Paper 2010/634

ROTIV: RFID Ownership Transfer with Issuer Verification

Kaoutar Elkhiyaoui, Erik-Oliver Blass, and Refik Molva


RFID tags travel between partner sites in a supply chain. For privacy reasons, each partner “owns” the tags present at his site, i.e., the owner is the only entity able to authenticate his tags. However, when passing tags on to the next partner in the supply chain, ownership of the old partner is “transferred” to the new partner. In this paper, we propose ROTIV, a protocol that allows for secure ownership transfer against some malicious owners. Furthermore, ROTIV offers issuer verification to prevent malicious partners from injecting fake tags not originally issued by some trusted party. As part of ownership, ROTIV provides a constant-time, privacy-preserving authentication. ROTIV’s main idea is to combine an HMAC-based authentication with tag key and state updates during ownership transfer. To assure privacy, ROTIV implements tag state re-encryption techniques and key update techniques, performed on the reader. ROTIV is designed for lightweight tags – tags are only required to evaluate a hash function.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
RFIDownership transferissuer verification.
Contact author(s)
kaoutar elkhiyaoui @ eurecom fr
2011-06-09: last of 2 revisions
2010-12-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Kaoutar Elkhiyaoui and Erik-Oliver Blass and Refik Molva},
      title = {{ROTIV}: {RFID} Ownership Transfer with Issuer Verification},
      howpublished = {Cryptology ePrint Archive, Paper 2010/634},
      year = {2010},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.