User authentication for contact-less systems
First Claim
1. A method, comprising:
- receiving, at a contact-less tag reader, first data transmitted by a tag;
validating the first data to determine whether the first data comprises candidate data for authentication, the validating being deemed successful if the first data comprises candidate data for authentication, and unsuccessful otherwise;
responsive to the validating being deemed successful, authenticating the candidate data;
wherein said validating comprises;
extracting from the first data an identifier and second data;
comparing the identifier to a predetermined reference identifier; and
concluding that the first data comprises candidate data for authentication if the identifier matches the predetermined reference identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
A validation phase is performed at an RFID reader, in order to ascertain which of a plurality of potential candidates for authentication, are actual candidates for authentication. Once a candidate has been successfully validated, an authentication phase is initiated with a host computer, to determine whether the information presented by the candidate matches expected information about the candidate. If the authentication is considered successful, a final authorization procedure may be performed, or the authenticated candidate may be granted certain predetermined permissions. By performing the validation phase locally at the reader, the need for accessing a host computer is reduced and unnecessary queries to the host computer are avoided.
-
Citations
49 Claims
-
1. A method, comprising:
-
receiving, at a contact-less tag reader, first data transmitted by a tag; validating the first data to determine whether the first data comprises candidate data for authentication, the validating being deemed successful if the first data comprises candidate data for authentication, and unsuccessful otherwise; responsive to the validating being deemed successful, authenticating the candidate data; wherein said validating comprises; extracting from the first data an identifier and second data; comparing the identifier to a predetermined reference identifier; and concluding that the first data comprises candidate data for authentication if the identifier matches the predetermined reference identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A method of programming a tag, comprising:
-
determining a user identifier associated with a user of the tag; determining a personal identifier associated with the user of the tag; encrypting the personal identifier with an encryption key to produce an encrypted personal identifier; determining a common identifier jointly associated with the user of the tag and other users of other tags; creating a unique tag identifier (UTI), the UTI comprising the user identifier, the encrypted personal identifier and the common identifier; storing the UTI in a memory of the tag. - View Dependent Claims (38, 39, 40)
-
-
41. Computer-readable media tangibly embodying a program of instructions executable by a host computer to perform a method of authenticating tag data that has been validated on a basis of an identifier in the tag data, the tag data further comprising second data, the second data having a first portion corresponding to an index and a second portion corresponding to an encrypted version of third data, the method comprising:
-
applying decryption to the second portion of the second data to obtain the third data; consulting a database at a location associated with the index to obtain fourth data; comparing the third and fourth data; deeming authentication to be successful if the third data matches the fourth data, and unsuccessful otherwise.
-
- 42. A memory storing first data for transmission by a radio frequency tag to a reader, the first data comprising an identifier and second data, the identifier being known to the reader and allowing the reader to validate the tag without contacting a host, the second data comprising a first portion corresponding to an index and a second portion corresponding to an encrypted version of third data, the third data and the index being known to the host and allowing the host to authenticate the tag upon performing decryption of the second portion of the second data.
- 45. A signal tangibly embodied in a transmission medium and transmitted by a radio frequency tag, the signal comprising first data, the first data comprising an identifier and second data, the identifier being known to a reader of the tag and allowing the reader to validate the tag without contacting a host, the second data comprising a first portion corresponding to an index and a second portion corresponding to an encrypted version of third data, the third data and the index being known to the host and allowing the host to authenticate the tag upon performing decryption of the second portion of the second data.
-
47. Computer-readable media tangibly embodying a program of instructions executable by a contact-less tag reader to perform a method, the method comprising:
-
receiving first data transmitted by a tag; validating the first data to determine whether the first data comprises candidate data for authentication, the validating being deemed successful if the first data comprises candidate data for authentication, and unsuccessful otherwise; responsive to the validating being deemed successful, authenticating the candidate data; wherein said validating comprises; extracting from the first data an identifier and second data; comparing the identifier to a predetermined reference identifier; and concluding that the first data comprises candidate data for authentication if the identifier matches the predetermined reference identifier.
-
-
48. A contact-less tag reader, comprising:
-
an antenna; a broadcast interface for receiving a signal through the antenna, the signal comprising first data transmitted by a tag; a control module connected to the broadcast interface, the control module being operative for; validating the first data to determine whether the first data comprises candidate data for authentication, the validating being deemed successful if the first data comprises candidate data for authentication, and unsuccessful otherwise; responsive to the validating being deemed successful, causing authentication of the candidate data to be performed; wherein said validating comprises; extracting from the first data an identifier and second data; comparing the identifier to a predetermined reference identifier; and concluding that the first data comprises candidate data for authentication if the identifier matches the predetermined reference identifier. - View Dependent Claims (49)
-
Specification