The present disclosure relates to an electronic tamper detection device. Furthermore, the present disclosure relates to a corresponding tamper detection method, and to a corresponding computer program.
Electronic tamper detection devices may be used to detect tampering with closed or sealed products, such as bottles, packets and other containers. For example, in the spirits industry and the pharmaceutical industry such tamper detection devices may be useful. Tamper detection devices often contain a so-called tamper loop. A tamper loop may for example comprise a conductive wire that is broken when a closure or seal in which it is concealed is broken. Fre-quently used tamper detection devices are radio frequency identification (RFID) or near field communication (NFC) tags comprising or extended with a tamper loop. It may be desirable to improve these tamper detection devices.
According to a first aspect of the present disclosure, an electronic tamper detection device is provided, comprising a tamper loop, a processing unit and a storage unit, wherein the processing unit is configured to detect that the tamper loop has been opened and to store data indicating that the tamper loop has been opened in said storage unit, wherein the storage unit is a non-volatile memory.
In one or more embodiments, the processing unit is configured to store said data with added redundancy.
In one or more embodiments, the storage unit is configured to allow said data to be stored only once.
In one or more embodiments, the tamper detection device further comprises communication unit, the processing unit is configured to retrieve the stored data from the storage unit and to provide the retrieved data to the communication unit, and the communication unit is configured to transmit said retrieved data to an external device.
In one or more embodiments, the processing unit is configured to store said data during a start-up process of the tamper detection device.
In one or more embodiments, the processing unit is configured to store said data during a tamper loop status reporting process of the tamper detection device.
In one or more embodiments, the tamper loop comprises a conductive wire.
In one or more embodiments, the tamper detection device is a near field communication tag or a radio frequency identification tag.
In one or more embodiments, a closure comprises a tamper detection device of the kind set forth.
In one or more embodiments, a seal comprises a tamper detection device of the kind set forth.
According to a second aspect of the present disclosure, a tamper detection method is conceived, which uses an electronic tamper detection device, the tamper detection device comprising a tamper loop, a processing unit and a storage unit, wherein the storage unit is a non-volatile memory, and wherein the processing unit detects that the tamper loop has been opened and stores data indicating that the tamper loop has been opened in said storage unit.
According to a third aspect of the present disclosure, a computer program is provided, comprising non-transitory, executable instructions which, when executed by a processing unit, carry out or control a method of the kind set forth.
In one or more embodiments, a computer-readable medium comprises a computer program of the kind set forth.
Embodiments will be described in more detail with reference to the appended drawings, in which:
As mentioned above, it may be desirable to improve these tamper detection devices. For example, a tag of the kind set forth contains a processing unit that performs a measurement on the tamper loop, and fetches the result of the measurement in a register. Such a register is often implemented using flip-flops. The detection of a tamper attempt, i.e. the detection of an open tamper loop, may not be available for retrieval for a sufficient amount time. Furthermore, the content of the register may be of a transient nature. Therefore, in accordance with the present disclosure, the processing unit of a tamper detection device is configured to detect that the tamper loop is open and to store, if the tamper loop is open, data indicating that the tamper loop has been opened in a non-volatile memory of the tamper detection device. In this way, the information on a detected tamper attempt is stored in a more persistent and reliable manner. A non-volatile memory is particularly suitable for storing the data which indicate that the tamper loop has been opened in a persistent and reliable manner. Examples of non-volatile memories are programmable read-only memories and flash memories. Furthermore, more detailed tamper detection reports can be created, as will explained in more detail below. Also, it is more difficult for an attacker to set the tamper detection device to a seemingly untampered state, i.e. a state in which the tamper loop appears to have never been opened, because both the direct result of the tamper measurement (e.g., the content of the register) and the data in the storage unit should be manipulated.
It may be desirable to store said data in a fail-safe manner. This may be achieved in different ways. In some embodiments, the processing unit 204 is configured to store said data with added redundancy. Adding redundancy refers to the process of storing the same data multiple times. For example, the data may be stored two times in independent memory locations. In case the data is lost at one of the locations (e.g. after a couple of years), the data is still available, and the memory location where the data is lost may be refreshed using the data at the other location. In this way, loss of “Recall Open” information over the lifetime of the tamper detection device 200 may be avoided. Furthermore, in some embodiments, the storage unit 206 is configured to allow said data to be stored only once. In this way, a subsequent write attempt to the data's location will fail, so that the data cannot be overwritten. Thus, the proba-bility that the data is lost is reduced. Furthermore, this makes it difficult for an attacker to reset the tamper detection device 200 to a seemingly untampered state.
Furthermore, in one or more embodiments, the tamper detection device further comprises a communication unit (not shown), and the processing unit is configured to retrieve the stored data from the storage unit and to provide the retrieved data to the communication unit. Furthermore, the communication unit is configured to transmit the received data to an external device. For the example, the communication unit may be an near field communication (NFC) unit or a radio frequency identification (RFID) unit. In this way, the stored data may be retrieved easily by an NFC reader or RFID reader. In some embodiments, the tamper detection device is an NFC tag or an RFID tag. NFC tags and RFID tags are relatively simple devices that can easily be embedded into tamper-sensitive products. In some embodiments, a closure comprises the tamper detection device. In other embodiments, a seal comprises the tamper detection device. In this way, detecting the tampering with closed or sealed products, such as bottles, packets and other containers, is facilitated.
In a practical and efficient implementation, an NFC or RFID tag contains an integrated circuit (i.e., a chip) that is able to detect a tamper event. More specifically, the chip contains a processing unit that is configured to test whether a tamper loop (e.g., a conductive wire) has been broken or not. When the processing unit detects that the tamper loop is open (i.e., when it detects the “Open” information), it stores data indicating that the tamper loop has been opened (i.e., the “Recall Open” information) in a non-volatile memory for later use. This storage may be done in a fail-safe manner, for example by adding redundancy and/or as a one-time-programmable memory access. Using a communication unit, the chip can report both kinds of information (i.e., the “Open” or “Close” information, as well as the “Recall Open” information). For instance, the chip may report the information in a response to a dedicated command, or as part of a standardized message such as an NFC data exchange format (NDEF) message. Table I shows that the two kinds of tamper information enable different interpreta-tions of the tamper status, which in turn enables creating more detailed tamper detection reports.
The systems and methods described herein may at least partly be embodied by a computer program or a plurality of computer programs, which may exist in a variety of forms both active and inactive in a single computer system or across multiple computer systems. For example, they may exist as software program(s) comprised of program instructions in source code, object code, executable code or other formats for performing some of the steps. Any of the above may be embodied on a computer-readable medium, which may include storage devices and signals, in compressed or uncompressed form.
As used herein, the term “mobile device” refers to any type of portable electronic device, including a cellular telephone, a Personal Digital Assistant (PDA), smartphone, tablet etc. Furthermore, the term “computer” refers to any electronic device comprising a processor, such as a general-purpose central processing unit (CPU), a specific-purpose processor or a microcontroller. A computer is capable of receiving data (an input), of performing a sequence of predetermined operations thereupon, and of producing thereby a result in the form of information or signals (an output). Depending on the context, the term “computer” will mean either a processor in particular or more generally a processor in association with an assemblage of interrelated elements contained within a single case or housing.
The term “processor” or “processing unit” refers to a data processing circuit that may be a microprocessor, a co-processor, a microcontroller, a microcomputer, a central processing unit, a field programmable gate array (FPGA), a programmable logic circuit, and/or any circuit that manipulates signals (analog or digital) based on operational instructions that are stored in a memory. The term “memory” refers to a storage circuit or multiple storage circuits such as read-only memory, random access memory, volatile memory, non-volatile memory, static memory, dynamic memory, Flash memory, cache memory, and/or any circuit that stores digital information.
As used herein, a “computer-readable medium” or “storage medium” may be any means that can contain, store, communicate, propagate, or transport a computer program for use by or in connection with the instruction execution system, apparatus, or device. The computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific examples (non-exhaustive list) of the computer-readable medium may include the following: an electrical connection having one or more wires, a portable computer diskette, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CDROM), a digital versatile disc (DVD), a Blu-ray disc (BD), and a memory card.
It is noted that the embodiments above have been described with reference to different subject-matters. In particular, some embodiments may have been described with reference to method-type claims whereas other embodiments may have been described with reference to apparatus-type claims. However, a person skilled in the art will gather from the above that, unless otherwise indicated, in addition to any combination of features belonging to one type of subject-matter also any combination of features relating to different subject-matters, in particular a combination of features of the method-type claims and features of the apparatus-type claims, is considered to be disclosed with this document.
Furthermore, it is noted that the drawings are schematic. In different drawings, similar or identical elements are provided with the same reference signs. Furthermore, it is noted that in an effort to provide a concise description of the illustrative embodiments, implementation details which fall into the customary practice of the skilled person may not have been described. It should be appreciated that in the development of any such implementation, as in any engi-neering or design project, numerous implementation-specific decisions must be made in order to achieve the developers' specific goals, such as compliance with system-related and business-related constraints, which may vary from one implementation to another. Moreover, it should be appreciated that such a development effort might be complex and time consuming, but would nevertheless be a routine undertaking of design, fabrication, and manufacture for those of ordinary skill.
Finally, it is noted that the skilled person will be able to design many alternative embodiments without departing from the scope of the appended claims. In the claims, any reference sign placed between parentheses shall not be construed as limiting the claim. The word “comprise(s)” or “comprising” does not exclude the presence of elements or steps other than those listed in a claim. The word “a” or “an” preceding an element does not exclude the presence of a plurality of such elements. Measures recited in the claims may be implemented by means of hardware comprising several distinct elements and/or by means of a suitably pro-grammed processor. In a device claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage.
Number | Date | Country | Kind |
---|---|---|---|
17156632.6 | Feb 2017 | EP | regional |