RFID tags with dynamic key replacement
First Claim
1. A method to wirelessly authenticate an item, the method comprising:
- transmitting a message to a Radio Frequency Identification (RFID) integrated circuit (IC) associated with the item;
receiving, from the RFID IC, an identifier and a cryptographic response to the message;
determining, based on the identifier, a plurality of potential keys including a used key and at least one unused key;
generating a plurality of processed cryptographic responses, each processed cryptographic response based on the received cryptographic response and a respective potential key in the plurality of potential keys;
extracting verification values from the plurality of processed cryptographic responses;
in response to extracting at least one verification value, determining whether the at least one verification value one of corresponds to and is sufficiently close to a known value; and
in response to determining that the at least one verification value one of corresponds to and is sufficiently close to the known value, considering the item authentic, otherwise considering the item suspect.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographically-enabled RFID tag stores a primary secret key and derives secondary keys from the primary key. A secondary key may be derived by combining the primary key with one or more other parameters using one or more algorithms. The tag uses a derived secondary key to encrypt or electronically sign a tag response sent to a verifying entity. The verifying entity does not know the derived secondary key, but knows the tag primary key and the parameters and algorithms used to derive the secondary key and can derive all of the potential secondary keys. The verifying entity can then attempt to authenticate the tag or tag response by trying potential secondary keys.
-
Citations
19 Claims
-
1. A method to wirelessly authenticate an item, the method comprising:
-
transmitting a message to a Radio Frequency Identification (RFID) integrated circuit (IC) associated with the item; receiving, from the RFID IC, an identifier and a cryptographic response to the message; determining, based on the identifier, a plurality of potential keys including a used key and at least one unused key; generating a plurality of processed cryptographic responses, each processed cryptographic response based on the received cryptographic response and a respective potential key in the plurality of potential keys; extracting verification values from the plurality of processed cryptographic responses; in response to extracting at least one verification value, determining whether the at least one verification value one of corresponds to and is sufficiently close to a known value; and in response to determining that the at least one verification value one of corresponds to and is sufficiently close to the known value, considering the item authentic, otherwise considering the item suspect. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A cryptographic device configured to wirelessly authenticate an item, the cryptographic device comprising:
-
a key-generation device configured to determine, based on an identifier received from a Radio Frequency Identification (RFID) integrated circuit (IC) associated with the item, a plurality of potential keys including a used key and at least one unused key; and a processor configured to; transmit a message to the RFID IC; receive, from the RFID IC, the identifier and a cryptographic response to the message; generate a plurality of processed cryptographic responses, each processed cryptographic response based on the received cryptographic response and a respective potential key in the plurality of potential keys; extract verification values from the plurality of processed cryptographic responses; in response to extracting at least one verification value, determine whether the at least one verification value one of corresponds to and is sufficiently close to a known value; and in response to determining that the at least one verification value one of corresponds to and is sufficiently close to the known value, consider the item authentic, otherwise consider the item suspect. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A Radio Frequency Identification (RFID) system configured to wirelessly authenticate an item, the system comprising:
-
an RFID reader configured to communicate with an RFID integrated circuit (IC) associated with the item; a key-generation device configured to determine, based on an identifier received from the RFID IC, a plurality of potential keys including a used key and at least one unused key; and a processor configured to; cause the RFID reader to transmit a message to the RFID IC; receive, from the RFID IC and via the RFID reader, the identifier and a cryptographic response; generate a plurality of processed cryptographic responses, each processed cryptographic response based on the received cryptographic response and a respective potential key in the plurality of potential keys; extract at least one verification value from the plurality of processed cryptographic responses; in response to extracting the at least one verification value, determine whether the at least one verification value one of corresponds to and is sufficiently close to a known value; and in response to determining that the at least one verification value one of corresponds to and is sufficiently close to the known value, consider the item authentic, otherwise consider the item suspect. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification