Method For Cryptographically Combining HF and UHF RFID Tags/Smart Cards To Create A Single Multi-Use Credential

US 20080290994A1
Filed: 03/25/2008
Published: 11/27/2008
Est. Priority Date: 03/30/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for creating an enhanced RFID tag comprising:

proximately co-locating a longer range RFID tag and a relatively shorter range credential in the same container; and

cryptographically binding the longer range RFID tag to the shorter range credential by storing, on the longer range tag, signed data including indicia of the shorter range tag;

wherein the longer range RFID tag requires authorization via an authentication server to grant access to data stored in the enhanced RFID tag.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for creating an enhanced RFID tag. A longer range RFID tag and a relatively shorter range credential are proximately co-located in the same container. The longer range RFID tag is cryptographically bound to the shorter range credential by storing, on the longer range tag, signed data which includes indicia of the shorter range tag. The longer range RFID tag requires authorization via an authentication server to grant access to data stored in the enhanced RFID tag.

30 Citations

View as Search Results

30 Claims

1. A method for creating an enhanced RFID tag comprising:
- proximately co-locating a longer range RFID tag and a relatively shorter range credential in the same container; and
  
  cryptographically binding the longer range RFID tag to the shorter range credential by storing, on the longer range tag, signed data including indicia of the shorter range tag;
  
  wherein the longer range RFID tag requires authorization via an authentication server to grant access to data stored in the enhanced RFID tag.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein said indicia includes at least one of the types of indicia in the set of indicia consisting of the shorter range tag'"'"'s public ID, the shorter range tag'"'"'s private ID, the shorter range tag'"'"'s public key, physical characteristics of the longer range tag, an external unique ID, characteristics of the tag bearer, characteristics of an item to which the enhanced tag is affixed, and a timestamp.
  - 3. The method of claim 1, wherein the enhanced tag is authenticated by initially including, and subsequently updating, a nonce in the signed data, each time the longer range tag is read.
  - 4. The method of claim 1, wherein the shorter range credential is a contact smart card.
  - 5. The method of claim 1, wherein the shorter range credential is a contactless smart card.
  - 6. The method of claim 1, wherein the longer range RFID tag is a UHF RFID tag, and the shorter range credential is an HF RFID tag.
  - 7. The method of claim 1, wherein the enhanced tag is used as a component in a security system, further including:
    - performing a transfer of high value credentials to long value credentials that are valid for a limited duration and stored in the shorter range credential,using the shorter range credential to obtain a signed service entitlement, in the form of a service ticket, stored in the longer range RFID tag; and
      
      presenting the entitlement to a tag reader repeatedly until the entitlement expires;
      
      wherein the shorter range credential contains rules including TGT and Kerberos server rules; and
      
      while the shorter range credential is valid, the shorter range credential issues the service entitlement according to policy stored therein.
  - 8. The method of claim 7, wherein the shorter range credential permits its being unlocked only periodically using a high value credential selected from the list consisting of a fingerprint, a PIN, and an attendant-verified photograph.
  - 9. The method of claim 7, wherein offline transactions are supported with risk management state and logic being stored on the shorter range credential.

10. A method for creating an enhanced RFID tag comprising:
- proximately co-locating a longer range RFID tag and a shorter range credential in the same container;
  
  cryptographically binding a longer range RFID tag to the shorter range credential by storing, on the longer range tag, signed data including indicia of the shorter range tag;
  
  encrypting the data on the longer range tag with a key derived from at least one characteristic selected from the set of characteristics consisting of an anticollision ID, physical characteristics of the enhanced tag, characteristics of the tag bearer, and characteristics of an item to which the enhanced tag is affixed;
  
  re-encrypting the longer range tag with a different IV each time the longer range tag is read to effectively change the contents thereof;
  
  authenticating the enhanced tag by including and updating a nonce in the signed data; and
  
  updating the nonce by an RFID reader and storing the nonce in a database at a given authority.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The method of claim 10, wherein said indicia includes at least one of the types of indicia in the set of indicia consisting of the shorter range tag'"'"'s public ID, the shorter range tag'"'"'s private ID, the shorter range tag'"'"'s public key, physical characteristics of the longer range tag, an external unique ID, characteristics of the tag bearer, characteristics of an item to which the enhanced tag is affixed, and a timestamp.
  - 12. The method of claim 10, wherein the enhanced tag is authenticated by initially including, and subsequently updating, a nonce in the signed data, each time the longer range tag is read.
  - 13. The method of claim 10, wherein the enhanced tag is used as a component in a security system, further including:
    - performing a transfer of high value credentials to long value credentials that are valid for a limited duration and stored in the shorter range credential,using the shorter range credential to obtain a signed service entitlement, in the form of a service ticket, stored in the longer range RFID tag;
      
      presenting the entitlement to a tag reader repeatedly until the entitlement expires;
      
      wherein the shorter range credential contains rules including TGT and Kerberos server rules; and
      
      while the shorter range credential is valid, the shorter range credential issues the service entitlement according to policy stored therein.
  - 14. The method of claim 10, wherein the shorter range credential permits its being unlocked only periodically using a high value credential selected from the list consisting of a fingerprint, a PIN, and an attendant-verified photograph.
  - 15. The method of claim 10, wherein offline transactions are supported with risk management state and logic being stored on the shorter range credential.
  - 16. The method of claim 10, wherein the HF tag is re-encrypted with a different anticollision ID after each time the longer range tag is read.
  - 17. The method of claim 10, wherein the shorter range credential is a contact RFID tag.
  - 18. The method of claim 10, wherein the shorter range credential is a smart card.
  - 19. The method of claim 10, wherein the longer range RFID tag is a UHF tag, and the shorter range credential is an HF tag.
  - 20. The method of claim 10, wherein, in the case where the encrypted data is encrypted with a symmetric key, the step of updating the nonce is deferred until the next time both the HF tag and the UHF tags are read together.

21. An enhanced RFID tag comprising:
- a longer range RFID tag and a shorter range credential, proximately co-located in the same container;
  
  wherein the longer range RFID tag is cryptographically bound to the shorter range credential by storing, on the longer range tag, signed data including indicia of the shorter range tag; and
  
  wherein the longer range RFID tag requires authorization via an authentication server for access to data stored in the enhanced RFID tag.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The enhanced RFID tag of claim 21, wherein the shorter range credential is a contact RFID tag.
  - 23. The enhanced RFID tag of claim 21, wherein the shorter range credential is a smart card.
  - 24. The enhanced RFID tag of claim 21, wherein the longer range RFID tag is a UHF tag, and the shorter range credential is an HF tag.
  - 25. The enhanced RFID tag of claim 21, wherein the longer range RFID tag and the shorter range credential are situated within approximately 2 cm of each other.
  - 26. The enhanced RFID tag of claim 21, wherein the enhanced RFID tag has a credit card form factor.
  - 27. The enhanced RFID tag of claim 21, wherein the enhanced RFID tag has an ISO hard card form factor.
  - 28. The enhanced RFID tag of claim 21, wherein the enhanced tag is authenticated by initially including, and subsequently updating, a nonce in the signed data, each time the longer range tag is read.
  - 29. The enhanced RFID tag of claim 21, wherein the enhanced tag is used as a component in a security system, further including:
    - performing a transfer of high value credentials to long value credentials that are valid for a limited duration and stored in the shorter range credential,using the shorter range credential to obtain a signed service entitlement, in the form of a service ticket, stored in the longer range RFID tag; and
      
      presenting the entitlement to a tag reader repeatedly until the entitlement expires;
      
      wherein the shorter range credential contains rules including TGT and Kerberos server rules; and
      
      while the shorter range credential is valid, the shorter range credential issues the service entitlement according to policy stored therein.
  - 30. The enhanced RFID tag of claim 29, wherein the shorter range credential permits its being unlocked only periodically using a high value credential selected from the list consisting of a fingerprint, a PIN, and an attendant-verified photograph.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GSI Group Corporation (Novanta Inc.)
Original Assignee
SkyeTek, Inc. (RFID Holdings, Inc.)
Inventors
Chakraborty, Sayan, Bruns, Logan

Application Number

US12/055,270
Publication Number

US 20080290994A1
Time in Patent Office

Days
Field of Search
US Class Current

340/10.1
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/0807 using tickets, e.g. Kerbero...

Method For Cryptographically Combining HF and UHF RFID Tags/Smart Cards To Create A Single Multi-Use Credential

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method For Cryptographically Combining HF and UHF RFID Tags/Smart Cards To Create A Single Multi-Use Credential

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links