Abstract—RFID (Radio frequency identification) technologyraises many privacy concerns among which the potentialtracking of an RFID tag bearer and the eventuality of anillegitimate reading device (reader) collecting informationabout him. To solve these issues, many RFID privacyprotecting protocols assume that readers have continuousconnectivity with a centralised on-line database in chargeof the identification of a certain amount of tags. Howeversuch centralised models can raise scalability and latencyproblems. Moreover, they are not suitable in applicationswhere connectivity is intermittent. As RFID tags may oftenchange hands, it is also necessary to guarantee the privacyof a new tag owner. In this paper, we introduce a privacyprotecting scheme based on pseudonyms that allows an onlinedatabase to delegate temporarily and in a secure mannerthe capability to identify tags to selected readers. A readerwhich receives delegation for a given tag can identify thistag without referring to the on-line database, thus solvingpossible intermittent connectivity issues and making tagidentification more scalable. Our protocol also manages tagsownership transfer without threatening the new owner’sprivacy.

Index Terms—RFID, privacy, scalabilty, intermittent connectivity,time-limited delegation, ownership transfer

Cite: Sepideh Fouladgar and Hossam Afifi, "A Simple Privacy Protecting Scheme Enabling Delegation and Ownership Transfer for RFID Tags," Journal of Communications, vol. 2, no. 6, pp. 6-13, 2007.