Authentication of products using identification tags

US 20060230276A1
Filed: 04/07/2006
Published: 10/12/2006
Est. Priority Date: 04/07/2005
Status: Active Grant

First Claim

Patent Images

1. An identification tag for authenticating a product, wherein the identification tag is associated with the product and has authentication data transmissible to a reader device;

the authentication data comprising;

source data comprising a tag identifier that uniquely identifies the identification tag and a product identifier that identifies a property value of the product, wherein the property value is verifiable by a measurement of the product so that an authentic product is distinguishable from a non-authentic product on the basis of the property value; and

a signature value being a result of a private key encryption of a representation of the source data, wherein the private key encryption uses a private key of a public key encryption method.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identification tag for authenticating a product is associated with the product and has authentication data transmissible to a reader device. The authentication data include source data including a tag identifier that uniquely identifies the identification tag and a signature value that is a result of a private key encryption of a representation of the source data, where the private key encryption uses a private key of a public key encryption method.

Citations

38 Claims

1. An identification tag for authenticating a product, wherein the identification tag is associated with the product and has authentication data transmissible to a reader device;
- the authentication data comprising;
  
  source data comprising a tag identifier that uniquely identifies the identification tag and a product identifier that identifies a property value of the product, wherein the property value is verifiable by a measurement of the product so that an authentic product is distinguishable from a non-authentic product on the basis of the property value; and
  
  a signature value being a result of a private key encryption of a representation of the source data, wherein the private key encryption uses a private key of a public key encryption method.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The identification tag of claim 1, wherein the property value of the product specifies one of the following properties:
    - weight, electric resistance, serial number, geometric properties such as extension in one dimension or circumference.
  - 3. The identification tag of claim 1, wherein the product identifier identifies the property value by specifying an access through the Internet to a database providing the property value.
  - 4. The identification tag of claim 1, wherein the source data further comprise a key identifier that identifies a public key, the public key being applicable with a public key decryption to decrypt data which have been encrypted with the private key encryption using the private key.
  - 5. The identification tag of claim 4, wherein the key identifier identifies the public key by specifying an access through the Internet to a database providing the public key, wherein the database is controlled by an authentication authority that maintains public keys for authenticating products.
  - 6. The identification tag of claim 1, wherein the public key encryption method includes any one of the following public key encryption methods:
    - Rivest Shamir Adleman (RSA), Digital Signature Algorithm (DSA), Diffie-Hellmann, ElGamal, Rabin.
  - 7. The identification tag of claim 1, wherein the representation of the source data is a result of applying a hash function to the source data, wherein the hash function assigns the representation to the source data and the representation is not assigned to a further source data of a further identification tag.
  - 8. The identification tag of claim 7, wherein the hash function is any one of the following hash functions:
    - MD2, MD4, MD5, RIPEMD-160, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, Snefru, Tiger, Whirlpool.
  - 9. The identification tag of claim 7, wherein the source data further comprise a signature provision that comprises an identifier of the public key decryption and an identifier of the hash function applied to the source data.
  - 10. The identification tag of claim 1, wherein the identification tag is a passive radio frequency identification tag that derives the power for transmitting data from the reader device.
  - 11. The identification tag of claim 1, wherein the identification tag is associated with the product in a non-detachable way so that the identification tag is unusable for a further product.

12. A verification device for authenticating a product, wherein the verification device uses transmissible authentication data from an identification tag associated with the product;
- the verification device comprising;
  
  a reader unit configured to read the authentication data from the identification tag; and
  
  a decryption engine configured to;
  
  identify source data and a signature value from the authentication data read by the reader unit, wherein the source data comprise a tag identifier that uniquely identifies the identification tag and a product identifier that identifies a property value of the product, wherein the property value is verifiable by a measurement of the product that an authentic product is distinguishable from a non-authentic product on the basis of the property value and wherein the signature value represents a result of a private key encryption of a representation of the source data, the private key encryption using a private key of a public key encryption method;
  
  decrypt the signature value with a public key decryption using a public key, the public key decryption being applicable to decrypt data which have been encrypted with the private key encryption using the private key; and
  
  check if the decrypted signature value is equal to the representation of the source data.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. The verification device of claim 12, wherein the decryption engine is communicatively coupled to a measure unit for measuring the property value of the product.
  - 14. The verification device of claim 13, wherein the cryptographic engine is further configured to check if the value measured by the measure unit corresponds to the property value obtainable with the product identifier.
  - 15. The verification device of claim 12 further comprising a communication interface between the cryptographic engine and the Internet.
  - 16. The verification device of claim 15, wherein the communication interface is configured to provide an access for the decryption engine to the property value from a database using the product identifier.
  - 17. The verification device of claim 12, wherein the decryption engine is configured to further identify a key identifier comprised by the source data, wherein the key identifier identifies a public key that is applicable to decrypt data that have been encrypted with the private key encryption using the private key.
  - 18. The verification device of claim 15, wherein the communication interface is configured to provide an access for the decryption engine to the public key from a database using the key identifier.
  - 19. The verification device of claim 12, wherein the representation of the source data is a result of applying a hash function to the source data, wherein the hash function assigns the representation to the source data and the representation is not assigned to a further source data of a further identification tag.
  - 20. The verification device of claim 12, wherein the source data further comprise a signature provision comprising an identifier of the public key decryption and an identifier of the hash function applied to the source data.
  - 21. The verification device of claim 12, wherein the reader unit is configured to read the authentication data from a passive radio frequency identification tag and to provide power to the passive radio frequency identification tag for transmitting the authentication data.

22. A branding machine for writing at least one portion of authentication data to an identification tag, wherein the authentication data are transmissible from the identification tag to a reader unit of a verification device;
- the branding machine comprising;
  
  an encryption engine configured to;
  
  provide a tag identifier that identifies uniquely the identification tag and a product identifier that identifies a property value of the product, wherein the property value is verifiable by a measurement of the product so that an authentic product is distinguishable from a non-authentic product on the basis of the property value; and
  
  compute a signature value that is a result of a private key encryption of a representation of source data that comprise the tag identifier and the product identifier, wherein the private key encryption uses a private key of a public key encryption method; and
  
  a writing unit configured to write the signature value to the identification tag.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The branding machine of claim 22, wherein the writing unit is further configured to write the source data to the identification tag.
  - 24. The branding machine of claim 23, wherein the property value of the product specifies any of the following properties:
    - weight, electric resistance, serial number, geometric properties such as extension in one dimension or circumference.
  - 25. The branding machine of claim 23, wherein the product identifier identifies the property value by specifying an access through the Internet to a database providing the property value.
  - 26. The branding machine of claim 22, wherein the source data further comprise a key identifier that identifies a public key, the public key being applicable to decrypt data that have been encrypted with the private key encryption using the private key.
  - 27. The branding machine of claim 26, wherein the key identifier identifies the public key by specifying an access through the Internet to a database providing the public key, wherein the database is controlled by an authentication authority that maintains public keys for authenticating products.
  - 28. The branding machine of claim 22, wherein the representation of the source data is a result of applying a hash function to the source data, wherein the hash function assigns the representation to the source data and the representation is not assigned to a further source data of a further identification tag.
  - 29. The branding machine of claim 28, wherein the source data further comprise a signature provision that comprises an identifier of the public key decryption and an identifier of the hash function applied to the source data.

30. A system for authenticating a product comprising:
- an identification tag associated with the product and including authentication data transmissible to a reader device for authenticating a product;
  
  a verification device that uses the transmissible authentication data from the identification tag; and
  
  a branding machine for writing at least one portion of authentication data to the identification tag, wherein the authentication data comprise source data including a tag identifier that uniquely identifies the identification tag and a product identifier that identifies a property value of the product, wherein the property value is verifiable by a measurement of the product so that an authentic product is distinguishable from a non-authentic product on the basis of the property value, wherein the source data comprise a signature value that is a result of a private key encryption of a representation of the source data, wherein the private key encryption uses a private key of a public key encryption method, wherein the verification device comprises the reader device, and wherein the reader device is configured to read the authentication data from the identification tag, wherein the verification device comprises a decryption engine configured to;
  
  identify the source data and the signature value from the authentication data read by the reader device;
  
  decrypt the signature value with a public key decryption using a public key, the public key decryption being applicable to decrypt data that have been encrypted with the private key encryption using the private key; and
  
  check if the decrypted signature value is equal to the representation of the source data. wherein the branding machine comprises an encryption engine configured to;
  
  provide the tag identifier and the product identifier; and
  
  compute the signature value; and
  
  wherein the branding device comprises a writing unit configured to write the signature value to the identification tag.

31. A computer implemented method for creating at least one portion of authentication data, wherein the authentication data are applicable to be stored on an identification tag;
- the method comprising;
  
  providing a tag identifier that identifies uniquely the identification tag and a product identifier that identifies a property value of the product, wherein the property value is verifiable by a measurement of the product so that an authentic product is distinguishable from a non-authentic product on the basis of the property value;
  
  computing a representation of source data that comprise the tag identifier and the product identifier; and
  
  computing a signature value by encrypting the representation with a private key encryption, wherein the private key encryption uses a private key of a public key encryption method and wherein the authentication data comprise the source data and the signature value.
- View Dependent Claims (32, 33, 34)
- - 32. The method of claim 31, wherein computing the representation comprises applying a hash function to the source data.
  - 33. The method of claim 32, wherein the source data further comprise a signature provision that comprises an identifier of a public key decryption and an identifier of the hash function applied to the source data, wherein the public key decryption is applicable to decrypt data which have been encrypted with the private key encryption.
  - 34. The method of claim 31, wherein the source data further comprise a key identifier that identifies a public key, the public key being applicable with the public key decryption to decrypt data which have been encrypted with the private key encryption using the private key.

35. A computer implemented method for checking authentication data, wherein the authentication data have been read from an identification tag;
- the method comprising;
  
  identifying source data from the authentication data, wherein the source data comprise a tag identifier which uniquely identifies the identification tag and a product identifier which specifies a means of obtaining a property value of the product, wherein the property value is verifiable by a measurement of the product so that an authentic product is distinguishable from a non-authentic product on the basis of the property value;
  
  identifying a signature value from the authentication data, wherein the signature value represents a result of a private key encryption of a representation of the source data, the private key encryption using a private key of a public key encryption method;
  
  computing the representation of the source data;
  
  decrypting the signature value with a public key decryption using a public key, the public key decryption being applicable to decrypt data which have been encrypted with the private key encryption using the private key; and
  
  checking if the decrypted signature value is equal to the representation of the source data.
- View Dependent Claims (36, 37, 38)
- - 36. The method of claim 35, wherein computing the representation comprises applying a hash function to the source data.
  - 37. The method of claim 36, wherein the source data further comprise a signature provision which comprises an identifier of the public key decryption and an identifier of the hash function applied to the source data.
  - 38. The method of claim 35, wherein the source data further comprise a key identifier that identifies a public key, the public key being applicable to decrypt data which have been encrypted with the private key encryption using the private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Nochta, Zoltan

Granted Patent

US 8,037,294 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G07F 7/08   by coded identity card or c...

G07F 7/127   in which both online and of...

G07G 1/0054   with control of supplementa...

G07G 1/009   the reader being an RFID re...

Authentication of products using identification tags

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication of products using identification tags

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links