Patent Grant
8947211
The present invention relates to a wireless interface, for example, protection of communication data between a Radio Frequency Identification (RFID) reader and an RFID tag, and more particularly, to a communication data protection method and apparatus based on symmetric key encryption which includes mutual authentication between the RFID tag and the RFID reader in an RFID wireless interface environment.
This work was supported by the IT R&D program of MIC/IITA [2005-S-088-03, Development of security technology for secure RFID/USN service].
Generally, a Radio Frequency Identification (RFID) system is classified into a mutual induction scheme and an electromagnetic wave scheme depending on a mutual communication scheme between a reader and a tag, and is classified into an active type and a passive type depending on whether the tag operates under its own power. Also, the RFID system is classified into a long wave, a medium wave, a short wave, an ultrashort wave, and a microwave depending on a used frequency.
Since all data packets transceived between an RFID tag, and more particularly, a passive tag, for example a tag in accordance with ISO/IDC 18000-6 Type C standard, are exposed to readers in an electric wave coverage, all the data packets are in a weak security state in that information in the packets may be eavesdropped by a malicious third person.
In the weak security state, there are many risks that personal information stored in a tag memory or other important information may be stolen or forged. Also, when an unauthenticated third person accesses the tag memory and deletes some data items or writes random information, the reader and the tag exchanges invalid data. A security method using a password and a key value between a tag and a reader is disclosed in order to solve the above-described problem, however, this may not prevent a replay attack and may simply limit access to the tag memory.
The present invention provides a protection method for communication data between a Radio Frequency Identification (RFID) tag and an RFID reader using encryption based on symmetric key encryption between the RFID tag and the RFID reader in an RFID wireless interface environment.
The present invention also provides a method and apparatus for protecting transceived data needing security between an RFID tag and an RFID reader besides simply limiting access to a tag memory.
The present invention also provides a transceiving data format for protection of communication data between an RFID tag and an RFID reader.
According to an aspect of the present invention, there is provided a communication data protection method using a Radio Frequency Identification (RFID) reader, the method including: receiving, from a tag, tag information including security parameter information and an encrypted Unique Item Identifier (UII); extracting the UII based on the security parameter information; transmitting, to the tag, a request message including a challenge value for replay prevention; and performing a tag authentication by receiving, from the tag, a response message including a handle and the challenge value.
According to another aspect of the present invention, there is provided a communication data protection method using an RFID tag, the method including: transmitting, to a reader, tag information including security parameter information and an encrypted UII; receiving, from the reader, a request message including a challenge value for replay prevention; and generating a handle in response to the request message and transmitting, to the reader, a response message including the handle and the challenge value.
According to still another aspect of the present invention, there is provided an RFID tag including: a memory to store a security parameter and a security key; a signal processing unit to generate a One Time Pad OTP value based on an output feedback mode using the security key and encrypt a transmission message to be transmitted to a reader using the OTP value; and a transmission unit to transmit the security parameter and the encrypted transmission message to the reader.
According to yet another aspect of the present invention, there is provided a communication data protection method, the method including: receiving a random value request message from a reader; transmitting, using a tag, a random value to the reader by generating the random value; receiving, from the reader, a setting command message including security parameter setting information encrypted by the random value; and setting a security parameter value based on the security parameter setting information.
According to a further aspect of the present invention, there is provided a communication data protection method, the method including: receiving a random value request message from a reader; transmitting, using a tag, a random value to the reader by generating the random value; receiving, from the reader, a key setting command message including security key setting information encrypted by the random value; and setting a security key in the memory based on the security key setting information, and transmitting a response message to the reader.
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the like elements throughout. The embodiments are described below in order to explain the present invention by referring to the figures.
As illustrated in
Referring to
The control unit 107 performs an access process to a security inventory and the tag according to the present exemplary embodiment of the present invention.
The reader memory 105 includes a program memory and data memories. Programs for controlling the general operation of the reader and security-related data according to the present exemplary embodiment of the present invention are stored in the program memory.
Referring to
The signal processing unit 113 restores a reader signal received by the RF unit 111, and generates a message to be transmitted to the reader. Also, the signal processing unit 113 performs the access process to the security inventory and the tag according to the present exemplary embodiment of the present invention.
The tag memory 115 includes a program memory and data memories. Programs for controlling the general operation of the tag and security-related data according to the present exemplary embodiment of the present invention are stored in the program memory.
As illustrated in
The security parameter area 205 includes an index of a group including a security key used by a tag, and information about which symmetric key encryption algorithm is used.
As illustrated in
The inventory processes S301 to S307 are processes for selecting the specific tag from a plurality of tags existing in an RF coverage, and acquiring tag information (Protocol control bits (PC) and Unique Item Identifier (UII)) of the selected tag.
In operation S301, the reader queries the tag using a command word such as Query, QueryAdjust, and QueryRep. In operation S303, when a slot (a Q value) of the tag is ‘0’, the queried tag transmits a predetermined random value (an RN 16 value) to the reader. In this instance, the Q value denotes a time slot so that the plurality of tags may communicate with the reader without a collision. Also, the queried tag drives a symmetric key-based security algorithm using the RN16 value transmitted to the reader, a security parameter value, and a security key value. A detailed description thereof is provided as follows.
In operation S305, when the reader receives the RN16 value from the tag without a collision, the reader transmits an acknowledgment (ACK) message including RN16 information to the tag.
In operation S307, when the tag receives the ACK message, the tag transmits a security response message in response to the ACK message using the security parameter value and the RN16 value.
In this instance, as illustrated in
The reader performs access processes, that is, operations S309 to S313, after performing the inventory processes, that is, operations S301 to S307.
The access processes, that is, operations S309 to S313 are processes for acquiring information stored in a memory of the tag selected during the inventory processes, and transmitting various commands such as read, write, and lock.
First, when the reader receives the security response message, the reader recognizes that the tag is a security tag, by using the RN16 value included in the security response message. The reader subsequently extracts a security key value of the tag by analyzing the security parameter value, and decrypts the tag information, that is, the PC, the UII, and the CRC-16 by selecting the security key value of the reader corresponding to the extracted security key. In this instance, the reader may decrypt the tag information by the symmetric key-based encryption algorithm using the security key value of the reader.
According to exemplary embodiments, the message transceived in all operations after operation 5307 is encrypted and transmitted. Specifically, the message transceived in the operations after operation 5307 is calculated by using an exclusive or (XOR) with the OTP value and is encrypted.
In operation S309, the reader transmits a security request (Req_RN) message in order to transmit a command to the tag. As illustrated in
In operation S311, when the tag receives the Req_RN message, the tag generates a new RN16 value (new RN), and transmits a response message to the reader using the new RN value and the challenge value received from the tag. Here, the response message in response to the Req_RN message is configured as illustrated in
The reader subsequently uses the new RN16 value as a tag authentication signal, that is, a handle.
Accordingly, in operation S313, the reader transmits a command message including the handle to the tag. In this instance, as described above, the command message is encrypted by using the exclusive or (XOR) with the OTP value.
In operation S315, when the tag receives the command message, the tag performs an operation according to the received command message when a handle value is equal to the new RN value transmitted by the tag.
As described above, the tag indirectly authenticates the reader by verifying the handle value.
As illustrated in
Referring to
As described above, when the OFB mode is performed, a plurality of OTP values is continuously generated.
The plurality of OTP values is successively selected not to be overlapped, and is used for encrypting (performing the XOR calculation of) a transmission message. Specifically, using the plurality of OTP values so as to not be duplicated denotes using OTP[2,4˜6] in operation 5311 when OTP[2,1˜3] is used in operation S307 of
As illustrated in
As illustrated in
As illustrated in
The reader and the tag may prevent a replay attack of at least one of an unauthenticated reader and an unauthenticated tag by using the security Req_RN message and the response message in response to the security Req_RN message.
The RFID tag for performing the access process to the security inventory and the tag includes the memory 115 to store the security parameter and the security key, the signal processing unit 113 to generate the OTP value based on the OFB mode using the security key and encrypt the transmission message to be transmitted to the reader using the OTP value, and the RF unit 111 to transmit the security parameter and the encrypted transmission message to the reader.
As illustrated in
In operation S805, the reader encrypts (performs an XOR calculation of) security parameter setting information using the received new RN value, and transmits a setting command message, that is, Set_Sec Param, including the encrypted security parameter setting information to the tag.
In this instance, the security parameter setting information may be an initial value of a security parameter, and may be a changed security parameter value when the security parameter value is stored in the tag in advance.
The tag authenticates the reader by the new RN (handle) value, and sets (changes) a security parameter value of a security memory bank based on the security parameter setting information. In operation S807, when a security parameter setting of the security memory bank is completed, the tag subsequently transmits, to the reader, a report message reporting that the setting is completed.
As illustrated in
As illustrated in
As illustrated in
The reader encrypts (performs an XOR calculation of) a most significant 16-bit value of a security key to be set or changed, by using the received new RN value. In this instance, for example, the security key value may be an Advanced Encryption Standard (ASE) key.
In operation S1105, the reader transmits, to the tag, a security key update key (Update_Key) command message including the most significant 16-bit value of the encrypted security key.
When the tag receives the Update_Key command message, the tag decrypts the received Update_Key command message by the new RN value, and updates the security key stored in a memory based on the security key value.
In this instance, the security key value may be an initial value of the security key, and may be an updated security key value when the security key value is stored in the memory of the tag in advance.
In operation S1107, when a security key value updating of a security key value in a security memory bank is completed, the tag transmits, to the reader, a report message reporting that the update is completed, that is, an intermediate response in response to the Update_Key command.
Operations S1101 to S1107 are repeatedly performed based on an entire size of the security key. Accordingly, in operation S1109, for example, when the entire security key value is 128 bits, operations S1101 to S1107 are repeatedly performed eight times.
In operation S1111, when the updates of all security key values are completed by repeatedly performing operations S1101 to S1107, the tag transmits, to the reader, a final response, that is, a final response in response to the Update_Key command.
As illustrated in
As illustrated in
As illustrated in
According to the present invention, there is provided an RFID reader which can authenticate a tag.
Also, according to the present invention, there is provided an RFID tag which can authenticate a reader.
Also, according to the present invention, there is provided a communication data protection method which can protect communication data transceived among RFID wireless interfaces, and more particularly, which can prevent a replay attack in an RFID wireless interface environment.
Although a few embodiments of the present invention have been shown and described, the present invention is not limited to the described embodiments. Instead, it would be appreciated by those skilled in the art that changes may be made to these embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.
| Number | Date | Country | Kind |
|---|---|---|---|
| 10-2007-0127977 | Dec 2007 | KR | national |
| Filing Document | Filing Date | Country | Kind | 371c Date |
|---|---|---|---|---|
| PCT/KR2008/003402 | 6/17/2008 | WO | 00 | 6/10/2010 |
| Publishing Document | Publishing Date | Country | Kind |
|---|---|---|---|
| WO2009/075434 | 6/18/2009 | WO | A |
| Number | Name | Date | Kind |
|---|---|---|---|
| 8198984 | Amtmann | Jun 2012 | B2 |
| 20030112972 | Hattick et al. | Jun 2003 | A1 |
| 20040039703 | Novoselsky et al. | Feb 2004 | A1 |
| 20050058292 | Diorio et al. | Mar 2005 | A1 |
| 20060008083 | Saito | Jan 2006 | A1 |
| 20060012473 | Bishop et al. | Jan 2006 | A1 |
| 20060039558 | Morii et al. | Feb 2006 | A1 |
| 20060077034 | Hillier | Apr 2006 | A1 |
| 20070008070 | Friedrich | Jan 2007 | A1 |
| 20070077034 | Okuyama et al. | Apr 2007 | A1 |
| 20070177738 | Diorio et al. | Aug 2007 | A1 |
| 20080168544 | von Krogh | Jul 2008 | A1 |
| 20080219447 | McLaughlin | Sep 2008 | A1 |
| 20090015385 | Teuwen et al. | Jan 2009 | A1 |
| 20090251289 | Amtmann | Oct 2009 | A1 |
| 20120206243 | Butler et al. | Aug 2012 | A1 |
| Number | Date | Country |
|---|---|---|
| 10-2006-0028952 | Apr 2006 | KR |
| 10-2006-0090383 | Aug 2006 | KR |
| 10-2006-0121815 | Nov 2006 | KR |
| 10-2007-0003205 | Jan 2007 | KR |
| 10-2007-0006525 | Jan 2007 | KR |
| Entry |
|---|
| International Search Report mailed on Sep. 2, 2008 in International Application No. PCT/KR2008/003402. |
| Written Opinion of the International Searching Authority mailed on Sep. 2, 2008 in International Application No. PCT/KR2008/003402. |
| Number | Date | Country | |
|---|---|---|---|
| 20100277287 A1 | Nov 2010 | US |
