Preserving Security by Synchronizing a Nonce or Counter Between Systems
First Claim
1. A method for a server to securely identify an originator of a message including obscured information, comprising:
- associating a shared secret key with a device identifier corresponding to a wireless identity transmitter;
receiving the message including a rolling identifier;
extracting the rolling identifier from the received message;
decoding the extracted rolling identifier using a streaming-like encryption algorithm, and the shared secret key to generate a decoded device identifier;
determining whether the decoded device identifier matches the device identifier associated with the shared secret key; and
identifying the originator of the received message as the wireless identity transmitter when the decoded device identifier matches the device identifier associated with the wireless identity transmitter.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems and devices enable synchronizing obscured identification information between a wireless identity transmitter and a central server to support one-way communication of the obscured identification information to the central server. The wireless identity transmitter may be a compact device configured to broadcast messages, such as through Bluetooth® advertisements, including an obscured identifier for receipt and relay to the central server by proximate proximity broadcast receivers via sighting messages that may also include location information. The central server may decode received identification codes to identify the wireless identity transmitter. The wireless identity transmitter may create message data by concatenating identifying information with an incrementing nonce, encrypting the concatenated information, and truncating the encrypted information. Alternatively, concatenated identification information may be encrypted with a pseudo-random function and a secret key known by the central server. The central server that may compare received data to pre-calculated encrypted data.
177 Citations
128 Claims
-
1. A method for a server to securely identify an originator of a message including obscured information, comprising:
-
associating a shared secret key with a device identifier corresponding to a wireless identity transmitter; receiving the message including a rolling identifier; extracting the rolling identifier from the received message; decoding the extracted rolling identifier using a streaming-like encryption algorithm, and the shared secret key to generate a decoded device identifier; determining whether the decoded device identifier matches the device identifier associated with the shared secret key; and identifying the originator of the received message as the wireless identity transmitter when the decoded device identifier matches the device identifier associated with the wireless identity transmitter. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for a wireless identity transmitter to transmit obscured information to enable one-way communication of identification information, comprising:
-
initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter with a streaming-like encryption algorithm using a secret key shared with a server and the nonce; periodically broadcasting a message including the rolling identifier using short-range wireless transmissions; and incrementing the nonce at a predefined interval. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A method for a server to securely identify an originator of a message including obscured information, comprising:
-
associating a shared secret key with a nonce and a device identifier for a wireless identity transmitter; receiving the message including a rolling identifier; extracting the rolling identifier from the received message; incrementing the nonce to represent a current time of the server; encoding the device identifier using the shared secret key, the nonce, and a pseudo-random function to generate server-encrypted data; determining whether the server-encrypted data matches the extracted rolling identifier; and identifying the originator of the received message as the wireless identity transmitter when the server-encrypted data matches the extracted rolling identifier. - View Dependent Claims (13, 14, 15)
-
-
16. A method for a wireless identity transmitter to transmit obscured information to enable one-way communication of identification information, comprising:
-
initializing a nonce within the wireless identity transmitter; generating a rolling identifier by using a pseudo-random function to encode a device identifier associated with the wireless identity transmitter based on a secret key shared with a server, and the nonce; periodically broadcasting a message including the rolling identifier using short-range wireless transmissions; and incrementing the nonce at a predefined interval to maintain a current time of the wireless identity transmitter. - View Dependent Claims (17, 18)
-
-
19. A method for a server to securely identify an originator of a message including obscured information, comprising:
-
associating a device identifier for a wireless identity transmitter with an initial nonce, a current nonce, a first secret key, and a second secret key; pre-computing a plurality of encoded nonces using a pseudo-random function with the second secret key and the current nonce; receiving the message including a rolling identifier and an encoded nonce; extracting the encoded nonce from the received message; extracting the rolling identifier from the received message; comparing the extracted encoded nonce to the plurality of pre-computed encoded nonces; when the extracted encoded nonce matches any of the plurality of pre-computed encoded nonces, decoding the extracted rolling identifier using a streaming-like encryption algorithm, the first secret key, and a nonce associated with a pre-computed encoded nonce matching the extracted encoded nonce to generate a decoded device identifier; when the extracted encoded nonce does not match one of the plurality of pre-computed encoded nonces, decoding the extracted rolling identifier using the streaming-like encryption algorithm, the first secret key, and the initial nonce associated with the wireless identity transmitter to generate the decoded device identifier; and identifying the originator of the received message as the wireless identity transmitter when the decoded device identifier matches the device identifier of the wireless identity transmitter. - View Dependent Claims (20)
-
-
21. A method for a wireless identity transmitter to transmit obscured information to enable one-way communication of identification information, comprising:
-
initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter, a first secret key shared with a server, and the nonce with a streaming-like encryption algorithm; generating an encoded nonce by encoding the nonce using a pseudo-random function with a second secret key shared with the server; periodically broadcasting a message including the rolling identifier and the encoded nonce using short-range wireless transmissions; and incrementing the nonce at a predefined interval to maintain a current time of the wireless identity transmitter.
-
-
22. A method for a server to securely identify an originator of a message, comprising:
-
associating a device identifier for a wireless identity transmitter with an initial nonce, a current nonce, a first secret key, and a second secret key; pre-computing a plurality of encoded nonces using a pseudo-random function with the second secret key and the current nonce; pre-computing a plurality of encoded device identifiers using a streaming-like encryption algorithm with the first secret key, the current nonce, and the device identifier; receiving the message including a rolling identifier and an encoded nonce; extracting the encoded nonce from the received message; extracting the rolling identifier from the received message; comparing the extracted encoded nonce to the plurality of pre-computed encoded nonces; when the extracted encoded nonce matches any of the plurality of pre-computed encoded nonces, comparing the extracted rolling identifier to the plurality of pre-computed encoded device identifiers; and identifying the originator of the received message as the wireless identity transmitter when the extracted rolling identifier matches any of the plurality of pre-computed encoded device identifiers.
-
-
23. A method for a server to securely identify an originator of a message, comprising:
-
generating a plurality of initial model payloads with an encryption algorithm, a shared secret key, an initial nonce, and a device identifier associated with a wireless identity transmitter, wherein the encryption algorithm is shared with the wireless identity transmitter; generating a plurality of current model payloads with the encryption algorithm, the shared secret key, a current nonce, and the device identifier associated with the wireless identity transmitter; receiving the message including a payload with obscured identification information; comparing the payload of the received message to the plurality of current model payloads; identifying the wireless identity transmitter when the payload of the received message matches one of the plurality of current model payloads; when the payload of the received message does not match any of the plurality of current model payloads, comparing the payload of the received message to the plurality of initial model payloads; identifying the wireless identity transmitter when the payload of the received message matches one of the plurality of initial model payloads; and updating the current nonce associated with the wireless identity transmitter when the payload of the received message matches at least one of an initial model payload and a current model payload.
-
-
24. A method for a wireless identity transmitter receiving incoming messages, the method comprising:
-
periodically broadcasting messages that indicate availability for receiving incoming transmissions via short-range wireless transmissions for a first period; receiving a link advertisement message during a second period in response to the first period expiring; negotiating a link with a proximity broadcast receiver based on information within the received link advertisement message; authenticating the negotiated link; and processing incoming messages via the negotiated link, and wherein the negotiated link is performed via Bluetooth pairing. - View Dependent Claims (25, 26)
-
-
27. A server configured to securely identify an originator of a message including obscured information, comprising:
-
means for associating a shared secret key with a device identifier corresponding to a wireless identity transmitter; means for receiving the message including a rolling identifier; means for extracting the rolling identifier from the received message; means for decoding the extracted rolling identifier using a streaming-like encryption algorithm, and the shared secret key to generate a decoded device identifier; means for determining whether the decoded device identifier matches the device identifier associated with the shared secret key; and means for identifying the originator of the received message as the wireless identity transmitter when the decoded device identifier matches the device identifier associated with the wireless identity transmitter. - View Dependent Claims (28, 29, 30, 31)
-
-
32. A wireless identity transmitter configured to transmit obscured information to enable one-way communication of identification inform, comprising:
-
means for initializing a nonce within the wireless identity transmitter; means for generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter with a streaming-like encryption algorithm using a secret key shared with a server and the nonce; means for periodically broadcasting a message including the rolling identifier using short-range wireless transmissions; and means for incrementing the nonce at a predefined interval. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. A server configured to securely identify an originator of a message including obscured information, comprising:
-
means for associating a shared secret key with a nonce and a device identifier for a wireless identity transmitter; means for receiving the message including a rolling identifier; means for extracting the rolling identifier from the received message; means for incrementing the nonce to represent a current time of the server; means for encoding the device identifier using the shared secret key, the nonce, and a pseudo-random function to generate server-encrypted data; means for determining whether the server-encrypted data matches the extracted rolling identifier; and means for identifying the originator of the received message as the wireless identity transmitter when the server-encrypted data matches the extracted rolling identifier. - View Dependent Claims (39, 40, 41)
-
-
42. A wireless identity transmitter configured to transmit obscured information to enable one-way communication of identification information, comprising:
-
means for initializing a nonce within the wireless identity transmitter; means for generating a rolling identifier by using a pseudo-random function to encode a device identifier associated with the wireless identity transmitter based on a secret key shared with a server, and the nonce; means for periodically broadcasting a message including the rolling identifier using short-range wireless transmissions; and means for incrementing the nonce at a predefined interval to maintain a current time of the wireless identity transmitter. - View Dependent Claims (43, 44)
-
-
45. A server configured to securely identify an originator of a message including obscured information, comprising:
-
means for associating a device identifier for a wireless identity transmitter with an initial nonce, a current nonce, a first secret key, and a second secret key; means for pre-computing a plurality of encoded nonces using a pseudo-random function with the second secret key and the current nonce; means for receiving the message including a rolling identifier and an encoded nonce; means for extracting the encoded nonce from the received message; means for extracting the rolling identifier from the received message; means for comparing the extracted encoded nonce to the plurality of pre-computed encoded nonces; means for decoding the extracted rolling identifier using a streaming-like encryption algorithm, the first secret key, and a nonce associated with a pre-computed encoded nonce matching the extracted encoded nonce to generate a decoded device identifier when the extracted encoded nonce matches any of the plurality of pre-computed encoded nonces; means for decoding the extracted rolling identifier using the streaming-like encryption algorithm, the first secret key, and the initial nonce associated with the wireless identity transmitter to generate the decoded device identifier when the extracted encoded nonce does not match one of the plurality of pre-computed encoded nonces; and means for identifying the originator of the received message as the wireless identity transmitter when the decoded device identifier matches the device identifier of the wireless identity transmitter. - View Dependent Claims (46)
-
-
47. A wireless identity transmitter configured to transmit obscured information to enable one-way communication of identification information, comprising:
-
means for initializing a nonce within the wireless identity transmitter; means for generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter, a first secret key shared with a server, and the nonce with a streaming-like encryption algorithm; means for generating an encoded nonce by encoding the nonce using a pseudo-random function with a second secret key shared with the server; means for periodically broadcasting a message including the rolling identifier and the encoded nonce using short-range wireless transmissions; and means for incrementing the nonce at a predefined interval to maintain a current time of the wireless identity transmitter.
-
-
48. A server configured to securely identify an originator of a message, comprising:
-
means for associating a device identifier for a wireless identity transmitter with an initial nonce, a current nonce, a first secret key, and a second secret key; means for pre-computing a plurality of encoded nonces using a pseudo-random function with the second secret key and the current nonce; means for pre-computing a plurality of encoded device identifiers using a streaming-like encryption algorithm with the first secret key, the current nonce, and the device identifier; means for receiving the message including a rolling identifier and an encoded nonce; means for extracting the encoded nonce from the received message; means for extracting the rolling identifier from the received message; means for comparing the extracted encoded nonce to the plurality of pre-computed encoded nonces; means for comparing the extracted rolling identifier to the plurality of pre-computed encoded device identifiers when the extracted encoded nonce matches any of the plurality of pre-computed encoded nonces; and means for identifying the originator of the received message as the wireless identity transmitter when the extracted rolling identifier matches any of the plurality of pre-computed encoded device identifiers.
-
-
49. A server configured to identify an originator of a message, comprising:
-
means for generating a plurality of initial model payloads with an encryption algorithm, a shared secret key, an initial nonce, and a device identifier associated with a wireless identity transmitter, wherein the encryption algorithm is shared with the wireless identity transmitter; means for generating a plurality of current model payloads with the encryption algorithm, the shared secret key, a current nonce, and the device identifier associated with the wireless identity transmitter; means for receiving the message including a payload with obscured identification information; means for comparing the payload of the received message to the plurality of current model payloads; means for identifying the wireless identity transmitter when the payload of the received message matches one of the plurality of current model payloads; means for comparing the payload of the received message to the plurality of initial model payloads when the payload of the received message does not match any of the plurality of current model payloads; means for identifying the wireless identity transmitter when the payload of the received message matches one of the plurality of initial model payloads; and means updating the current nonce associated with the wireless identity transmitter when the payload of the received message matches at least one of an initial model payload and a current model payload.
-
-
50. A wireless identity transmitter configured to receive incoming messages, comprising:
-
means for periodically broadcasting messages that indicate availability for receiving incoming transmissions via short-range wireless transmissions for a first period; means for receiving a link advertisement message during a second period in response to the first period expiring; means for negotiating a link with a proximity broadcast receiver based on information within the received link advertisement message; means for authenticating the negotiated link; and means for processing incoming messages via the negotiated link, wherein the negotiated link is performed via Bluetooth pairing. - View Dependent Claims (51, 52)
-
-
53. A server configured to securely identify an originator of a message including obscured information, comprising:
-
a memory; and a server processor coupled to the memory, wherein the server processor is configured with server processor-executable instructions to perform operations comprising; associating a shared secret key with a device identifier corresponding to a wireless identity transmitter; receiving the message including a rolling identifier; extracting the rolling identifier from the received message; decoding the extracted rolling identifier using a streaming-like encryption algorithm, and the shared secret key to generate a decoded device identifier; determining whether the decoded device identifier matches the device identifier associated with the shared secret key; and identifying the originator of the received message as the wireless identity transmitter when the decoded device identifier matches the device identifier associated with the wireless identity transmitter. - View Dependent Claims (54, 55, 56, 57)
-
-
58. A wireless identity transmitter configured to transmit obscured information to enable one-way communication of identification inform, comprising:
-
a memory; and a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations comprising; initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter with a streaming-like encryption algorithm using a secret key shared with a server and the nonce; periodically broadcasting a message including the rolling identifier using short-range wireless transmissions; and incrementing the nonce at a predefined interval. - View Dependent Claims (59, 60, 61, 62, 63)
-
-
64. A server configured to securely identify an originator of a message including obscured information, comprising:
-
a memory; and a server processor coupled to the memory, wherein the server processor is configured with server processor-executable instructions to perform operations comprising; associating a shared secret key with a nonce and a device identifier for a wireless identity transmitter; receiving the message including a rolling identifier; extracting the rolling identifier from the received message; incrementing the nonce to represent a current time of the server; encoding the device identifier using the shared secret key, the nonce, and a pseudo-random function to generate server-encrypted data; determining whether the server-encrypted data matches the extracted rolling identifier; and identifying the originator of the received message as the wireless identity transmitter when the server-encrypted data matches the extracted rolling identifier. - View Dependent Claims (65, 66, 67)
-
-
68. A wireless identity transmitter configured to transmit obscured information to enable one-way communication of identification information, comprising:
-
a memory; and a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations comprising; initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter, a secret key shared with a server, and the nonce with a pseudo-random function; periodically broadcasting a message including the rolling identifier using short-range wireless transmissions; and incrementing the nonce at a predefined interval to maintain a current time of the wireless identity transmitter. - View Dependent Claims (69, 70)
-
-
71. A server configured to identify an originator of a message including obscured information, comprising:
-
a memory; and a server processor coupled to the memory, wherein the server processor is configured with server processor-executable instructions to perform operations comprising; associating a device identifier for a wireless identity transmitter with an initial nonce, a current nonce, a first secret key, and a second secret key; pre-computing a plurality of encoded nonces using a pseudo-random function with the second secret key and the current nonce; receiving the message including a rolling identifier and an encoded nonce; extracting the encoded nonce from the received message; extracting the rolling identifier from the received message; comparing the extracted encoded nonce to the plurality of pre-computed encoded nonces; decoding the extracted rolling identifier using a streaming-like encryption algorithm, the first secret key, and a nonce associated with a pre-computed encoded nonce matching the extracted encoded nonce to generate a decoded device identifier when the extracted encoded nonce matches any of the plurality of pre-computed encoded nonces; decoding the extracted rolling identifier using the streaming-like encryption algorithm, the first secret key, and the initial nonce associated with the wireless identity transmitter to generate the decoded device identifier when the extracted encoded nonce does not match one of the plurality of pre-computed encoded nonces; and identifying the originator of the received message as the wireless identity transmitter when the decoded device identifier matches the device identifier of the wireless identity transmitter. - View Dependent Claims (72)
-
-
73. A wireless identity transmitter configured to transmit obscured information to enable one-way communication of identification information, comprising:
-
a memory; and a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations comprising; initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter, a first secret key shared with a server, and the nonce with a streaming-like encryption algorithm; generating an encoded nonce by encoding the nonce using a pseudo-random function with a second secret key shared with the server; periodically broadcasting a message including the rolling identifier and the encoded nonce using short-range wireless transmissions; and incrementing the nonce at a predefined interval to maintain a current time of the wireless identity transmitter.
-
-
74. A server configured to securely identify an originator of a message, comprising:
-
a memory; and a server processor coupled to the memory, wherein the server processor is configured with server processor-executable instructions to perform operations comprising; associating a device identifier for a wireless identity transmitter with an initial nonce, a current nonce, a first secret key, and a second secret key; pre-computing a plurality of encoded nonces using a pseudo-random function with the second secret key and the current nonce; pre-computing a plurality of encoded device identifiers using a streaming-like encryption algorithm with the first secret key, the current nonce, and the device identifier; receiving the message including a rolling identifier and an encoded nonce; extracting the encoded nonce from the received message; extracting the rolling identifier from the received message; comparing the extracted encoded nonce to the plurality of pre-computed encoded nonces; comparing the extracted rolling identifier to the plurality of pre-computed encoded device identifiers when the extracted encoded nonce matches any of the plurality of pre-computed encoded nonces; identifying the originator of the received message as the wireless identity transmitter when the extracted rolling identifier matches any of the plurality of pre-computed encoded device identifiers.
-
-
75. A server configured to securely identify an originator of a message, comprising:
-
a memory; and a server processor coupled to the memory, wherein the server processor is configured with server processor-executable instructions to perform operations comprising; generating a plurality of initial model payloads with an encryption algorithm, a shared secret key, an initial nonce, and a device identifier associated with a wireless identity transmitter, wherein the encryption algorithm is shared with the wireless identity transmitter; generating a plurality of current model payloads with the encryption algorithm, the shared secret key, an current nonce, and the device identifier associated with the wireless identity transmitter; receiving the message including a payload with obscured identification information; comparing the payload of the received message to the plurality of current model payloads; identifying the wireless identity transmitter when the payload of the received message matches one of the plurality of current model payloads; comparing the payload of the received message to the plurality of initial model payloads when the payload of the received message does not match any of the plurality of current model payloads; identifying the wireless identity transmitter when the payload of the received message matches one of the plurality of initial model payloads; and updating the current nonce associated with the wireless identity transmitter when the payload of the received message matches at least one of an initial model payload and a current model payload.
-
-
76. A wireless identity transmitter configured to receive incoming messages, comprising:
-
a memory; and a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations comprising; periodically broadcasting messages that indicate availability for receiving incoming transmissions via short-range wireless transmissions for a first period; receiving a link advertisement message during a second period in response to the first period expiring; negotiating a link with a proximity broadcast receiver based on information within the received link advertisement message; authenticating the negotiated link; and processing the incoming messages via the negotiated link, wherein the negotiated link is performed via Bluetooth pairing. - View Dependent Claims (77, 78)
-
-
79. A non-transitory server-readable storage medium having stored thereon server-executable instructions configured to cause a server to perform operations for the server to securely identify an originator of a message including obscured information, the operations comprising:
-
associating a shared secret key with a device identifier corresponding to a wireless identity transmitter; receiving the message including a rolling identifier; extracting the rolling identifier from the received message; decoding the extracted rolling identifier using a streaming-like encryption algorithm, and the shared secret key to generate a decoded device identifier; determining whether the decoded device identifier matches the device identifier associated with the shared secret key; and identifying the originator of the received message as the wireless identity transmitter when the decoded device identifier matches the device identifier associated with the wireless identity transmitter. - View Dependent Claims (80, 81, 82, 83)
-
-
84. A non-transitory processor-readable storage medium having stored thereon processor-executable software instructions configured to cause a processor to perform operations for a wireless identity transmitter to transmit obscured information to enable one-way communication of identification information, the operations comprising:
-
initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter with a streaming-like encryption algorithm using a secret key shared with a server and the nonce; periodically broadcasting a message including the rolling identifier using short-range wireless transmissions; and incrementing the nonce at a predefined interval. - View Dependent Claims (85, 86, 87, 88, 89)
-
-
90. A non-transitory server-readable storage medium having stored thereon server-executable instructions configured to cause a server to perform operations for the server to securely identify an originator of a message including obscured information, the operations comprising:
-
associating a shared secret key with a nonce and a device identifier for a wireless identity transmitter; receiving the message including a rolling identifier; extracting the rolling identifier from the received message; incrementing the nonce to represent a current time of the server; encoding the device identifier using the shared secret key, the nonce, and a pseudo-random function to generate server-encrypted data; determining whether the server-encrypted data matches the extracted rolling identifier; and identifying the originator of the received message as the wireless identity transmitter when the server-encrypted data matches the extracted rolling identifier. - View Dependent Claims (91, 92, 93)
-
-
94. A non-transitory processor-readable storage medium having stored thereon processor-executable software instructions configured to cause a processor to perform operations for a wireless identity transmitter to transmit obscured information to enable one-way communication of identification information, the operations comprising:
-
initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter, a secret key shared with a server, and the nonce with a pseudo-random function; periodically broadcasting a message including the rolling identifier using short-range wireless transmissions; and incrementing the nonce at a predefined interval to maintain a current time of the wireless identity transmitter. - View Dependent Claims (95, 96)
-
-
97. A non-transitory server-readable storage medium having stored thereon server-executable instructions configured to cause a server to perform operations for the server to securely identify an originator of a message including obscured information, the operations comprising:
-
associating a device identifier for a wireless identity transmitter with an initial nonce, a current nonce, a first secret key, and a second secret key; pre-computing a plurality of encoded nonces using a pseudo-random function with the second secret key and the current nonce; receiving the message including a rolling identifier and an encoded nonce; extracting the encoded nonce from the received message; extracting the rolling identifier from the received message; comparing the extracted encoded nonce to the plurality of pre-computed encoded nonces; when the extracted encoded nonce matches any of the plurality of pre-computed encoded nonces, decoding the extracted rolling identifier using a streaming-like encryption algorithm, the first secret key, and a nonce associated with a pre-computed encoded nonce matching the extracted encoded nonce to generate a decoded device identifier; when the extracted encoded nonce does not match one of the plurality of pre-computed encoded nonces, decoding the extracted rolling identifier using the streaming-like encryption algorithm, the first secret key, and the initial nonce associated with the wireless identity transmitter to generate the decoded device identifier; and identifying the originator of the received message as the wireless identity transmitter when the decoded device identifier matches the device identifier of the wireless identity transmitter. - View Dependent Claims (98)
-
-
99. A non-transitory processor-readable storage medium having stored thereon processor-executable software instructions configured to cause a processor to perform operations for a wireless identity transmitter to transmit obscured information to enable one-way communication of identification information, the operations comprising:
-
initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter, a first secret key shared with a server, and the nonce with a streaming-like encryption algorithm; generating an encoded nonce by encoding the nonce using a pseudo-random function with a second secret key shared with the server; periodically broadcasting a message including the rolling identifier and the encoded nonce using short-range wireless transmissions; and incrementing the nonce at a predefined interval to maintain a current time of the wireless identity transmitter.
-
-
100. A non-transitory server-readable storage medium having stored thereon server-executable instructions configured to cause a server to perform operations for the server to securely identify an originator of a message, the operations comprising:
-
associating a device identifier for a wireless identity transmitter with an initial nonce, a current nonce, a first secret key, and a second secret key; pre-computing a plurality of encoded nonces using a pseudo-random function with the second secret key and the current nonce; pre-computing a plurality of encoded device identifiers using a streaming-like encryption algorithm with the first secret key, the current nonce, and the device identifier; receiving the message including a rolling identifier and an encoded nonce; extracting the encoded nonce from the received message; extracting the rolling identifier from the received message; comparing the extracted encoded nonce to the plurality of pre-computed encoded nonces; when the extracted encoded nonce matches any of the plurality of pre-computed encoded nonces, comparing the extracted rolling identifier to the plurality of pre-computed encoded device identifiers; identifying the originator of the received message as the wireless identity transmitter when the extracted rolling identifier matches any of the plurality of pre-computed encoded device identifiers.
-
-
101. A non-transitory server-readable storage medium having stored thereon server-executable instructions configured to cause a server to perform operations for the server to securely identify an originator of a message, the operations comprising:
-
generating a plurality of initial model payloads with an encryption algorithm, a shared secret key, an initial nonce, and a device identifier associated with a wireless identity transmitter, wherein the encryption algorithm is shared with the wireless identity transmitter; generating a plurality of current model payloads with the encryption algorithm, the shared secret key, an current nonce, and the device identifier associated with the wireless identity transmitter; receiving the message including a payload with obscured identification information; comparing the payload of the received message to the plurality of current model payloads; identifying the wireless identity transmitter when the payload of the received message matches one of the plurality of current model payloads; when the payload of the received message does not match any of the plurality of current model payloads, comparing the payload of the received message to the plurality of initial model payloads; identifying the wireless identity transmitter when the payload of the received message matches one of the plurality of initial model payloads; and updating the current nonce associated with the wireless identity transmitter when the payload of the received message matches at least one of an initial model payload and a current model payload.
-
-
102. A non-transitory processor-readable storage medium having stored thereon processor-executable software instructions configured to cause a processor to perform operations for a wireless identity transmitter receiving incoming messages, the operations comprising:
-
periodically broadcasting messages that indicate availability for receiving incoming transmissions via short-range wireless transmissions for a first period; receiving a link advertisement message during a second period in response to the first period expiring; negotiating a link with a proximity broadcast receiver based on information within the received link advertisement message; authenticating the negotiated link; and processing incoming messages via the negotiated link, wherein the negotiated link is performed via Bluetooth pairing. - View Dependent Claims (103, 104)
-
-
105. A system, comprising:
-
a server; a wireless identity transmitter; and a proximity broadcast receiver, wherein the wireless identity transmitter comprises; a first memory; a first transceiver configured to broadcast short-range wireless signals capable of being received by the proximity broadcast receiver; and a first processor coupled to the first memory and the first transceiver, and configured with processor-executable instructions to perform operations comprising; initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter, a secret key shared with the server, and the nonce with a streaming-like encryption algorithm; periodically broadcasting a message including the rolling identifier and the nonce using short-range wireless transmissions via the first transceiver; and incrementing the nonce at a predefined interval, and wherein the proximity broadcast receiver comprises; a second memory; a second transceiver configured to exchange short-range wireless signals with the wireless identity transmitter; a network device configured to exchange signals with the server; a second processor coupled to the second memory, the second transceiver, and the network device and configured with processor-executable instructions to perform operations comprising; receiving the message including the rolling identifier and the nonce from the wireless identity transmitter via the second transceiver; transmitting to the server via the network device a sighting message that includes the rolling identifier and the nonce, and wherein the server is configured with server-executable instructions to perform operations comprising; associating the secret key with the device identifier corresponding to the wireless identity transmitter; receiving the sighting message including the rolling identifier and the nonce; extracting the nonce and the rolling identifier from the received sighting message; decoding the extracted rolling identifier using the streaming-like encryption algorithm, the secret key, and the extracted nonce to generate a decoded device identifier; determining whether the decoded device identifier matches the device identifier associated with the secret key; and identifying an originator of the received message as the wireless identity transmitter when the decoded device identifier matches the device identifier associated with the wireless identity transmitter. - View Dependent Claims (106, 107, 108)
-
-
109. A system, comprising:
-
a server; a wireless identity transmitter; and a proximity broadcast receiver, wherein the wireless identity transmitter comprises; a first memory; a first transceiver configured to broadcast short-range wireless signals capable of being received by the proximity broadcast receiver; and a first processor coupled to the first memory and the first transceiver, and configured with processor-executable instructions to perform operations comprising; initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter, a secret key shared with the server, and the nonce with a pseudo-random function; periodically broadcasting a message including the rolling identifier using short-range wireless transmissions via the first transceiver; and incrementing the nonce at a predefined interval to maintain a current time of the wireless identity transmitter, and wherein the proximity broadcast receiver comprises; a second memory; a second transceiver configured to exchange short-range wireless signals with the wireless identity transmitter; a network device configured to exchange signals with the server; a second processor coupled to the second memory, the second transceiver, and the network device and configured with processor-executable instructions to perform operations comprising; receiving the message including the rolling identifier from the wireless identity transmitter via the second transceiver; transmitting to the server via the network device a sighting message that includes the rolling identifier, and wherein the server is configured with server-executable instructions to perform operations comprising; associating the secret key with the nonce and the device identifier for the wireless identity transmitter; receiving the sighting message from the proximity broadcast receiver including the rolling identifier; extracting the rolling identifier from the received sighting message; incrementing the nonce to represent a current time of the server; encoding the device identifier using the secret key, the nonce, and the pseudo-random function to generate server-encrypted data; determining whether the server-encrypted data matches the extracted rolling identifier; and identifying an originator of the received message as the wireless identity transmitter when the server-encrypted data matches the extracted rolling identifier. - View Dependent Claims (110, 111)
-
-
112. A system, comprising:
-
a server; a wireless identity transmitter; and a proximity broadcast receiver, wherein the wireless identity transmitter comprises; a first memory; a first transceiver configured to broadcast short-range wireless signals capable of being received by the proximity broadcast receiver; and a first processor coupled to the first memory and the first transceiver, and configured with processor-executable instructions to perform operations comprising; initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter, a first secret key shared with the server, and the nonce with a streaming-like encryption algorithm; generating an encoded nonce by encoding the nonce using a pseudo-random function with a second secret key shared with the server; periodically broadcasting a message including the rolling identifier and the encoded nonce using short-range wireless transmissions via the first transceiver; and incrementing the nonce at a predefined interval to maintain a current time of the wireless identity transmitter, and wherein the proximity broadcast receiver comprises; a second memory; a second transceiver configured to exchange short-range wireless signals with the wireless identity transmitter; a network device configured to exchange signals with the server; a second processor coupled to the second memory, the second transceiver, and the network device and configured with processor-executable instructions to perform operations comprising; receiving the message including the rolling identifier and the encoded nonce from the wireless identity transmitter via the second transceiver; transmitting to the server via the network device a sighting message that includes the rolling identifier and the encoded nonce, and wherein the server is configured with server-executable instructions to perform operations comprising; associating the device identifier for the wireless identity transmitter with an initial nonce, a current nonce, the first secret key shared with the wireless identity transmitter, and the second secret key; pre-computing a plurality of encoded nonces using the pseudo-random function with the second secret key and the current nonce; receiving from the proximity broadcast receiver the sighting message including the rolling identifier and the encoded nonce; extracting the encoded nonce from the received sighting message; extracting the rolling identifier from the received sighting message; comparing the extracted encoded nonce to the plurality of pre-computed encoded nonces; when the extracted encoded nonce matches any of the plurality of pre-computed encoded nonces, decoding the extracted rolling identifier using the streaming-like encryption algorithm, the first secret key, and a stored nonce that is associated with a pre-computed encoded nonce matching the extracted encoded nonce to generate a decoded device identifier; when the extracted encoded nonce does not match one of the plurality of pre-computed encoded nonces, decoding the extracted rolling identifier using the streaming-like encryption algorithm, the first secret key, and the initial nonce associated with the wireless identity transmitter to generate the decoded device identifier; and identifying an originator of the received message as the wireless identity transmitter when the decoded device identifier matches the device identifier of the wireless identity transmitter. - View Dependent Claims (113)
-
-
114. A system, comprising:
-
a server; a wireless identity transmitter; and a proximity broadcast receiver, wherein the wireless identity transmitter comprises; a first memory; a first transceiver configured to broadcast short-range wireless signals capable of being received by the proximity broadcast receiver; and a first processor coupled to the first memory and the first transceiver, and configured with processor-executable instructions to perform operations comprising; initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter, a first secret key shared with the server, and the nonce with a streaming-like encryption algorithm; generating an encoded nonce by encoding the nonce using a pseudo-random function with a second secret key shared with the server; periodically broadcasting a message including the rolling identifier and the encoded nonce using short-range wireless transmissions via the first transceiver; and incrementing the nonce at a predefined interval to maintain a current time of the wireless identity transmitter, and wherein the proximity broadcast receiver comprises; a second memory; a second transceiver configured to exchange short-range wireless signals with the wireless identity transmitter; a network device configured to exchange signals with the server; a second processor coupled to the second memory, the second transceiver, and the network device and configured with processor-executable instructions to perform operations comprising; receiving the message including the rolling identifier and the encoded nonce from the wireless identity transmitter via the second transceiver; transmitting to the server via the network device a sighting message that includes the rolling identifier and the encoded nonce, and wherein the server is configured with server-executable instructions to perform operations comprising; associating the device identifier for the wireless identity transmitter with an initial nonce, a current nonce, the first secret key, and the second secret key; pre-computing a plurality of encoded nonces using the pseudo-random function with the second secret key and the current nonce; pre-computing a plurality of encoded device identifiers using the streaming-like encryption algorithm with the first secret key, the current nonce, and the device identifier; receiving from the proximity broadcast receiver the sighting message including the rolling identifier and the encoded nonce; extracting the encoded nonce from the received sighting message; extracting the rolling identifier from the received sighting message; comparing the extracted encoded nonce to the plurality of pre-computed encoded nonces; when the extracted encoded nonce matches any of the plurality of pre-computed encoded nonces, comparing the extracted rolling identifier to the plurality of pre-computed encoded device identifiers; identifying an originator of the received message as the wireless identity transmitter when the extracted rolling identifier matches any of the plurality of pre-computed encoded device identifiers.
-
-
115. A system, comprising:
-
a server; a wireless identity transmitter; and a proximity broadcast receiver, wherein the wireless identity transmitter comprises; a first memory; a first transceiver configured to broadcast short-range wireless signals capable of being received by the proximity broadcast receiver; and a first processor coupled to the first memory and the first transceiver, and configured with processor-executable instructions to perform operations comprising; initializing a nonce within the wireless identity transmitter; generating a rolling identifier by encoding a device identifier associated with the wireless identity transmitter, a secret key shared with the server, and the nonce with a streaming-like encryption algorithm; periodically broadcasting a message including the rolling identifier using short-range wireless transmissions via the first transceiver; and incrementing the nonce at a predefined interval, and wherein the proximity broadcast receiver comprises; a second memory; a second transceiver configured to exchange short-range wireless signals with the wireless identity transmitter; a network device configured to exchange signals with the server; a second processor coupled to the second memory, the second transceiver, and the network device and configured with processor-executable instructions to perform operations comprising; receiving the message including the rolling identifier from the wireless identity transmitter via the second transceiver; transmitting to the server via the network device a sighting message that includes the rolling identifier, and wherein the server is configured with server-executable instructions to perform operations comprising; generating a plurality of initial model payloads with the encryption algorithm, the secret key, an initial nonce, and the device identifier associated with the wireless identity transmitter, wherein the encryption algorithm is shared with the wireless identity transmitter; generating a plurality of current model payloads with the encryption algorithm, the secret key, a current nonce, and the device identifier associated with the wireless identity transmitter; receiving from the proximity broadcast receiver the sighting message including a payload with obscured identification information; comparing the payload of the received sighting message to the plurality of current model payloads; identifying the wireless identity transmitter when the payload of the received sighting message matches one of the plurality of current model payloads; when the payload of the received sighting message does not match any of the plurality of current model payloads, comparing the payload of the received sighting message to the plurality of initial model payloads; identifying the wireless identity transmitter when the payload of the received sighting message matches one of the plurality of initial model payloads; and updating the current nonce associated with the wireless identity transmitter when the payload of the received message matches at least one of an initial model payload and a current model payload.
-
-
116. A system, comprising:
-
a server; a wireless identity transmitter; and a proximity broadcast receiver, wherein the wireless identity transmitter comprises; a first memory; a first transceiver configured to broadcast short-range wireless signals capable of being received by the proximity broadcast receiver; and a first processor coupled to the first memory and the first transceiver, and configured with processor-executable instructions to perform operations comprising; periodically broadcasting messages that indicate availability for receiving incoming transmissions via short-range wireless transmissions using the first transceiver for a first period; receiving a link advertisement message during a second period in response to the first period expiring; negotiating a link with the proximity broadcast receiver based on information within the received link advertisement message, wherein the negotiated link is performed via a Bluetooth pairing; authenticating the negotiated link; and processing incoming messages via the negotiated link, and wherein the proximity broadcast receiver comprises; a second memory; a second transceiver configured to exchange short-range wireless signals with the wireless identity transmitter; a network device configured to exchange signals with the server; a second processor coupled to the second memory, the second transceiver, and the network device and configured with processor-executable instructions to perform operations comprising; receiving using the network device a message from the server; receiving a broadcast message that indicates the availability of the wireless identity transmitter for receiving the incoming transmissions; transmitting the link advertisement message based on the availability indicated in the received broadcast message; negotiating the link with the wireless identity transmitter based on the information within the link advertisement message, wherein the negotiated link is performed via the Bluetooth pairing; authenticating the negotiated link; and transmitting the message from the server to the wireless identity transmitter via the negotiated link, and wherein the server is configured with server-executable instructions to perform operations comprising transmitting the message to the proximity broadcast receiver. - View Dependent Claims (117, 118)
-
-
119. A method for a first communication device communicating with increased security using Bluetooth, comprising:
-
establishing a communications link with a second communication device; storing a nonce shared with the second communication device; receiving a message indicating a rolling Bluetooth machine address via the communications link; generating an expected Bluetooth machine address of the second communication device using the nonce and an encryption algorithm shared with the second communication device; comparing the rolling Bluetooth machine address of the received message to the expected Bluetooth machine address; processing the received message when the rolling Bluetooth machine address of the received message matches the expected Bluetooth machine address generated by the first communication device; and incrementing the nonce in response to determining that a nonce update is needed. - View Dependent Claims (120)
-
-
121. A first communication device configured to communicate with increased security using Bluetooth, comprising:
-
means for establishing a communications link with a second communication device; means for storing a nonce shared with the second communication device; means for receiving a message indicating a rolling Bluetooth machine address via the communications link; means for generating an expected Bluetooth machine address of the second communication device using the nonce and an encryption algorithm shared with the second communication device; means for comparing the rolling Bluetooth machine address of the received message to the expected Bluetooth machine address; means for processing the received message when the rolling Bluetooth machine address of the received message matches the expected Bluetooth machine address generated by the first communication device; and means for incrementing the nonce in response to determining that a nonce update is needed. - View Dependent Claims (122)
-
-
123. A first communication device configured to communicate with increased security using Bluetooth, comprising:
-
a memory; and a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations comprising; establishing a communications link with a second communication device; storing a nonce shared with the second communication device; receiving a message indicating a rolling Bluetooth machine address via the communications link; generating an expected Bluetooth machine address of the second communication device using the nonce and an encryption algorithm shared with the second communication device; comparing the rolling Bluetooth machine address of the received message to the expected Bluetooth machine address; processing the received message when the rolling Bluetooth machine address of the received message matches the expected Bluetooth machine address generated by the first communication device; and incrementing the nonce in response to determining that a nonce update is needed. - View Dependent Claims (124)
-
-
125. A non-transitory processor-readable storage medium having stored thereon processor-executable software instructions configured to cause a processor to perform operations for a first communication device to communicate with increased security using Bluetooth, the operations comprising:
-
establishing a communications link with a second communication device; storing a nonce shared with the second communication device; receiving a message indicating a rolling Bluetooth machine address via the communications link; generating an expected Bluetooth machine address of the second communication device using the nonce and an encryption algorithm shared with the second communication device; comparing the rolling Bluetooth machine address of the received message to the expected Bluetooth machine address; processing the received message when the rolling Bluetooth machine address of the received message matches the expected Bluetooth machine address generated by the first communication device; and incrementing the nonce in response to determining that a nonce update is needed. - View Dependent Claims (126)
-
-
127. A method for communicating with increased security using Bluetooth, comprising:
-
establishing, in a first communication device, a communications link with a second communication device; storing a nonce shared with the second communication device; generating in the second communication device a rolling Bluetooth machine address using the nonce and an encryption algorithm shared with the first communication device; transmitting a message from the second communication device to the first communication device using the rolling Bluetooth machine address; receiving in the first communication device the message indicating the rolling Bluetooth machine address via the communications link; generating in the first communication device an expected Bluetooth machine address of the second communication device using the nonce and the encryption algorithm shared with the second communication device; comparing the rolling Bluetooth machine address of the received message to the expected Bluetooth machine address; processing the received message in the first communication device when the rolling Bluetooth machine address of the received message matches the expected Bluetooth machine address generated by the first communication device; and incrementing the nonce in response to determining that a nonce update is needed.
-
-
128. A system, comprising:
-
a first communication device, and a second communication device, wherein the first communication device comprises; a first memory; and a first transceiver configured to broadcast short-range wireless signals capable of being received by the second communication device, and configured with processor-executable instructions to perform operations comprising; establishing a communications link with the second communication device; storing a nonce shared with the second communication device; receiving a message indicating a rolling Bluetooth machine address via the communications link; generating an expected Bluetooth machine address of the second communication device using the nonce and an encryption algorithm shared with the second communication device; comparing the rolling Bluetooth machine address of the received message to the expected Bluetooth machine address; processing the received message when the rolling Bluetooth machine address of the received message matches the expected Bluetooth machine address generated by the first communication device; and incrementing the nonce in response to determining that a nonce update is needed, and wherein the second communication device comprises; a second memory; and a second transceiver configured to broadcast short-range wireless signals capable of being received by the first communication device, and configured with processor-executable instructions to perform operations comprising; establishing the communications link with the first communication device; storing the nonce shared with the first communication device; generating the rolling Bluetooth machine address using the nonce and the encryption algorithm shared with the first communication device; transmitting the message to the first communication device using the rolling Bluetooth machine address; receiving incoming messages from the second communication device via the communications link; and incrementing the nonce in response to determining that the nonce update is needed.
-
Specification