`
`(19) United States
`(12) Patent Application Publication (10) Pub. N0.: US 2007/0046439 A1
`Takaku et al.
`(43) Pub. Date:
`Mar. 1, 2007
`
`IDENTIFICATION
`(54) RADIO
`SYSTEM WITH DEVICE FOR PROTECTING
`PRIVACY AND METHOD OF OPERATION
`
`(75)
`
`Inventors: Yoshitsugu Takaku, Tokyo (JP);
`Tetsuo Tanemura, Yokohama (JP)
`
`Publication Classification
`
`(51)
`
`Int. Cl.
`H04Q 5/22
`(52) U.S. Cl.
`
`(2006.01)
`340/10.41; 340/5723; 340/1052
`
`Correspondence Address:
`MOTOROLA INC
`600 NORTH Us HIGHVVAY 45
`ROOM AS437
`LIBERTYVILLE’ [L 600485343 (Us)
`
`(21) APP1. No‘;
`
`11/213,251
`
`(22) Filed:
`
`Sep. 1, 2005
`
`(57)
`
`ABSTR“CT
`.
`.
`.
`An RFID system (100) includes an RFID privacy protection
`device (126) that keeps track of RFID tags possessed by a
`user, senses nearby RFID scanners (110, 112, 124) and limits
`the communication between the nearby RFID seamlers and
`the RFID tags to what
`is necessary to accomplish the
`function of the RFID system by selectively generating a
`masking signal.
`
`ENTRANCE
`
`108
`
`102
`l
`
`EXIT
`
`I14
`
`181-RFID
`ITEM TAG
`
`104
`
`116
`
`,T§£4F%F,{E';
`
`/1,25’
`I
`I
`
`I
`
`ioiigificiyribcri
`DEVICE
`
`126
`
`”3
`
`RD
`I:i'EMB|'5\|8
`
`,
`
`RFID
`READER /
`WRITER
`
`POI NT-OF-SALE
`TERMINAL
`
`RFC - Exhibit 1010
`
`1
`
`
`
`Patent Application Publication Mar. 1, 2007 Sheet 1 of 8
`
`US 2007/0046439 A1
`
`ENTRANCE
`
`"32
`
`EXIT
`
`
`
`ST
`
`’05
`
`114
`
`108
`I1TEMRTF;'x[<§
`
`
`
`
`\
`
`RFID PRIVACY
`PROTECTION
`DEVICE
`
`I26
`
`
`
`RF ID
`READER /
`
`WRITER
`
`
`
`
`POINT-OF-SALE
`TERMINAL
`
`FIG. I
`
`2
`
`
`
`Patent Application Publication Mar. 1, 2007 Sheet 2 of 8
`
`US 2007/0046439 A1
`
`126
`
`RFID PRIVACY PROTECTION DEVICE
`
`ANTENNA
`
`TXm PROCESSOR
`
`TRANSCEIVER
`
`MEMORY
`
`§8L‘fi§EC"E
`
`202
`
`I
`LOCATION
`§DETERM|NAT|ON}
`'
`SYSTEM
`I _ _ _ _ _ _
`_ _ _ __;
`
`FIG. 2
`
`3
`
`
`
`Patent Application Publication Mar. 1, 2007 Sheet 3 of 8
`
`US 2007/0046439 A1
`
`3_0L3
`
`START
`
`302
`
`OPERATE RECEIVER TO CHECK
`FOR ANY ACTIVE RFID SCANNERS
`WITHIN COMMUNICATION RANGE
`
`304
`
`ACTIVE SCANNER
`FOUND‘
`NO
`CHECK FOR RFID TAGS THAT
`ARE POSSESSED BY USER
`
`6
`
`YES
`
`;
`
`REPLY WITH "NULL TAG" ID
`:
`5567 """""""""" ‘ ‘
`322
`
`ARE ALL
`
`YES
`TAG(S) POSSESSED BY
`
`
`
`USER ALREADY OWNED
`BY USER?
`
`
`30
`
`308
`
`
`
`
`
`
`
`DELAY TO ALLOw TIME FOR
`READING OF RFID TAGS
`
`GENERATE MASKING SIGNAL TO
`PREVENT SCANNING OF RFID
`TAGS BY ACTIVE RFID SCANNERS
`
`FOR A PREDETERMINED PERIOD
`OF “ME
`
`
`
`
`
`
`3,493 ___________________ __
`: READ ONE OR MORE DATA ITEMS‘;
`I FROM RFID TAGS WITH CHANGED.
`I ______ __QV_"N_ER_3LI'_P_ ______ __I
`3.4.2.3 ______ J__________
`;
`I
`ENCRYPT THE ONE OR MORE
`L ______ _ P_A_TA 'TE'Z'§______ _ _.'
`3_4_4_3 ______ _ _}__________ __1
`; WRITE THE ONE OR MORE DATA ;
`;
`ITEMS, IN ENCRYPTED FORM,
`.
`.
`BACK TO RFID TAGS WITH
`:
`L _ _ _ _C_H_A_N_G_E_D_0\_/V_N_E_R_S_H_||3 _ _ _ _:
`346
`
`UPDATE TABLE:
`CHANGE OWNERSHIP
`
`
`ARE
`TAGS THAT
`
`YES
`WERE PREVIOUSLY
`POSSESSED BUT NOT OWNED
` BY USER NOW OWNED
`
`
`
`BY U)SER
`
`RFID TAGS THAT ARE
`NEWLY POSSESSED
`
`
`
`
`
`
`
`V53
`
`
`
`POSSESSED TAGS
`ALREADY OWNED BY
`-
`
`ACWATE ALERT
`
`310
`
`UPDATE TABLE:
`ADD/DELETE ENTRIES
`
`
`
`
`
`
`COMPARE |D'S OF TAGS
`PREFI/O|g8§E\§ESI1)'gR(EUDST/I§BLCE) OF
`
`TAGS POSSESSED BY USER
`
`
`
`
`
`
`4
`
`
`
`Patent Application Publication Mar. 1, 2007 Sheet 4 of 8
`
`US 2007/0046439 A1
`
`FROM
`
`w
`
`402
`
`404
`
`IIIIIIIIIIIIIIIINEHAUZEEREHIEIMEEEIIIIIIIIIIIIIII
`
`IIIIIEHWEEHRRENIIDEHiEWIENEEHMEEHRRENIEMMHIIIII
`
`SCAN FOR RFID TAGS WITHIN CURRENT SCAN RANGE
`
`STORE ID'S OF RFID TAGS WITHIN CURRENT SCAN RANGE
`
`WAIT FOR LOCATION TO CHANGE BY PREDETERMINED
`INCREMENT (OR WAIT FOR PREDETERMINED PERIOD OF TIME)
`
`RESCAN FOR RFID TAGS WITHIN CURRENT-SCAN RANGE
`
`COMPARE |D'S OF RFID TAGS FOUND DURING RESCAN
`WITH STORED |D'S
`
`
`
`131'
`
`PASS THROUGH
`LOOP?
`
`STORE ID'S OF RFID TAGS THAT
`STAYED WITH DEVICE AFTER
`
`STORE |D'S OF RFID TAGS THAT
`STAYED WITH DEVICE AFTER
`
`420
`
` IS THIS
`NO
`
`
`
`CHANGE OF LOCATION EOR TIME
`
`
`
`
`
`CHANGE OF LOCATION OR TIME
`
`BY PREDETERMINED IN REMEN
`AS INITIAL LIST OF POSSESSIONS
`
`BY PREDETERMINED IN REMEN
`AS NEW LIST OF POSSESSIONS
`
`
`
`
`
`
`
` REDUCE SCAN RANGE
`
`
`
`NO
`
`424
`
`LIMIT OF SCAN RANGE
`REACHED?
`
`NEW LIST OF
`POSSESSION EQUAL
`TO LIST OF POSSESSIONS
`FROM PREVIOUS
`
`ITERATION
`
`
`4261 ______ __NO'
`———————————— --1
`:
`RECORD PREVIOUS SCAN
`ES
`I
`.
`RANGE FOR FUTURE USE
`
`Y
`
`I
`
`5
`
`
`
`Patent Application Publication Mar. 1, 2007 Sheet 5 of 8
`
`US 2007/0046439 A1
`
`QQQ
`
` START
`
`
`
`ATTEMPT TO READ
`RFID TAGS
`
`
`
`NULL TAG
`RESPONDED?
`
`
`
`
` MASKING SIGNAL
`DETECTED?
`
`
`ACTIVATE 137
`ALARM
`
`
`
`ACTIVATE 2””
`ALARM
`
`
`
`
`
`STORE
`INVENTORY RFID TAG
`DETECTED?
`
`
`FIG. 5
`
`6
`
`
`
`Patent Application Publication Mar. 1, 2007 Sheet 6 of 8
`
`US 2007/0046439 A1
`
`fl
`
`
`
`
`
`602
`
`HAS
`AT LEAST
`
`ONE RFID TAG NOW
`
`POSSESSED BY USER BEEN
`FOUND SINCE AN IMMEDIATELY
`PRECEDING SCAN BY AN
`RFID SO7ANNER
`
`
`
`
`
`
`
`
`ARE ALL,
`NEWLY POSSESSED TAG(S)
`ALREADY OWNED
`BY USER?
`
`
`OF RFID TAGS
`
`
`
`
`DELAY TO ALLOW TIME FOR READING
`
`FIG. 6
`
`7
`
`
`
`Patent Application Publication Mar. 1, 2007 Sheet 7 of 8
`
`US 2007/0046439 A1
`
`FROM
`BLOCK
`326
`
`322
`
`
`
`
`ARE ALL,
`
`
`YES
`TAGS POSSESSED BY USER
`
`
`ALREADY OWNED
`
`
`BY USER?
`
`NO
`
`DELAY TO ALLOW TIME FOR READING
`OF RFID TAGS
`
`
`RECEIVED
`SIGNALS FROM
`
`
`POS RFID READER/WRITER
`IDENTIFYING TAGS THAT
`
`CHANGED OWNERSHIP
`
`TO USER?
`
`
`
`702
`
`331
`
`704
`
`RECORD RECEIVED OWNERSHIP
`INFORMATION
`
`T0
`BLOCK
`328
`
`T0
`BLOCK
`302
`
`FIG. 7
`
`8
`
`
`
`Patent Application Publication Mar. 1, 2007 Sheet 8 of 8
`
`US 2007/0046439 A1
`
`M
`
` START
`
`SCAN RFID TAGS OF ITEMS BEING
`PURCHASED BY CUSTOMER
`
`
`
`
`SEND DATA IDENTIFYING ITEMS TO
`POS TERMINAL PAYMENT SUBSYSTEM
`
`
`
`
`
`806
`
` RECEIVED
`INDICATION THAT
`CUSTOMER PAID FOR ITEMS
`FROM POS TERMINAL
`PAYMENT
`SUBSYSTEM?
`
`
`
`
`802
`
`804
`
`808
`
`
`
`
`
`
`
`SEND INFORMATION INDICATING
`CHANGE OF OWNERSHIP OF
`SCANNED AND PAID FOR ITEMS
`TO CUSTOMERS RFID-PPD
`
`FIG. 8
`
`9
`
`
`
`US 2007/0046439 A1
`
`Mar. 1, 2007
`
`RADIO FREQUENCY IDENTIFICATION SYSTEM
`WITH DEVICE FOR PROTECTING PRIVACY AND
`METHOD OF OPERATION
`
`FIG. 3 is a flowchart of a method of operating the
`[0011]
`privacy protection device shown in FIG. 2 in accordance
`with some embodiments of the invention;
`
`FIELD OF THE INVENTION
`
`[0001] The present invention relates generally to Radio
`Frequency Identification (RFID) systems.
`
`BACKGROUND
`
`[0002] Developments in the fields of wireless communi-
`cation and integrated circuit manufacturing, have reduced
`the cost of RFID devices to the point that they can be used
`to track individual retail items (e.g., articles of clothing,
`cereal boxes). RFID tags for tracking retail items will render
`bar codes obsolete. RFID tags are superior to bar codes in
`that an RFID tag reader can read an RFID tag through
`obstructions (e.g., other items being purchased) and without
`the RFID tag having to be presented facing the RFID reader.
`
`[0003] However, the anticipated ubiquity of RFID tags
`coupled with the flexibility of reading tags, which is such
`that a person possessing an RFID tag does not need to do
`anything for the RFID tag to be read, meaning that the RFID
`tag can be read without the person being aware of the
`reading of the tag has raised privacy protection concerns.
`
`[0004] Privacy protection advocates have raised concerns
`that unscrupulous scanning of RFID tags will be used to
`track people’s movements and determine what belongings
`people are carrying with them.
`
`[0005] One proposal for limiting the potential for infringe-
`ment on privacy, is to provide a means whereby an autho-
`rized party (e.g., cashier) permanently disables or ‘kills’
`RFID tags when they pass into the hands of a consumer. The
`latter approach has the drawback that
`it forestalls post
`purchase consumer uses of RFID tags which are being
`contemplated.
`
`[0006] Another proposal for preventing encroachment on
`privacy by illicit scarming of RFID tags on a person’s
`possessions is to provide blocker tags that simulate the
`presence of a very large number of RFID tags and thereby
`overwhelm any reader that attempts to read RFID tags in its
`vicinity. Such blocker tags have the potential to be misused
`to defeat RFID based security systems.
`
`It would be desirable to have a system, device and
`[0007]
`method that allow RFID technology to accomplish its
`intended purpose without facilitating encroachment on per-
`sonal privacy.
`
`BRIEF DESCRIPTION OF THE FIGURES
`
`[0008] The accompanying figures, where like reference
`numerals refer to identical or functionally similar elements
`throughout the separate views and which together with the
`detailed description below are incorporated in and form part
`of the specification,
`serve to further
`illustrate various
`embodiments and to explain various principles and advan-
`tages all in accordance with the present invention.
`
`[0009] FIG. 1 is a block diagram of an RFID system in
`accordance with some embodiments of the invention;
`
`[0010] FIG. 2 is a block diagram of a RFID privacy
`protection device in accordance with some embodiments of
`the invention;
`
`FIG. 4 is a flowchart ofa method ofcompiling a list
`[0012]
`of RFID item tags possessed by a user that
`is used in
`operating the privacy protection device according to the
`method shown in FIG. 3;
`
`FIG. 5 is a flowchart of a method of operating an
`[0013]
`RFID reader that is used in the RFID system shown in FIG.
`1 in accordance with some embodiments of the invention;
`and
`
`FIG. 6 is a flowchart fragment showing one alter-
`[0014]
`native to the method shown in FIG. 3;
`
`FIG. 7 is a flowchart fragment showing another
`[0015]
`alternative to the method shown in FIG. 3; and
`
`FIG. 8 is a flowchart showing a method of oper-
`[0016]
`ating a RFID reader/writer of the RFID system shown in
`FIG. 1 that complements the flowchart fragment shown in
`FIG. 7.
`
`Skilled artisans will appreciate that elements in the
`[0017]
`figures are illustrated for simplicity and clarity and have not
`necessarily been drawn to scale. For example, the dimen-
`sions of some of the elements in the figures may be exag-
`gerated relative to other elements to help to improve under-
`standing of embodiments of the present invention.
`
`DETAILED DESCRIPTION
`
`[0018] Before describing in detail embodiments that are in
`accordance with the present invention, it should be observed
`that the embodiments reside primarily in combinations of
`method steps and apparatus components related to RFID
`privacy protection. Accordingly, the apparatus components
`and method steps have been represented where appropriate
`by conventional symbols in the drawings, showing only
`those specific details that are pertinent to understanding the
`embodiments of the present invention so as not to obscure
`the disclosure with details that will be readily apparent to
`those of ordinary skill in the art having the benefit of the
`description herein.
`
`In this document, relational terms such as first and
`[0019]
`second, top and bottom, and the like may be used solely to
`distinguish one entity or action from another entity or action
`without necessarily requiring or implying any actual such
`relationship or order between such entities or actions. The
`terms “comprises,”“comprising,” or any other variation
`thereof, are intended to cover a non-exclusive inclusion,
`such that a process, method, article, or apparatus that com-
`prises a list of elements does not include only those elements
`but may include other elements not expressly listed or
`inherent to such process, method, article, or apparatus. An
`element proceeded by “comprises .
`.
`. a” does not, without
`more constraints, preclude the existence of additional iden-
`tical elements in the process, method, article, or apparatus
`that comprises the element.
`
`It will be appreciated that embodiments of the
`[0020]
`invention described herein may be comprised of one or more
`conventional processors and unique stored program instruc-
`tions that control the one or more processors to implement,
`in conjunction with certain non-processor circuits, some,
`most, or all of the functions of an RFID privacy protection
`
`10
`
`10
`
`
`
`US 2007/0046439 A1
`
`Mar. 1, 2007
`
`device described herein. The non-processor circuits may
`include, but are not limited to, a radio receiver, a radio
`transmitter, signal drivers, clock circuits, power source
`circuits, and user input devices. As such, these functions
`may be interpreted as steps of a method to achieve privacy
`protection in an RFID system. Alternatively, some or all
`functions could be implemented by a state machine that has
`no stored program instructions, or in one or more application
`specific integrated circuits (ASICs), in which each function
`or some combinations of certain of the functions are imple-
`mented as custom logic. Of course, a combination of the two
`approaches could be used. Thus, methods and means for
`these functions have been described herein. Further, it is
`expected that one of ordinary skill, notwithstanding possibly
`significant effort and many design choices motivated by, for
`example, available time, current technology, and economic
`considerations, when guided by the concepts and principles
`disclosed herein will be readily capable of generating such
`software instructions and programs and ICs with minimal
`experimentation.
`
`[0021] FIG. 1 is a block diagram of an RFID system 100
`in accordance with some embodiments of the invention. As
`
`shown in FIG. 1, the system 100 is used in a store 102. The
`system 100 is alternatively used in other environments such
`as secure facilities. Mobile parts of the system 100 are used
`outside of the store 102 or secure facility.
`
`[0022] A person (user) 104 shown in the store 102, may
`enter the store 102 already in possession of one or more
`RFID tags such as a first RFID tag 106. The first RFID tag
`106 would typically be attached to some possession (not
`shown) that the first RFID 106 is meant to track. The person
`104 enters through an entrance 108. A first RFID reader (or
`‘scarmer’) 110 is located adjacent to the entrance 108 so as
`to be able to scan RFID tags on items being carried in or out
`of the entrance 108. A second RFID reader 112 is located
`near an exit 114 of the store 102. The first RFID reader 110
`
`and the second RFID reader 112 scan (interrogate) RFID
`tags in their vicinity to prevent unauthorized removal (theft)
`of store inventory that is tracked with RFID tags. A second
`RFID tag 116 and a third RFID tag 118 are attached to items
`(not shown) in possession of the person 104. The items are
`carried in a basket 120. A point-of-sale terminal 122 that
`includes a RFID reader/writer 124 is located in the store 102.
`
`The RFID tags 106, 116, 118 include identifying information
`(e.g., ID numbers) and are adapted to communicate the
`identifying information in response to interrogation signals
`received from the first RFID reader, 110, second RFID
`reader 112 or the RFID reader/writer 124.
`
`[0023] When the person 104 enters the store the first RFID
`reader 110 will scan the first RFID tag 106. The first RFID
`reader 110 and the second RFID reader 112 can be pro-
`grammed to trigger an alert if any RFID tags are detected (to
`prevent theft through the entrance 108 and exit 114). In the
`case of the first RFID reader 110 located near the entrance
`
`108, such programming would ordinarily be problematic if
`the first RFID tag 106 is active, because an alert would be
`triggered by the person 104 even though the item tracked by
`the first RFID tag 106 has not been stolen. The person 104
`also has an RFID privacy protection device (RFID-PPD)
`126. As described more fully below with reference to FIGS.
`2-4 the RFID-PPD 126 prevents the first RFID reader 110
`from reading the first RFID tag 106 thereby avoiding false
`alerts by the first RFID reader 110 and protecting the
`
`person’s 104 privacy to the extent that ownership of the item
`tracked by the first RFID tag 104 is not divulged and/or the
`person’s 104 movement can not be tracked by tracking the
`first RFID tag 104. In certain embodiments the first RFID
`reader 110 and the second RFID reader 112 are programmed
`to issue alerts only if RFID tags having ID numbers corre-
`sponding to items stocked by the store are detected. The
`system 100 does not require RFID tags to be rendered
`inactive at purchase. Thus, the RFID tags can be used for
`post purchase applications.
`
`[0024] After finishing selecting items to be purchased, the
`person 104 brings the items to be purchased to the point-
`of-sale terminal 122. The point-of-sale terminal 122 uses the
`RFID reader/writer 124 to scan items possessed by the
`person 104, tallies up a total cost for the items that are
`possessed by the person 104 (but not already owned by the
`person 104, as in the case of the item tracked by the 1“ RFID
`reader) and after payment is received, alters the RFID tags
`attached to items being purchased to reflect a change in
`ownership to the person 104 (or more generally to a next
`level in a supply chain). The person 104 then proceeds to the
`exit 114. According to certain embodiments one or more of
`the RFID tags 106, 116, 118 are read-only tags and are not
`altered upon purchase.
`
`[0025] As more fully explained below with reference to
`FIGS. 2-3, if the person 104 does not take possession of any
`other items in the store 102 before exiting through the exit
`114 (as in the case of browsing), the RFID-PPD 126 will
`prevent scanning of the first RFID tag 106 possessed by the
`person 104 by the second RFID reader 112 located at the exit
`114. Thus, the person’s 104 privacy will continue to be
`protected. If the person 104 tries to steal an item tracked by
`an RFID tag before leaving the store 102 the RFID-PPD 126
`will not prevent scanning of RFID tags attached to the
`person’s104 possessions allowing the person 104 to be
`apprehended.
`
`FIG. 2 is a block diagram of the RFID-PPD 126 in
`[0026]
`accordance with some embodiments of the invention. The
`
`RFID-PPD 126 can be incorporated into another device,
`such as for example a cellular telephone (not shown). As
`shown in FIG. 2, the RFID-PPD 126 comprises a transceiver
`202, processor 204, memory 206, alert 208 and optional
`location determination system 210 coupled together through
`a signal bus 212. The foregoing are supplied power by a
`power source 214. The transceiver 202 is coupled to an
`antenna 216. The transceiver 202 includes a transmitter 218
`
`and a receiver 220. If the RFID-PPD is to support multiple
`RFID system that use different frequencies, multiple trans-
`ceivers 202 and/or antennas 216 are optionally provided.
`
`[0027] Having the power source 214 enables the RFID-
`PPD to have a larger communication range than passive
`RFID tags (e.g., 106, 116, 118) that derive power from
`received radio waves. Consequently as the person 104
`moves around the RFID-PPD 126 will be able to establish
`
`communication with nearby RFID readers (e.g., 110, 112,
`124) before the passive RFID tags 106, 116, 118 possessed
`by the person 104 are able to establish communication with
`nearby RFID readers. Designing the antenna 216 with a
`greater effective area than the effective area of antennas used
`in the passive RFID tags 106, 116, 118 used in the system
`100 also helps the RFID-PPD 126 to establish communica-
`tions with nearby RFID readers first. By way of nonlimitive
`
`11
`
`11
`
`
`
`US 2007/0046439 A1
`
`Mar. 1, 2007
`
`example, the location determination system 210 can com-
`prise a pedometer, a system that determines absolute posi-
`tion such as a GPS transceiver, or a system that determines
`relative position by detecting proximity to other wireless
`devices, or by measuring the distance from one or more
`other wireless devices (e.g., by triangulating position).
`
`[0028] FIG. 3 is a flowchart ofa method 300 of operating
`the RFID-PPD 126 shown in FIGS. 1, 2 in accordance with
`some embodiments of the invention. Although the method
`300 shown in FIG. 3 is described below in the context of the
`
`RFID system 100 shown in FIG. I and the RFID-PPD 126
`shown in FIG. 2, the method 300 can be used with RFID
`systems and RFID privacy protection devices that dilfer in
`design from what is shown in FIGS. 1-2. A program that
`executes the method 300 is suitably stored in the memory
`206 and executed by the processor 204. The processor 204
`programmed by the program that executes the method 300
`serves as a controller of the RFID-PPD 126.
`
`[0029] Referring to FIG. 3, in block 302 the receiver 220
`of the RFID-PPD 126 is operated to check for any active
`RFID tag scanners (e.g. 110, 112, 124) within range of the
`RFID-PPD 126. As previously mentioned the RFID-PPD
`126 is able to sense active RFID tag scarmers at a greater
`range than the RFID tags 106, 116, 118. The outcome of
`decision block 304 depends on whether an active RFID tag
`scanner has been found. If the outcome of block 304 is
`
`negative the method continues with block 306. In block 306
`the RFID-PPD checks for RFID tags that are possessed by
`the user. FIG. 4, described below focuses on details of a
`method of checking for RFID tags possessed by the user,
`according to certain embodiments of the invention. At a
`basic level, executing block 306 involves transmitting inter-
`rogation signals and listening for responses from RFID tags.
`In the process of checking for RFID tags possessed by the
`user, the RFID-PPD 126 receives ID numbers and optionally
`other information from the RFID tags possessed by the user.
`The other information can include information indicating the
`ownership of the possession, or information as to ownership
`may be included in ID numbers of the RFID tags.
`
`In block 308 ID numbers of tags possessed by the
`[0030]
`user are compared to ID numbers in a table of tags possessed
`by the user that is stored in the RFID-PPD 126. The table,
`which is stored in binary form in the RFID-PPD 126 can be
`represented in readable form as shown in the following
`example:
`
`TABLE I
`
`RFID TAGS POSSESSED BY USER
`
`ID NUMBER
`100. . .010
`101 .
`.
`. 110
`101 .
`. .001
`110. . .011
`
`OWNED BY USER ? (Y/N)
`Y
`Y
`Y
`N
`
`in block 306 is suitably temporarily stored separately or
`marked as corresponding to newly found tags until the table
`is updated.
`
`[0032] Block 309 is a decision block the outcome ofwhich
`depends on whether RFID tags that were previously pos-
`sessed by the user, but not owned by the user are now owned
`by the user. The determination made in block 309 is suitably
`made by comparing ownership information gathered in
`block 306 to information that had previously been stored in
`the RFID-PPD 126 in the table. If the outcome of block 309
`
`is negative the method 300 branches to decision block 312.
`
`[0033] The outcome of decision block 312 depends on
`whether any RFID tags that are newly possessed by the user
`have been found. If the outcome of block 312 is negative,
`then the method 300 returns to block 302. If the outcome of
`
`block 312 is positive then the method continues with deci-
`sion block 316.
`
`[0034] Decision block 316 depends on whether any newly
`possessed RFID tags are owned by the user. If there are
`newly possessed tags that are not owned by the user, then the
`method branches to block 318 in which the alert 208 is
`
`activated. The alert suitably takes the form of a visible alert
`(e.g., flashing light, displayed icon), an audible alert (e.g., a
`beep), and/or a tactile alert. If the user has knowingly
`obtained another possession then activation of the alert 208
`in block 318 merely confirms that the RFID-PPD 126 has
`registered the new possession. If the user has not knowingly
`added another possession then activation of the alert in block
`318 alerts the user that someone may be moving another
`RFID tag near the user in order to penetrate privacy pro-
`tection provided RFID-PPD 126. This will be explained
`further below after other relevant aspects of the method 300
`have been described. After activating the alert 208 in block
`318 the method 300 proceeds to block 310.
`
`In block 310 the table oftags possessed by the user
`[0035]
`is updated by adding information on newly discovered RFID
`tags and deleting entries for RFID tags that are no longer
`possessed by the user. According to certain embodiments,
`tags that are marked as owned by the user are not deleted
`even if they are temporarily not possessed by the user. If the
`outcome of block 316 is positive,
`the method proceeds
`directly to the block 310 without activating the alert 208.
`
`If it is determined in block 309 that there are RFID
`[0036]
`tags possessed and owned by the user that were previously
`possessed by the user but not owned then the process 300
`will branch to optional block 340. The foregoing positive
`outcome of block 309 occurs when a user purchases items
`and an authorized RFID writer (e.g., 124) changes the
`ownership of RFID tags. Actions in block 340 and subse-
`quent blocks will describe further below after other aspects
`of the operation of the RFID-PPD 126 have been described.
`
`In the process of executing block 302-318, as long
`[0037]
`as there is no active RFID scarmer within range, the RFID-
`PPD device 126 will periodically update the table of RFID
`tags possessed by the user.
`
`In table I the first column gives the ID number and
`[0031]
`the second colunm indicates whether or not each RFID tag
`is owned by the user. Note that the ID number may include
`one or more bits that are used to indicate the ownership of
`the RFID tag. In the latter case the second column would be
`unnecessary. Information for the tags that are newly found
`
`If there is an active RFID scanner within range,
`[0038]
`then the outcome of decision block 304 will be positive and
`the method 300 will branch to optional block 326. In block
`326 the RFID-PPD 126 will reply to the active scanner by
`sending out a null ID. The null ID can be a fixed or varying
`(e.g., random ID) that the RFID-PPD 126 sends out in order
`
`12
`
`12
`
`
`
`US 2007/0046439 A1
`
`Mar. 1, 2007
`
`to provide some response to active scanners. According to
`alternative embodiments a portion of the null ID is used to
`identify the RFID-PPD 126 as such to the scanner, and a
`portion is used to convey status information, such as whether
`or not the user has newly acquired RFID tags, and whether
`or not some of the newly acquired tags are not owned by the
`user. Alternatively, the RFID-PPD does not send out the null
`ID. After optional block 326 the method 300 proceeds to
`decision block 322.
`
`[0039] The outcome of decision block 322 depends on
`whether all tags possessed by the user are owned by the user.
`This is suitably determined based on information stored in
`the RFID-PPD 126 in the table. If the outcome of block 322
`
`is negative, the flowchart branches to delay block 331. Delay
`block 331 allows time for an external RFID reader (e.g., 110,
`112, 124) to communicate with RFID tags possessed by the
`user. The delay 331 can be made an increasing function of
`the number tags possessed by the user such that sufficient
`time, plus some safety margin, is allowed for the RFID tags
`possessed by the user to be read. In normal use in the store
`102 delay block 331 will be executed when the person 104
`brings items to be purchased to the point-of-sale terminal
`122. In this case the delay 331 allows time for the RFID
`reader/writer 124 to read RFID tags attached to the items
`being purchased and the ownership of the RFID tags to be
`changed by writing to the RFID tags. In the case that the user
`attempts to steal items and proceeds to the exit 114 without
`paying, block 331 will be reached when the user is at the exit
`114, proximate the second RFID reader 112. The second
`RFID reader 112 will then detect that items that have not
`
`been checked out are being taken from the store 102. After
`the delay 331 the method loops back to block 302.
`
`[0040] According to an alternative embodiment, rather
`than the RFID reader/writer 124 changing the ownership of
`the RFID tags possessed by the user, the RFID reader/writer
`124 authorizes the RFID-PPD 126 to change the ownership
`of the RFID tags. According to another alternative embodi-
`ment, the RFID reader/writer 124 communicates the change
`of ownership of RFID tags (e.g., 116, 118) to the RFID-PPD
`126 and the RFID 126 records the ownership for future use
`(e.g., in executing block 322)
`
`tags
`is determined in block 322 that all
`If it
`[0041]
`possessed by the user are owned by the user the method 300
`branches from block 322 to block 328.
`
`In block 328 a masking signal is generated for a
`[0042]
`predetermined period of time. The masking signal serves to
`prevent the active scarmer(s) detected in the most recent
`execution of block 302 from reading the RFID tags pos-
`sessed by the user. In normal use of the RFID-PPD 126 in
`the store 102, block 328 is executed after the user has paid
`for items at the point-of-sale terminal 122 and is moving past
`the second RFID reader 112. Moreover, to protect the user’s
`privacy, block 328 is executed after the user has left the store
`102, if the user has not taken possession of additional RFID
`tags and moves within range of RFID readers outside of the
`store 102.
`
`[0043] The masking signal generated in block 328 can be
`a signal of the type used by blocker tags. Blocker tags
`generate signals that simulate the presence of a very large
`number of RFID tags and thereby overwhelm the active
`RFID scarmer(s). Alternatively, the masking signal can take
`the form of an unmodulated carrier signal or a noise signal,
`
`both of which convey no information. The masking signal
`can interfere with the reception of signals by the active RFID
`scanner, by the RFID tags or both. In embodiments in which
`masking signal is intended primarily to interfere with recep-
`tion of signals by the RFID tags, the strength of the masking
`signal that is generated is suitably based on the range to the
`furthest RFID tag possessed by the user. The effective range
`to the furthest RFID tag possessed by the user can be
`inferred from the strength of the weakest signal received
`from an RFID tag possessed by the user, or from a scan
`range setting of the RFID-PPD 126 that is required to reach
`all of the RFID tags possessed by the user. The latter is
`determined in the method shown in FIG. 4, described below.
`In embodiments in which the masking signal is intended to
`interfere with reception of signals by the active RFID
`scanner, the strength of the masking signal is likewise based
`on the range to the active RFID scanner. By way of
`nonlimitive example, the predetermined period for which
`the masking signal
`is generated in block 328 can be 5
`seconds. After generating the masking signal, the method
`will return to block 302 to determine if the user is still within
`
`range of the active RFID scarmer, and if so return to block
`328 and continue to generate the masking signal. Per blocks
`322, 328 unless the user possesses a tag that the user does
`not own the masking signal will be generated to prevent
`scanning of the RFID tags possessed by the user. The
`RFID-PPD 126 prevents gratuitous scanning of RFID tags
`possessed by the user, and only allows scanning of the tags
`possessed by the user, if the user has taken possession of an
`RFID tag that the user does not own.
`
`[0044] When block 322 is first reached after branching
`from block 304, if the outcome is negative meaning that the
`user does have newly possessed RFID tags that are not
`owned by the user, the masking signal will not be generated
`and the method 300 will branch through to a delay 331.
`Thus, the RFID-PPD 126 will allow scans of RFID tags
`possessed by the user, but not owned by the user. This allows
`the RFID system 100 to perform its intended function of
`scanning tags of items that the user takes possession of and
`preventing theft of such items.
`
`In normal use, after the user has left the store 102,
`[0045]
`the user will be out of range of an active scanner for a period
`of time. Consequently, the outcome of block 304 will be
`negative and the method 300 will reach decision block 309.
`If it is determined in decision block 309 that tags that were
`previously possessed by the user are now owned by the user
`(e.g., having had their ownership changed by the RFID
`reader/writer 124) then the method 300 will branch from
`block 309 to optional block 340.
`
`[0046] According to certain embodiments of the inven-
`tion, certain data (e.g., article identifying information) that is
`stored in the RFID tags 106, 116, 118 can only be changed
`by a party at a particular level of a supply chain (using a
`device such as the RFID reader/writer 124 and the RFID-
`
`PPD 126) if the aforementioned data that indicates owner-
`ship has been changed to indicate ownership at the particular
`level of the supply chain (e.g., distributor, retailer end user).
`
`In block 340 one or more data items are read from
`[0047]
`the newly owned RFID tags. According to an alternative
`embodiment,
`in lieu of block 340 information that was
`previously read from the newly owned RFID tags and stored
`in the memory 206 in the RFID-PPD 126 is read out from
`
`13
`
`13
`
`
`
`US 2007/0046439 Al
`
`Mar. 1, 2007
`
`the memory 206. In optional block 342 the one or more data
`items are encrypted and in optional block 344 the o