VERIFICATION OF MOVEMENT OF ITEMS

US 20100111294A1
Filed: 03/11/2008
Published: 05/06/2010
Est. Priority Date: 03/14/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method of verifying a route taken during movement of an RFID tag (4) between different entities of an authorized route;

the method comprising;

first verification apparatus (10) associated with a first entity of the authorized route using a first private key (68) to provide, for a given RFID tag identity, a first encrypted signature (9) that is written to an RFID tag (4);

second verification apparatus (20) associated with a second entity of the authorized route using a public key (64) to decrypt the encrypted signature (9) from data read out from the RFID tag (4); and

the second verification apparatus (20) verifying whether the decrypted signature (9) corresponds to an entity from which the second entity is authorized to receive an RFID tag (4) with the given RFID tag identity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus and system for verifying a route taken during movement of an RFID tag (4) between different entities of an authorized route. The method comprises: first verification apparatus (10) associated with a first entity using a first private key (68) to provide a first encrypted signature (9) that is written to an RFID tag (4); second verification apparatus (20) associated with a second entity using a public key (64) to decrypt the signature (9) from data read out from the RFID tag (4); and the second verification apparatus (20) verifying that the decrypted signature (9) corresponds to an entity from which the second entity is authorized to receive the given RFID tag identity. The second verification apparatus (20) may use a second private key (68) to provide a second encrypted signature (9) that is written to the RFID tag (4).

Citations

27 Claims

1. A method of verifying a route taken during movement of an RFID tag (4) between different entities of an authorized route;
- the method comprising;
  
  first verification apparatus (10) associated with a first entity of the authorized route using a first private key (68) to provide, for a given RFID tag identity, a first encrypted signature (9) that is written to an RFID tag (4);
  
  second verification apparatus (20) associated with a second entity of the authorized route using a public key (64) to decrypt the encrypted signature (9) from data read out from the RFID tag (4); and
  
  the second verification apparatus (20) verifying whether the decrypted signature (9) corresponds to an entity from which the second entity is authorized to receive an RFID tag (4) with the given RFID tag identity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method according to claim 1, further comprising the second verification apparatus (20), responsive to the verifying step determining that the decrypted signature (9) does correspond to an entity from which the second entity is authorized to receive a tag with the given RFID tag identity, using a second private key (68) to provide, for the given RFID tag identity, a second encrypted signature (9) that is written to the RFID tag (4).
  - 3. A method according to claim 1, further comprising the second verification apparatus (20) reporting the outcome of the verifying step to one or more third parties.
  - 4. A method according to claim 3, wherein one third party of the one or more third parties is a controller apparatus (6) from which the second verification apparatus (20) received the public key (64).
  - 5. A method according to claim 3, wherein one third party of the one or more third parties is an electronic pedigree service.
  - 6. A method according to claim 3, further comprising the second verification apparatus (20) raising an alarm responsive to the verifying step determining that the decrypted signature (9) does not correspond to an entity from which the second entity is authorized to receive an RFID tag (4) with the given RFID tag identity.
  - 7. A method according to claim 1, wherein the first and second verification apparatus receive the keys from a controller apparatus (6).
  - 8. A method according to claim 1, wherein the second verification apparatus (20) receives the public key (64) from the first verification apparatus (10).
  - 9. A method according to claim 1, wherein the first verification apparatus (10) receives the first private key (68) from the second verification apparatus (20).
  - 10. A method according to claim 1, wherein at least one of the first verification apparatus (10) and the second verification apparatus (20) comprises a trusted platform module.
  - 11. A method according to claim 10, further comprising the controller apparatus (6) remotely attesting the first verification apparatus (10) and/or the second verification apparatus (20).

12. A method of setting up a system for verifying a route taken during movement of an RFID tag (4), the method comprising:
- a controller apparatus (6) distributing public keys, private keys and entity-specific policies to a plurality of verification apparatus (10, 20, 30), each verification apparatus being associated with a respective entity of a plurality of entities of an authorized route for a given RFID tag identity;
  
  wherein a private key (68) distributed to the verification apparatus (10) associated with a first entity corresponds to a public key (64) distributed to the verification apparatus (20) associated with a second entity according to a policy (62) distributed to the verification apparatus (20) associated with the second entity, for the given RFID tag identity.
- View Dependent Claims (13, 14, 15, 16)
- - 13. A method according to claim 12, wherein the controller apparatus (6) determines the entity-specific policies by deconstructing a specification of an authorized route comprising plural entities.
  - 14. A method according to claim 12, wherein the controller apparatus (6) distributes the public keys, private keys and entity-specific policies to the plurality of verification apparatus (10, 20, 30) via a plurality of temporary communication links (14, 24, 34).
  - 15. A method according to claim 12, wherein at least one of the plurality of verification apparatus (10, 20, 30) comprises a trusted platform module.
  - 16. A method according to claim 12, wherein one or more of the keys and policies are distributed to a sealed storage (80) in the verification apparatus (10, 20, 30).

17. Verification apparatus for use in verification of a route taken during movement of an RFID tag (4), the verification apparatus comprising:
- one or more stores (54, 50, 52) for storing a private key (68), a public key (64), and a policy (62); and
  
  one or more processors arranged to;
  
  (i) receive, from an RFID tag reader (22), data (60) read-out from the RFID tag (4) and comprising an RFID tag identity and an encrypted signature (9);
  
  (ii) use the public key (64) to decrypt the encrypted signature (9) from the data (60) read-out from the RFID tag (4);
  
  (iii) verify that the decrypted signature (9) corresponds to a first entity from which, according to the policy (62), a second entity associated with the verification apparatus is authorized to receive an RFID tag (4) with the given RFID tag identity;
  
  (iv) use the private key (68) to provide, for the given RFID tag identity, a new encrypted signature (9); and
  
  (v) forward data (70) comprising the new encrypted signature (9) to an RFID tag writer (22) for writing to the RFID tag (4).
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 18. Apparatus according to claim 17, wherein the apparatus further comprises the RFID tag reader (22) and the RFID tag writer (22).
  - 19. Apparatus according to claim 17, wherein the one or more processors are further arranged to report the verification to one or more third parties.
  - 20. Apparatus according to claim 17, further comprising sealed storage (80), and wherein at least one of the one or more stores is provided in the sealed storage (80).
  - 21. Apparatus according to claim 17, further comprising a trusted platform module.
  - 22. A system for verifying a route taken during movement of an RFID tag (4), the system comprising:
    - a first verification apparatus according to claim 17; and
      
      a second verification apparatus, the second verification apparatus comprising;
      
      a store for storing a private key (68); and
      
      one or more processors arranged to;
      
      (i) use the private key (68) to provide, for the given RFID tag identity, an encrypted signature (9); and
      
      (ii) forward data comprising the encrypted signature (9) to an RFID tag writer for writing to the RFID tag (4).
  - 23. A system according to claim 22, wherein the second verification apparatus is upstream of the first verification apparatus with respect to the route taken during movement of the RFID tag (4).
  - 24. A system according to claim 22, wherein the second verification apparatus is a verification apparatus.
  - 25. A system for verifying a route taken during movement of an RFID tag (4), the system comprising:
    - a first verification apparatus according to claim 17; and
      
      a third verification apparatus (30), the third verification apparatus (30) comprising;
      
      a store for storing a public key (64) and a policy; and
      
      one or more processors arranged to;
      
      (i) receive, from an RFID tag reader, data read-out from the RFID tag (4) and comprising the RFID tag identity and the encrypted signature (9);
      
      (ii) use the public key (64) to decrypt the encrypted signature (9) from the data read-out from the RFID tag (4); and
      
      (iii) verify that the decrypted signature (9) corresponds to an entity from which, according to the policy, a third entity associated with the third verification apparatus is authorized to receive an RFID tag (4) with the given RFID tag identity.
  - 26. A system according to claim 25, wherein the third verification apparatus (30) is a verification apparatus.
  - 27. A system according to claim 25, further comprising a second verification apparatus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
Burbridge, Trevor, Soppera, Andrea

Application Number

US12/531,137
Publication Number

US 20100111294A1
Time in Patent Office

Days
Field of Search
US Class Current

380/28
CPC Class Codes

G06Q 10/08   Logistics, e.g. warehousing...

G06Q 10/087   Inventory or stock manageme...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

VERIFICATION OF MOVEMENT OF ITEMS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

VERIFICATION OF MOVEMENT OF ITEMS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links