CRYPTOGRAPHICALLY-VERIFIABLE ATTESTATION LABEL

US 20160072626A1
Filed: 09/09/2014
Published: 03/10/2016
Est. Priority Date: 09/09/2014
Status: Active Grant

First Claim

Patent Images

1. An attestation label, comprising:

a first readable object encoding a trust anchor encrypted with a cryptographic key;

a second readable object encoding attestation service information and an identification code encrypted using the trust anchor; and

a non-encoded representation of the identification code.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A label includes a first readable object encoding a trust anchor. The trust anchor is encrypted with a cryptographic key. The attestation label further includes a second readable object encoding attestation service information and encoding an identification code. The identification code is encrypted using the trust anchor. The attestation label further includes a non-encoded representation of the identification code.

39 Citations

View as Search Results

20 Claims

1. An attestation label, comprising:
- a first readable object encoding a trust anchor encrypted with a cryptographic key;
  
  a second readable object encoding attestation service information and an identification code encrypted using the trust anchor; and
  
  a non-encoded representation of the identification code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The attestation label of claim 1, wherein the first readable object is a visually-readable object and the second readable object is a visually-readable object.
  - 3. The attestation label of claim 1, wherein the identification code is encrypted using the trust anchor in combination with the identification code.
  - 4. The attestation label of claim 1, wherein the identification code is encrypted using the trust anchor in combination with a cryptographic salt.
  - 5. The attestation label of claim 1, wherein the attestation service information includes an address of an attestation service computing device, and wherein the attestation service computing device is configured to verify whether the attestation label is authentic.
  - 6. The attestation label of claim 5, wherein the trust anchor is selected from a set of available trust anchors, and wherein if any trust anchor of the set of available trust anchors becomes compromised, the attestation service is configured to indicate that attestation labels including the trust anchor are compromised.
  - 7. The attestation label of claim 1, wherein the first readable object is a first matrix barcode having a first color, and wherein the second readable object is a second matrix barcode having a second color different from the first color.
  - 8. The attestation label of claim 1, wherein the first readable object is printed on the attestation label by a secure printer, and the second readable object is printed on the attestation label by a non-secure printer.

9. A device, comprising:
- a housing including,a first portion, anda second portion coupled to the first portion to form a seam; and
  
  an attestation label affixed across the seam, the attestation label including;
  
  a first visually-readable object encoding a trust anchor encrypted with a cryptographic key;
  
  a second readable object encoding attestation service information and an identification code encrypted using the trust anchor; and
  
  a non-encoded representation of the identification code.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The device of claim 9, wherein the identification code is encrypted using the trust anchor in combination with the identification code.
  - 11. The device of claim 9, wherein the attestation service information includes an address of an attestation service computing device, and wherein the attestation service computing device is configured to verify whether the visually-readable identification code is authentic.
  - 12. The device of claim 9, wherein the attestation service computing device is configured to determine an eligibility status of the device.
  - 13. The device of claim 12, wherein the trust anchor is selected from a set of available trust anchors, and wherein if any trust anchor of the set of available trust anchors becomes compromised, the attestation service computing device is configured to indicate that devices having attestation labels including the trust anchor are compromised.
  - 14. The device of claim 9, wherein the attestation service computing device is configured to provide a plurality of attributes of the device based on the visually-readable identification code.
  - 15. The device of claim 9, wherein the first visually-readable object is a first matrix barcode having a first color and the second visually-readable object is a second matrix barcode having a second color different from the first color.
  - 16. The device of claim 9, wherein the first visually-readable object is printed on the attestation label by a secure printer, and the second visually-readable object is printed on the attestation label by a non-secure printer.

17. A computing device comprising:
- a logic machine; and
  
  a storage machine holding instructions executable by the logic machine to;
  
  receive, from a client computing system, a non-encoded identification code and an encrypted value decoded from a readable object, the readable object and the non-encoded identification code being included on an attestation label associated with a product;
  
  decrypt the encrypted value using a trust anchor to produce a decrypted value; and
  
  in response to the decrypted value matching the non-encoded identification code, send, to the client computing device, an indication that the attestation label is authentic.
- View Dependent Claims (18, 19, 20)
- - 18. The computing device of claim 17, wherein the storage machine further holds instructions executable by the logic machine to:
    - in response to the first decrypted value not matching the identification code, send, to the client computing device, an indication that the attestation label is counterfeit.
  - 19. The computing device of claim 17, wherein the storage machine further holds instructions executable by the logic machine to:
    - determine whether the trust anchor is compromised; and
      
      in response to determining that the trust anchor is compromised, send, to the client computing device, an indication that the product is compromised.
  - 20. The computing device of claim 17, wherein the readable object is a first readable object, the encrypted value is a first encrypted value, the decrypted value is a first decrypted value, and the storage machine further holds instructions executable by the logic machine to:
    - receive a second encrypted value decoded from a second readable object included on the attestation label;
      
      decrypt the second encrypted value using a cryptographic key to produce a second decrypted value; and
      
      in response to the first decrypted value matching the non-encoded identification code and the second decrypted value matching the trust anchor, send, to the client computing device, an indication that the attestation label is authentic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kouladjie, Kambiz

Granted Patent

US 9,628,270 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/36   by graphic or iconic repres...

G06F 21/44   Program or device authentic...

G06F 2212/1052   Security improvement

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/0838   Key agreement, i.e. key est...

CRYPTOGRAPHICALLY-VERIFIABLE ATTESTATION LABEL

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CRYPTOGRAPHICALLY-VERIFIABLE ATTESTATION LABEL

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links