Challenged-based tag authentication model

US 6,842,106 B2
Filed: 10/04/2002
Issued: 01/11/2005
Est. Priority Date: 10/04/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of securing communications in an RFID system including a reader and an RF tag having a memory configured to store information, the method comprising:

sending, from the reader, a message to the tag;

the tag, in response to the message, generating a challenge value and sending the challenge value to the reader;

in any order;

the reader performing a mathematical operation on the challenge value based upon a key value, stored in the reader to generate a challenge reply and sending the challenge reply to the tag; and

prior to receiving the challenge reply from the reader, the tag independently computing a challenge response based on an identical key value and mathematical operation stored in the tag;

the tag comparing the challenge response computed by the tag with the challenge reply sent by the reader; and

the tag authenticating the reader if the challenge response matches the challenge reply.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securing communications in an RFID system including a reader and an RF tag having a memory configured to store information comprises sending, from the reader, a message to the tag; the tag, in response to the message, generating a challenge value and sending the challenge value to the reader; in any order: the reader performing a mathematical operation on the challenge value based upon a key value to generate a challenge reply and sending the challenge reply to the tag and the tag independently computing a challenge response based on the key value and mathematical operation; the tag comparing the challenge response computed by the tag with the challenge reply sent by the reader; and the tag authenticating the reader if the challenge response matches the challenge reply. An RFID system including an RFID tag and a reader are configured to perform the above steps.

Citations

46 Claims

1. A method of securing communications in an RFID system including a reader and an RF tag having a memory configured to store information, the method comprising:
- sending, from the reader, a message to the tag;
  
  the tag, in response to the message, generating a challenge value and sending the challenge value to the reader;
  
  in any order;
  
  the reader performing a mathematical operation on the challenge value based upon a key value, stored in the reader to generate a challenge reply and sending the challenge reply to the tag; and
  
  prior to receiving the challenge reply from the reader, the tag independently computing a challenge response based on an identical key value and mathematical operation stored in the tag;
  
  the tag comparing the challenge response computed by the tag with the challenge reply sent by the reader; and
  
  the tag authenticating the reader if the challenge response matches the challenge reply.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method of securing communications in an RFID system in accordance with claim 1 wherein sending, from the reader, a message to the tag comprises sending a command requesting access to the information in the memory.
  - 3. A method of securing communications in an RFID system in accordance with claim 1 wherein sending, from the reader, a message to the tag comprises sending a command requesting commencement of an authentication procedure.
  - 4. A method of securing communications in an RFID system in accordance with claim 1 wherein the challenge value is a pseudo random value.
  - 5. A method of securing communications in an RFID system in accordance with claim 1 wherein the challenge value is a long binary value.
  - 6. A method of securing communications in an RFID system in accordance with claim 1 wherein the challenge value is a binary value of over 128 bits.
  - 7. A method of securing communications in an RFID system in accordance with claim 1 wherein the challenge value and challenge response are calculated by performing a plurality of mathematical operations.

8. A method of securing communications in an RFID system including a reader and an RF tag having a memory configured to store information, the method comprising:
- sending, from the tag, a message to the reader;
  
  the reader, in response to the message, generating a challenge value and sending the challenge value to the tag;
  
  in any order;
  
  the tag performing a mathematical operation on the challenge value based upon a key value to generate a challenge reply and sending the challenge reply to the reader; and
  
  prior to receiving the challenge reply from the tag, the reader independently computing a challenge response based on the key value and mathematical operation;
  
  the reader comparing the challenge response computed by the reader with the challenge reply sent by the tag; and
  
  the reader authenticating the tag if the challenge response matches the challenge reply.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A method of securing communications in an RFID system in accordance with claim 8 wherein sending, from the tag, a message to the reader comprises sending a command requesting access to the information in the memory.
  - 10. A method of securing communications in an RFID system in accordance with claim 8 wherein sending, from the tag, a message to the reader comprises sending a command requesting commencement of an authentication procedure.
  - 11. A method of securing communications in an RFID system in accordance with claim 8 wherein the challenge value is a pseudo random value.
  - 12. A method of securing communications in an RFID system in accordance with claim 8 wherein the challenge value is a long binary value.
  - 13. A method of securing communications in an RFID system in accordance with claim 8 wherein the challenge value is a binary value of over 128 bits.
  - 14. A method of securing communications in an RFID system in accordance with claim 8 wherein the challenge value and challenge response are calculated by performing a plurality of mathematical operations.

15. An RFID communications system comprising:
- an RF tag having a memory configured to store information; and
  
  a reader configured to send a message to the tag;
  
  the tag being configured to, in response to the message, generate a challenge value and send the challenge value to the reader;
  
  the reader being configured to perform a mathematical operation on the challenge value based upon a key value to generate a challenge reply and send the challenge reply to the tag;
  
  the tag being further configured to independently compute a challenge response based on the key value and mathematical operation prior to receiving the challenge reply from the reader, to compare the challenge response computed by the tag with the challenge reply sent by the reader, and to authenticate the reader if the challenge response matches the challenge reply.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. An RFID communications system in accordance with claim 15 wherein the message the reader is configured to send to the tag comprises a command requesting access to the information in the memory.
  - 17. An RFID communications system in accordance with claim 15 wherein the message the reader is configured to send to the tag comprises a command requesting commencement of an authentication procedure.
  - 18. An RFID communications system in accordance with claim 15 wherein the tag includes a random number generator and wherein the challenge value is a random value.
  - 19. An RFID communications system in accordance with claim 15 wherein the challenge value is a long binary value.
  - 20. An RFID communications system in accordance with claim 15 wherein the challenge value is a binary value of over 128 bits.
  - 21. An RFID communications system in accordance with claim 15 wherein the challenge value and challenge response are calculated by performing a plurality of mathematical operations.

22. An RFID communications system comprising:
- an RF tag having a memory configured to store information; and
  
  a reader configured for RF communication with the tag, the tag being configured to send a message to the reader;
  
  the reader being configured to, in response to the message, generate a challenge value and send the challenge value to the tag;
  
  the tag being configured to perform a mathematical operation on the challenge value based upon a key value to generate a challenge reply and send the challenge reply to the reader;
  
  the reader being further configured to independently compute a challenge response based on the key value and mathematical operation prior to receiving the challenge reply from the tag, to compare the challenge response computed by the reader with the challenge reply sent by the tag, and to authenticate the tag if the challenge response matches the challenge reply.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. An RFID communications system in accordance with claim 22 wherein the message the tag is configured to send to the reader comprises a command requesting access to the information in the memory.
  - 24. An RFID communications system in accordance with claim 22 wherein the message the tag is configured to send to the reader comprises a command requesting commencement of an authentication procedure.
  - 25. An RFID communications system in accordance with claim 22 wherein the reader includes a random number generator and wherein the challenge value is a random value.
  - 26. An RFID communications system in accordance with claim 22 wherein the challenge value is a long binary value.
  - 27. An RFID communications system in accordance with claim 22 wherein the challenge value is a binary value of over 128 bits.
  - 28. An RFID communications system in accordance with claim 22 wherein the challenge value and challenge response are calculated by performing a plurality of mathematical operations.

29. A method of securing communications in an RFID system including a reader and an RF tag having a memory configured to store information, the method comprising the following steps, in order:
- sending, from the tag, a message to the reader;
  
  the reader, in response to the message, generating a challenge value, independently computing a challenge response based on the key value and mathematical operation, and sending the challenge value to the tag;
  
  the tag performing a mathematical operation on the challenge value based upon a key value to generate a challenge reply and sending the challenge reply to the reader;
  
  the reader directly comparing the challenge response computed by the reader with the challenge reply sent by the tag, without first performing a mathematical operation on the challenge reply; and
  
  the reader authenticating the tag if the challenge response matches the challenge reply.
- View Dependent Claims (30, 31, 32, 33, 34, 35)
- - 30. A method of securing communications in an RFID system in accordance with claim 29 wherein sending, from the tag, a message to the reader comprises sending a command requesting access to the information in the memory.
  - 31. A method of securing communications in an RFID system in accordance with claim 29 wherein the challenge value is a pseudo random value.
  - 32. A method of securing communications in an RFID system in accordance with claim 29 wherein the challenge value is a long binary value.
  - 33. A method of securing communications in an RFID system in accordance with claim 29 wherein the challenge value is a binary value of over 128 bits.
  - 34. A method of securing communications in an RFID system in accordance with claim 29 wherein the challenge value and challenge response are calculated by performing a plurality of mathematical operations.
  - 35. A method of securing communications in an RFID system in accordance with claim 29 wherein the sendings between the tag and the reader include RF backscatter communication.

36. An RFID reader for use with an RF tag having a memory configured to store information and configured to send an authentication request to the reader, the reader being configured to, in response to the request:
- generate a challenge value and send the challenge value to the tag, and wait for the tag to perform a mathematical operation on the challenge value based upon a key value to generate a challenge reply and to send the challenge reply to the reader;
  
  independently compute a challenge response based on the key value and mathematical operation prior to receiving the challenge reply from the tag;
  
  compare the challenge response computed by the reader with the challenge reply sent by the tag without performing a mathematical operation on the challenge reply sent by the tag prior to the comparing; and
  
  authenticate the tag if the challenge response matches the challenge reply.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43)
- - 37. An RFID communications system in accordance with claim 36 wherein the message the tag is configured to send to the reader comprises a command requesting access to the information in the memory.
  - 38. An RFID communications system in accordance with claim 36 wherein the message the tag is configured to send to the reader comprises a command requesting commencement of an authentication procedure.
  - 39. An RFID communications system in accordance with claim 36 wherein the reader includes a random number generator and wherein the challenge value is a random value.
  - 40. An RFID communications system in accordance with claim 36 wherein the challenge value is a long binary value.
  - 41. An RFID communications system in accordance with claim 36 wherein the challenge value is a binary value of over 128 bits.
  - 42. An RFID communications system in accordance with claim 36 wherein the challenge value and challenge response are calculated by performing a plurality of mathematical operations.
  - 43. An RFID communications system in accordance with claim 36 wherein the RF communication between the tag and the reader includes RF backscatter communication.

44. A method of securing communications in an RFID system including a reader and an RF tag, the method comprising the following steps:
- sending, from the reader, a request to the tag;
  
  the tag, in response to the request, generating and sending a challenge value to the reader;
  
  the reader performing a mathematical operation on the challenge value using a reader private key value to generate an encrypted challenge reply and sending the encrypted challenge reply to the tag;
  
  the tag performing a mathematical operation on the encrypted challenge reply using a reader public key value to generate a decrypted response;
  
  the tag comparing the decrypted response with the challenge value; and
  
  the tag authenticating the reader if the decrypted response matches the challenge value.

45. A method of securing communications in an RFID system including a reader and an RF tag, the method comprising the following steps:
- the reader generating a non-encrypted challenge value;
  
  the reader sending a request, including the challenge value, to the tag;
  
  the tag, in response to the request, performing a mathematical operation on the challenge value using a tag private key value to generate an encrypted challenge reply and sending the encrypted challenge reply to the reader;
  
  the reader performing a mathematical operation on the encrypted challenge reply using a tag public key value to generate a decrypted response;
  
  the reader comparing the decrypted response with the challenge value; and
  
  the reader authenticating the tag if the decrypted response matches the challenge value.

46. A method of securing communications in an RFID system including a reader and an RF tag, the method comprising the following steps:
- the reader generating a non-encrypted first challenge value;
  
  the reader sending a request, including the first challenge value, to the tag;
  
  the tag, in response to the request, performing a mathematical operation on the first challenge value using a tag private key value to generate an encrypted first challenge reply;
  
  the tag generating a non-encrypted second challenge value, and sending the first challenge reply and the second challenge value to the reader;
  
  the reader performing a mathematical operation on the first challenge reply using a tag public key value to generate a decrypted first response;
  
  the reader comparing the first response with the first challenge value and authenticating the tag if the first response matches the first challenge value;
  
  the reader performing a mathematical operation on the second challenge value using a reader private key value to generate an encrypted second challenge reply and sending the second challenge reply to the tag;
  
  the tag performing a mathematical operation on the second challenge reply using a reader public key value to generate a decrypted second response; and
  
  the tag comparing the second response with the second challenge value and authenticating the reader if the second response matches the second challenge value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Battelle Memorial Institute
Original Assignee
Battelle Memorial Institute
Inventors
Pratt, Richard M., Hughes, Michael A.
Primary Examiner(s)
MULLEN, THOMAS J

Application Number

US10/263,635
Publication Number

US 20040066278A1
Time in Patent Office

830 Days
Field of Search

340/10.1, 340/5.8, 340/572.1, 713168-172, 380/255, 380/258, 380/270
US Class Current

340/5.8
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2103   Challenge-response

G06F 2221/2129   Authenticate client device ...

G06K 19/0723   the record carrier comprisi...

G06K 7/0008   General problems related to...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0435   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 9/3271   using challenge-response

Challenged-based tag authentication model

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

Challenged-based tag authentication model

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links