG. 1 illustrates the Radio Frequency Identification (RFID) attestation system using trusted platform module (TPM).
FIG. 2 is a flowchart illustrating a method for providing integrity verification in Radio Frequency Identification (RFID) system using Trusted Platform Module (TPM).
FIG.3 is a flowchart illustrating a further embodiment of the method of FIG. 2.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
The present invention provides a system and method for providing integrity verification in Radio Frequency Identification (RFID) using Trusted Platform Module (TPM). Hereinafter, this specification will describe the present invention according to the preferred embodiments. It is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned without departing from the scope of the appended claims. Reference is first being made to FIG.1. FIG. 1 illustrates Radio Frequency Identification (RFID) attestation system using trusted platform module (TPM). Attestation is closely related to authentication wherein attestation is a process of assuring that information is accurate for trusted platform. This is such that trust in the system is based on taking measurements and checking measurements. As illustrated in FIG. 1 , a trusted Radio Frequency Identification (RFID) system (100) for providing integrity verification using trusted platform module (TPM) comprising at least one RFID tag (RT) (20), at least one Trusted Service Server (TSS) (26), at least one RFID device (RD) (14) and at least one Back End Server (BS) (10). The at least one RFID tag (RT) (20) comprises at least one machine readable instruction module (SM) (22) and at least one embedded trusted platform module (TPM) (21). The at least one machine readable instruction module (SM) (22) further comprises at least one verification engine (V) (23) and at least one encryption engine (EE) (25). The at least one Trusted Service Server (TSS) (26) comprises at least one machine readable instruction services (SS) (28), at least one service ticket list (STL) (32) and at least one embedded trusted platform module (TPM) (27). The at least one machine readable instruction services (SS) (28) further comprises at least one service ticket generator (STG) (29), at least one verification engine (V) (30) and at least one encryption engine (EE) (31).
The at least one RFID device (RD) (14) comprises at least one attestation module (AM) (16), at least one service ticket list (STL) (17) and at least one embedded trusted platform module (TPM), the at least one attestation module (AM) (16) further comprises at least one encryption engine (EE) (19) and the at least one Back End Server (BS) (10) comprises at least one attestation module (AM) (13), at least one database (DB) (12) and at least one embedded trusted platform module (TPM) (11).
The at least one encryption engine (EE) (19, 25, 31) encrypts transaction of RFID device (RD) (14), RFID tag (RT) (20) and Trusted Service Server (TSS) (26). In addition, the at least one encryption engine (19, 25, 31) is of Advance Encryption Standard (AES) platform or its equivalent. In addition, the at least one service ticket list (STL) (17,32) stores value for verification of service ticket.
The integrity values of RFID device (RD) (14) and RFID tag (RT) (20) are stored in database (DB) (12) inside the Back End Server (BS) (10). Trusted platform module (TPM) is embedded in RFID tag (RT) (20) to improve integrity measurement and reporting capabilities of the tag. Attestation module (AM) (16) of RFID device (14) retrieves integrity value from TPM (15), encrypts the data and thereafter sends it to the back-end server (BS) (10) for verification. The Back End Server (BS) receives integrity value of the RFID device (RD) through the (14) attestation module (AM) (13) and verifies it with the integrity value stored in the database (DB) (12). The integrity verification is successful if the integrity value of RFID device matches the integrity value stored in the database (DB) (12) that provides for a trusted RFID device (RD) (14) where the back- end server can trust the RFID device (RD) (14).
The RFID device (RD) (14) is installed by integrity value of Back End Server (BS) (10) and RFID tag (RT) (20) service ticket list (STL) (17) in the non-volatile memory of trusted platform module (TPM) (15). The attestation module (AM) (13) retrieves integrity value from trusted platform module (TPM) (11), encrypts data and thereafter sends it to RFID device (RD) (14) for verification. RFID device (RD) (14) receives integrity value of Back End Server (BS) (10) and verifies it with value in trusted platform module (TPM). Integrity verification is successful if the integrity value of Back End Server matches the integrity value of Back End Server which is stored in in the TPM (15) inside RFID device which provides for trusted Back End Server (BS) (10) wherein RFID device (RD) (14) can trust the Back End Server (BS) (10). RFID tag (RT) (20) is installed with integrity values of Back End Server and RFID device (RD) (14) in the non-volatile memory of the TPM (21). RFID device (RD) (14) receives integrity value from trusted platform module (TPM) (15) and integrity value of Back End Server (BS) (10). Both integrity values of RFID device and Back End Server are encrypted using encryption engine (EE) (19) inside RFID device. Thereafter, integrity values are sent to RFID tag (RT) (20) for verification. RFID tag (RT) (20) receives RFID device (RD) (14) and Back End Server (BS) (10) integrity values through verification engine (V) (23) of machine readable instruction module (SM) (22) and verifies it with integrity values of RFID device and Back End Server which is stored in trusted platform module (TPM) (21) inside RFID tag. The integrity verification is successful if integrity values of RFID device and Back End Server matches to the integrity values stored in the TPM (15) inside RFID tag which means that RFID device (RD) (14) and back-end server (BS) (10) verification is successful and provides for a trusted RFID device (RD) (14) and back-end server (BS) (10) wherein the RFID tag (RT) (20) can trust the RFID device (RD) (14) and back-end server (BS) (10).
The RFID tag (RT) (20) is installed with a service ticket from the Service Ticket Generator (STG) (29) in the trusted service server (TSS) (26). The RFID tag (20) requests for service from trusted service server (TSS) (26). RFID tag (RT) (20) retrieves service ticket from trusted platform module (TPM) (21) through machine readable instruction module (SM) (22). Thereafter, machine readable instruction module (SM) (22) encrypts service ticket through encryption engine (EE) (25) and sends it to trusted service server (TSS) (26) for verification. Trusted service server (TSS) (26) receives RFID tag (RT) (20) service ticket through machine readable instruction service (SS) (28) and thereafter verify service ticket through verification engine (V) (30) based on value from service ticket list (STL) (32). The RFID tag (RT) (20) verification is successful if service ticket from RFID tag matches service ticket in service ticket list (STL) (32) wherein Trusted service server (TSS) (26) can provide services to RFID tag (RT) (20).
Machine readable instruction services (SS) (28) from Trusted Service Server (TSS) (26) measures machine readable instruction module (SM) (22) and configurations and stores measurement value in trusted platform module (TPM) (21). Service ticket generator (STG) (29) generates new service ticket from RFID tag (RT) (20) and stores it in trusted platform module (TPM) (21). RFID tag (RT) (20) through machine readable instruction module (SM) (22) retrieves service ticket and integrity value from trusted platform module (TPM) (21). Thereafter, machine readable instruction (SM) (22) encrypts the same through encryption engine (EE) and sends it to RFID device (RD) (14) and Back End Server (10) for verification.
RFID device (RD) (14) receives RFID tag (20) service ticket and verifies service ticket from RFID tag with service ticket from service ticket list (STL) (17) inside RFID device. The RFID tag (RT) (20) ticket verification is successful if service ticket from RFID tag matches service ticket in service ticket list (STL) (17) wherein RFID device (RD) (14) sends integrity value of RFID tag (20) to be verified by Back End Server (10). Back End Server (10) receives integrity value of RFID tag (20) and verifies it with value in database (DB) (12). RFID tag (RT) (20) verification is successful if integrity value of RFID tag matches the integrity value in database (DB)(12) which provides for Back End Server (BS) (10) to trust RFID tag (RT) (20).
Reference is now being made to FIGs. 2 and 3 respectively. FIG. 2 is a flowchart illustrating a method for providing integrity verification in Radio Frequency Identification (RFID) system using Trusted Platform Module (TPM) and FIG.3 is a flowchart illustrating a further embodiment of the method of FIG. 2. As illustrated in FIG. 2 and FIG. 3, RFID device (RD) (14) sends integrity value to Back End Server (BS) (10) (202). Thereafter, integrity value of RFID device (RD) (14) is verified (204) and integrity value of RFID device (RD) (14) is compared to integrity value stored in Back End Server (BS) (10) (206). Integrity value of Back End Server (BS) (10) is sent to RFID device (RD) (14) when integrity value of RFID device (RD) (14) matches integrity value stored in Back End Server (BS) (10) (208) .Verification is terminated if a match is not found.
Subsequently, integrity value of Back End Server (BS) (10) is verified (210) and integrity value of Back End Server (BS) (10) is compared to integrity value stored in RFID device (RD) (14) (212). Integrity value of RFID device (RD) (14) is sent to RFID tag (RT) (20) when integrity value of RFID device (RD) (14) matches integrity value stored in RFID tag (RT) (20) (214) else verification is terminated. Integrity value of RFID device is thereafter being verified (216). Integrity value of RFID device (RD) (14) is compared to integrity value stored in RFID tag (RT) (20) (218) and machine readable instructions is requested as service from Trusted Service Server (TSS) (26) by RFID tag (RT) (20) when integrity value of RFID device (RD) matches integrity value stored in RFID tag (RT) (20) (220).
Further, as illustrated in FIG. 3, service ticket of RFID tag (RT) (20) is verified to value stored in Trusted Service Server (TSS) (26) (302). The service ticket value of RFID tag (RT) (20) is compared to service ticket stored in Trusted Service Server (TSS) (26) (304). RFID tag (RT) (20) is connected to Trusted Service Server (TSS) (26) when service ticket value of RFID tag (RT) (20) matches service ticket stored in Trusted Service Server (TSS) (26) (306) else verification is terminated.
Subsequently, components of RFID tag (RT) (20) is measured and stored in trusted platform module (TPM) (27) of Trusted Service Server (TSS) (26) (308). Service ticket and integrity value of RFID tag (RT) (20) is sent to RFID device (RD) (14) (310). Thereafter, service ticket of RFID tag (RT) (20) is verified (312) and value of service ticket of RFID tag (RT) (20) is compared to service ticket stored in RFID device (RD) (14) (314). Integrity value of RFID tag (RT) (20) is sent to Back End Server (BS) (10) when value of service ticket of RFID tag (RT) (20) matches service ticket stored in RFID device (RD) (14) (316) else verification is terminated. Integrity value of RFID tag (RT) (20) (318) is verified and integrity value of RFID tag (RT) (20) is compared to integrity value stored in Back End Server (BS) (10) (320).
Back End Server (BS) (10) trust RFID tag (RT) (20) when integrity value of RFID tag (RT) matches (20) integrity value stored in Back End Server (BS) (10) (322) and Back End Server (BS) (10) does not trust RFID tag (RT) (20) when integrity value of RFID tag (RT) does not match (20) integrity stored in Back End Server (BS) (10) (324). Integrity value of the present invention is measured at boot time.
The system and method of the present invention establishes a trusted RFID environment by embedding a trusted platform module (TPM) in RFID system. Thereafter, integrity verification is performed on RFID device, tag and back end server. A trusted service server is provided to provide services in RFID tag to compensate for limitation of resources within RFID tag. The present invention may be embodied in other specific forms without departing from its essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore indicated by the appended claims rather than by the foregoing description. All changes, which come within the meaning and range of equivalency of the claims, are to be embraced within their scope.

Claims

A trusted Radio Frequency Identification (RFID) system (100) for providing integrity verification using Trusted Platform Module comprising:
at least one RFID tag (20);
at least one Trusted Service Server (26);
at least one RFID device (14); and
at least one Back End Server (10);
wherein the at least one RFID tag (20) comprises at least one machine readable instruction module (22) and at least one embedded trusted platform module (21), the at least one machine readable instruction module (22) further comprises at least one verification engine (23) and at least one encryption engine (25); the at least one Trusted Service Server (26) comprises at least one machine readable instruction services (28), at least one service ticket list (32) and at least one embedded trusted platform module (27), the at least one machine readable instruction services (28) further comprises at least one service ticket generator (29), at least one verification engine (30) and at least one encryption engine (31); the at least one RFID device (14) comprises at least one attestation module (16), at least one service ticket list (17) and at least one embedded trusted platform module, the at least one attestation module (16) further comprises at least one encryption engine (19); and the at least one Back End Server (10) comprises at least one attestation module (13), at least one database (12) and at least one embedded trusted platform module (11).
2. The at least one RFID tag (20) according to Claim 1 wherein the at least one machine readable instruction module (22) retrieves service ticket and integrity values from the at least one embedded trusted platform module (21);
the at least one verification engine (23) verifies integrity values of the at least one RFID device (14) and the at least one back-end server (10) of which integrity values are stored in trusted platform module (1 1 , 21); verifies integrity value of Trusted Service Server (26) by retrieving the said integrity value from trusted platform module (27); and the at least one encryption engine encrypts transaction of the at least one RFID tag (20).
3. The at least one Trusted Service Server (26) according to Claim 1 wherein the at least one machine readable instruction services (28) measures components of the at least one RFID tag (20) and stores it in trusted platform module (27); the at least one service ticket list (32) stores value for verification of service ticket; the at least one service ticket generator (29) generates service ticket from RFID tag (20) and stores service ticket in trusted platform module (21); the at least one encryption engine (31 ) encrypts transaction of the at least one Trusted Service Server (26); the at least one verification engine (30) verifies service ticket of RFID tag (20) with value of service ticket list (32) which is stored in trusted platform module;
wherein RFID tag (20) ticket verification is successful when value of service ticket of RFID tag (20) matches value of service ticket list (32) and further enables Trusted Service Server (26) to provide machine readable instruction services to RFID tag (20).
The at least one RFID device (14) according to Claim 1 wherein the at least one attestation module (16) receives integrity value of Back End Server (10) and verifies it with value stored in trusted platform module (15);
integrity verification of Back End Server (10) is successful when integrity value of Back End Server (10) matches value stored in trusted platform module (15) which indicates that RFID device (14) can trust Back End Server (10); receives service ticket of RFID tag (20) and verifies service ticket with value from service ticket list (17);
verification of RFID tag (20) ticket is successful when service ticket matches with value from service ticket list (17) which further allows device (14) to send integrity value of RFID tag (20) for verification of Back End Server (10); the at least one encryption engine (19) encrypts transaction of the at least one RFID device (14); and the at least one service ticket list (17) stores value for verification of service ticket.
The at least one Back End Server (10) according to Claim 1 wherein the at least one attestation module (13) receives integrity value of RFID device (14) and verifies integrity value with value stored in database (12);
integrity verification is successful when integrity value of RFID device (14) matches integrity value stored in database (12) which indicates that Back End Server (10) can trust RFID device (14).
The system according to Claim 1 , wherein the at least one Trusted Service Server (26) can be implemented in trusted platform module based machine or virtual trusted platform module .
7. The system according to Claim 1 , wherein the at least one encryption engine (19, 25, 31) is of Advanced Encryption Standard (AES) platform or its equivalent.
8. A method (200) for providing integrity verification in Radio Frequency Identification (RFID) system using Trusted Platform Module comprising steps of:
sending integrity value of RFID device (14) to Back End Server (10) (202);
verifying integrity value of RFID device (14) (204);
comparing integrity value of RFID device (1 ) to integrity value stored in
Back End Server (10) (206);
sending integrity value of Back End Server (10) to RFID device (14) when integrity value of RFID device (14) matches integrity value stored in Back
End Server (10) (208) else verification is terminated;
verifying integrity value of Back End Server (10) (210);
comparing integrity value of Back End Server (10) to integrity value stored in RFID device (14) (212);
sending integrity value of RFID device (14) to RFID tag (20) when integrity value of RFID device (14) matches integrity value of RFID tag (RT) (214) else verification is terminated;
verifying integrity value of the RFID device (216);
comparing integrity value of RFID device (14) to integrity value stored in RFID tag (20) (218); and
requesting machine readable instructions as service from Trusted Service Server (26) by RFID tag (20) when integrity value of RFID device matches integrity value stored in RFID tag (20) (220).
9. The method (300) according to Claim 8 further comprising steps of:
verifying service ticket of RFID tag (20) to service ticket stored in Trusted Service Server (26) (302);
comparing service ticket value of RFID tag (20) to service ticket stored in Trusted Service Server (26) (304);
connecting RFID tag (20) to Trusted Service Server (26) when service ticket value of RFID tag (20) matches service ticket stored in Trusted Service Server (26) (306) else verification is terminated;
measuring components of RFID tag (20) and storing the said measurements in trusted platform module (27) of Trusted Service Server (26) (308);
sending service ticket and integrity value of RFID tag (20) to RFID device (RD) (310);
verifying service ticket of RFID tag (20) (312);
comparing value of service ticket of RFID tag (20) to service ticket stored inRFID device (14) (314);
sending integrity value of RFID tag (20) to Back End Server (10) when value of service ticket of RFID tag (20) matches service ticket stored in RFID device (14) (316) else verification is terminated;
verifying integrity value of RFID tag (20) (318);
comparing integrity value of RFID tag (20) to integrity value stored in
Back End Server (10) (320);
Back End Server (10) trust RFID tag (20) when integrity value of RFID tag matches(20) integrity value stored in Back End Server (10) (322); else
Back End Server (10) does not trust RFID tag (20) when integrity value of RFID tag (20) does not match integrity value stored in Back End Server (10) (324).
10. The method according to Claim 8 and 9, wherein integrity value is measured at boot time.
PCT/MY2011/000109 2010-11-16 2011-06-17 A system and method for providing integrity verification in radio frequency identification (rfid) WO2012067487A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2010005380 2010-11-16
MYPI2010005380A MY155079A (en) 2010-11-16 2010-11-16 A system and method for providing integrity verification in radio frequency identification (rfid)

Publications (1)

Publication Number Publication Date
WO2012067487A1 true WO2012067487A1 (en) 2012-05-24

Family

ID=46084249

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2011/000109 WO2012067487A1 (en) 2010-11-16 2011-06-17 A system and method for providing integrity verification in radio frequency identification (rfid)

Country Status (2)

Country Link
MY (1) MY155079A (en)
WO (1) WO2012067487A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104038478A (en) * 2014-05-19 2014-09-10 瑞达信息安全产业股份有限公司 Embedded platform identity authentication trusted network connection method and system
CN109587152A (en) * 2018-12-14 2019-04-05 济南浪潮高新科技投资发展有限公司 A kind of method and system based on encoding and decoding encrypted media gateway
CN112887286A (en) * 2021-01-15 2021-06-01 西安电子科技大学 Lightweight RFID identity authentication method and system based on cloud server
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007027302A2 (en) * 2005-08-31 2007-03-08 Skyetek, Inc. Rfid security system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007027302A2 (en) * 2005-08-31 2007-03-08 Skyetek, Inc. Rfid security system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MUBARAK, M ET AL.: "Mutual Attestation Using TPM for Trusted RFID Protocol", 2010 SECOND INTERNATIONAL CONFERENCE ON NETWORK APPLICATIONS, PROTOCOLS AND SERVICES, 22 September 2010 (2010-09-22), pages 153 - 158, XP031801566 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104038478A (en) * 2014-05-19 2014-09-10 瑞达信息安全产业股份有限公司 Embedded platform identity authentication trusted network connection method and system
US11213773B2 (en) 2017-03-06 2022-01-04 Cummins Filtration Ip, Inc. Genuine filter recognition with filter monitoring system
CN109587152A (en) * 2018-12-14 2019-04-05 济南浪潮高新科技投资发展有限公司 A kind of method and system based on encoding and decoding encrypted media gateway
CN112887286A (en) * 2021-01-15 2021-06-01 西安电子科技大学 Lightweight RFID identity authentication method and system based on cloud server
CN112887286B (en) * 2021-01-15 2021-11-19 西安电子科技大学 Lightweight RFID identity authentication method and system based on cloud server

Also Published As

Publication number Publication date
MY155079A (en) 2015-08-28

Similar Documents

Publication Publication Date Title
CN108667608B (en) Method, device and system for protecting data key
JP6463269B2 (en) Method, system, and computer program product for determining the geographical location of a virtual disk image running on a data center server in a data center
CN107181714B (en) Verification method and device based on service code and generation method and device of service code
JP2022528070A (en) Verification of the ID of an emergency vehicle while driving
EP3384629B1 (en) System and method for tamper-resistant device usage metering
CN103124261A (en) Wireless communication device and extensional subscriber identity module used in wtru
CN104216907A (en) Method, device and system for providing database access control
US10547451B2 (en) Method and device for authentication
CN110555779A (en) data processing method, data processing device, computer equipment and storage medium
US20190097805A1 (en) Security device for providing security function for image, camera device including the same, and system on chip for controlling the camera device
WO2017050147A1 (en) Information registration and authentication method and device
WO2018162060A1 (en) Methods and devices for attesting an integrity of a virtual machine
US20100241865A1 (en) One-Time Password System Capable of Defending Against Phishing Attacks
JP2022527906A (en) Secure monitoring using blockchain
CN113472521A (en) Block chain-based real-name digital identity management method, signature device and verification device
US20140368312A1 (en) Authentication method between a reader and a radio tag
CN109905384A (en) Data migration method and system
US20180205714A1 (en) System and Method for Authenticating Electronic Tags
WO2012067487A1 (en) A system and method for providing integrity verification in radio frequency identification (rfid)
WO2022046074A1 (en) Generating signed measurements
KR102559101B1 (en) Power metering apparatus, power metering server and, power metering method base on block chain
KR100722363B1 (en) Rfid system based of robust authentication protocol, and tag and method thereof
EP3977700A1 (en) Securely sharing private information
KR20210142170A (en) security emergency vehicle communication
US10109141B2 (en) Method and apparatus for establishing trust in smart card readers

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11841274

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11841274

Country of ref document: EP

Kind code of ref document: A1