Methods and apparatus for authenticating devices in a network environment

US 7,515,901 B1
Filed: 02/25/2004
Issued: 04/07/2009
Est. Priority Date: 02/25/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating operation of a transceiver with a control station within a wireless remote identification system, the method comprising:

receiving transceiver configuration information including a network address and transceiver authentication credentials for associating with the transceiver, wherein receiving the authentication request includes receiving a first data value and a second data value from the control station;

receiving an authentication request from a control station within the remote identification system;

producing an authentication response for authenticating the transceiver by applying authentication processing to request information in the authentication request, the authentication processing being based on use of the transceiver authentication credentials associated with the transceiver, wherein producing the authentication response includes;

utilizing the first data value to identify an instruction of multiple instructions associated with the transceiver;

computing an authentication response value by applying the identified instruction to the second data value; and

generating the authentication response to include the authentication response value; and

transmitting the authentication response to the control station to allow the control station to determine if the transceiver is authorized to communicate within the remote identification system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms and techniques provide for authenticating devices in a network such as a Radio Frequency Identification (RFID) Network between control stations and one or more transceivers. A transceiver receives transceiver configuration information including a network address and transceiver authentication credentials and receives an authentication request from the control station. The transceiver applies authentication processing to request information within the authentication request in conjunction with the transceiver authentication credentials to produce an authentication response and transmits the authentication response to the control station to allow the control station to determine if the transceiver is authorized to communicate within the remote identification system.

26 Citations

View as Search Results

51 Claims

1. A method for authenticating operation of a transceiver with a control station within a wireless remote identification system, the method comprising:
- receiving transceiver configuration information including a network address and transceiver authentication credentials for associating with the transceiver, wherein receiving the authentication request includes receiving a first data value and a second data value from the control station;
  
  receiving an authentication request from a control station within the remote identification system;
  
  producing an authentication response for authenticating the transceiver by applying authentication processing to request information in the authentication request, the authentication processing being based on use of the transceiver authentication credentials associated with the transceiver, wherein producing the authentication response includes;
  
  utilizing the first data value to identify an instruction of multiple instructions associated with the transceiver;
  
  computing an authentication response value by applying the identified instruction to the second data value; and
  
  generating the authentication response to include the authentication response value; and
  
  transmitting the authentication response to the control station to allow the control station to determine if the transceiver is authorized to communicate within the remote identification system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 23, 24)
- - 2. The method of claim 1 wherein the transceiver is an RFID (Radio Frequency Identification) transceiver and wherein the control station operates an RFID (Radio Frequency Identification) management application to communicate with multiple RFID tags in the wireless remote identification system, the transceiver configured to communicate information received from the multiple RFID tags over a wireless link to the control station.
  - 3. The method of claim 1 wherein receiving transceiver configuration information comprises:
    - performing an automatic download operation to receive the transceiver authentication credentials during trusted time period of operation of the transceiver.
  - 4. The method of claim 1, wherein the transceiver authentication credentials includes at least one of a roll forward and a roll back instruction and wherein a request data value in the authentication request from the control station indicates an amount by which to roll an instruction set associated with the transceiver.
  - 5. The method of claim 1 further comprising:
    - maintaining a set of authentication instructions and corresponding authentication values generated by the transceiver;
      
      matching an authentication value received in the authentication request from the control station to a respective corresponding authentication value in the set;
      
      identifying a corresponding authentication instruction associated with the corresponding authentication value in the set; and
      
      applying the corresponding authentication instruction to a data value in the authentication request to produce the authentication response.
  - 6. The method of claim 1 further comprising:
    - maintaining a set of authentication instructions and corresponding authentication values generated by the transceiver; and
      
      shifting a relationship position of the authentication instructions relative to the corresponding authentication values in the set by an amount specified by a data value in the authentication request such that, after shifting the relationship position, each corresponding authentication value in the set corresponds to a different authentication instruction than prior to shifting the relationship position of the authentication instruction.
  - 7. A method as in claim 1, wherein applying authentication processing to request information within the authentication request based on the transceiver authentication credentials to produce an authentication response includes:
    - based on information in the authentication request, identifying one of multiple authentication instructions maintained at the transceiver; and
      
      applying the identified one of multiple authentication instructions to i) a data value in the authentication request received from the control station and ii) an identification code associated with the transceiver to produce the authentication response.
  - 8. The method as in claim 1, wherein transmitting the authentication response to the control station enables the control station to identify whether the transceiver is authorized to communicate with remote tagged items with respect to the transceiver on communication paths other than through the control station, the method further comprising:
    - receiving an authentication success message from the control station indicating that the transceiver is able to communicate with the remote tagged items.
  - 9. A method as in claim 1, wherein transmitting the authentication response includes:
    - transmitting the authentication response from the transceiver to the control station, the authentication response including the authentication value to enable the control station to identify whether the transceiver is authorized to communicate with remote tagged items with respect to the transceiver.
  - 10. A method as in claim 1, wherein receiving the authentication request includes receiving a data value associated with the authentication request;
    - andwherein producing the authentication response includes;
      
      i) applying a computational instruction to modify the data value, and ii) generating the authentication response to include the modified data value.
  - 11. A method as in claim 1, wherein receiving the authentication request includes receiving a data value associated with the authentication request;
    - andwherein producing the authentication response includes;
      
      selecting a given computational instruction of multiplecomputational instructions associated with the transceiver;
      
      computing an authentication response value by applying the given computational instruction to the data value associated with the authentication request; and
      
      generating the authentication response to include the authentication response value.
  - 12. A method as in claim 1 further comprising:
    - receiving a set of authentication values and corresponding instructions;
      
      applying a hash function associated with the transceiver to each of the authentication values in the set to create a mapping of hashed authentication values to the corresponding instructions.
  - 13. The method as in claim 1 further comprising:
    - receiving a message from the control station, the message indicating that the transceiver is able to communicate with multiple wireless RFID tags; and
      
      retrieving information form the wireless RFID tags; and
      
      communicating the information to the control station.
  - 14. The method as in claim 1 further comprising:
    - maintaining a mapping in which each of multiple values are paired with a corresponding computational instruction for selective application to the second data value received in the request.
  - 15. A method as in claim 1, wherein applying authentication processing to request information in the authentication request based on the transceiver authentication credentials includes:
    - based on information in the authentication request, identifying one of multiple authentication instructions maintained at the transceiver; and
      
      applying the identified one of multiple authentication instructions to a data value in the authentication request received from the control station to produce the authentication response.
  - 16. The method as in claim 15, wherein transmitting the authentication response to the control station enables the control station to identify whether the transceiver is authorized to communicate with remote tagged items with respect to the transceiver on communication paths other than through the control station, the method further comprising:
    - receiving an authentication success message from the control station indicating that the transceiver is able to communicate with the remote tagged items.
  - 17. A method as in claim 1, wherein applying authentication processing to the request information includes:
    - identifying an authentication instruction that matches a request authentication result received in the authentication request; and
      
      applying the authentication instruction that matches the request authentication result to a request data value in the authentication request to produce the authentication response.
  - 18. A method as in claim 17, wherein identifying the authentication instruction includes:
    - applying an authentication instruction to authentication values in a set of authentication values in the transceiver authentication credentials to produce corresponding transceiver authentication results; and
      
      for each of the corresponding transceiver authentication results, determining if a respective transceiver authentication result matches the request authentication result in the authentication result received in the authentication request; and
      
      when identifying a match between the corresponding transceiver authentication results and the respective transceiver authentication, utilizing the corresponding authentication function to apply to the request data value in the authentication request to produce the authentication response.
  - 19. A method as in claim 1, wherein applying authentication processing to request information within the authentication request based on the transceiver authentication credentials to produce the authentication response includes:
    - selecting an authentication instruction based on information in the authentication request; and
      
      applying the authentication instruction to a data value in the authentication request received from the control station to produce an authentication value for inclusion in the authentication response.
  - 20. A method as in claim 19, wherein selecting the authentication instruction based on information in the authentication request includes obtaining the authentication instruction from multiple logic operation instructions stored in the transceiver depending on a respective value of the information in the authentication request;
    - andwherein applying the authentication instructions to the data value includes applying a selected logical operation instructions to the data value in the authentication request to produce the authentication value included in the authentication response.
  - 21. A method as in claim 20, wherein transmitting the authentication response includes:
    - transmitting the authentication response from the transceiver to the control station, the authentication response including the authentication value to enable the control station to identify whether the transceiver is authorized to communicate with remote tagged items, the transceiver configured to convey information from the remote tagged items to the control station subsequent to authorization by the control station.
  - 23. The method of claim 1 comprising repeating receiving an authentication request, applying authentication processing and transmitting the authentication response until at least one of:
    - i) an authentication acknowledgement is received from the control station indicating that the transceiver was successfully authenticated; and
      
      ii) a number of repeated attempts to authenticate the transceiver each fail.
  - 24. The method of claim 23 comprising repeating the operations of receiving an authentication request, applying authentication processing and transmitting the authentication response and upon each repeated iteration of such operations, the authentication request specifies at least one of:
    - i) a different request authentication result for use by the transceiver to select an authentication instruction; and
      
      ii) a different request data value for use by the transceiver during application of the selected authentication instruction.

22. A method for authenticating operation of a transceiver with a control station within a wireless remote identification system, the method comprising:
- receiving transceiver configuration information including a network address and transceiver authentication credentials for associating with the transceiver;
  
  receiving an authentication request from a control station within the remote identification system;
  
  producing an authentication response for authenticating the transceiver by applying authentication processing to request information in the authentication request, the authentication processing being based on use of the transceiver authentication credentials associated with the transceiver; and
  
  transmitting the authentication response to the control station to allow the control station to determine if the transceiver is authorized to communicate within the remote identification system;
  
  wherein receiving transceiver configuration information including a network address and transceiver authentication credentials comprises;
  
  performing address assignment processing to receive the network address;
  
  receiving transceiver authentication credentials including receiving;
  
  i) a transceiver identification code uniquely assigned to the transceiver; and
  
  ii) a transceiver instruction set containing a set of authentication values and corresponding authentication instructions.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The method of claim 22 wherein receiving transceiver configuration information comprises:
    - periodically receiving replacement transceiver authentication credentials to replace the transceiver authentication credentials formerly received by the transceiver.
  - 26. The method of claim 25 wherein the request information within the authentication request includes:
    - i) an request authentication result; and
      
      ii) a request data value;
      
      wherein applying authentication processing to request information within the authentication request based on the transceiver authentication credentials to produce the authentication response comprises;
      
      identifying an authentication instruction that matches the request authentication result; and
      
      applying the authentication instruction that matches the request authentication result to the request data value from the authentication request to produce the authentication response.
  - 27. The method of claim 26 wherein the identified authentication instruction is at least one of a roll forward and a roll back instruction and wherein the request data value indicates an amount by which to roll the instruction set and wherein applying the authentication instruction that matches the request authentication result to the request data value from the authentication request to produce the authentication response comprises:
    - shifting a relationship position of the authentication instruction relative to the transceiver authentication values in the authentication credentials by an amount specified by the request data value, such that each transceiver authentication value in the authentication credentials corresponds to a different authentication instruction than prior to shifting the relationship position of the authentication instruction.
  - 28. The method of claim 26 wherein identifying an authentication instruction that matches the request authentication result comprises:
    - applying an authentication function to authentication values in the set of authentication values within the transceiver authentication credentials to produce corresponding transceiver authentication results; and
      
      for each transceiver authentication result produced, determining if the transceiver authentication result matches the request authentication result for that authentication value, and if the transceiver authentication result matches the request authentication result for that authentication value, performing the operation applying the authentication instruction to produce the authentication response.
  - 29. The method of claim 28 wherein the request authentication result is a hash value result produced from a hash function within the control station and wherein the authentication function is an equivalent hash function within the transceiver and wherein the request authentication result is calculated by the control station using the hash function on a copy of the authentication values in the set of authentication values within the transceiver authentication credentials that is programmed into the control station.
  - 30. The method of claim 28 wherein applying the authentication instruction that matches the request authentication result to the request data value from the authentication request to produce the authentication response comprises:
    - applying the authentication instruction to the request data value based on the transceiver identification code to obtain the authentication response.

31. In a control station for management of transceivers, a method for authenticating operation of a transceiver with the control station, the method comprising:
- providing transceiver configuration information including a network address and transceiver authentication credentials to a transceiver;
  
  providing an authentication request from the control station within the remote identification system to the transceiver, the authentication request containing a request authentication result and a request data value;
  
  receiving an authentication response from the transceiver, the authentication response containing an authentication response answer to the authentication request, the authentication response answer including a computed data value derived by the transceiver applying a computational instruction to the request data value; and
  
  determining if the authentication response answer is valid by applying authentication processing to the authentication response answer within the authentication response in conjunction with the transceiver authentication credentials, and if the authentication response answer is valid, transmitting an authentication success message to the transceiver.
- View Dependent Claims (32, 33)
- - 32. The method of claim 31 wherein providing an authentication request from the control station within the remote identification system to the transceiver, the authentication request containing a request authentication result and a request data value comprises:
    - selecting a transceiver authentication value from the transceiver authentication credentials; and
      
      applying an authentication function to the transceiver authentication value to produce the request authentication result for use in the authentication request.
  - 33. The method of claim 32 wherein determining if the authentication response answer is valid comprises:
    - applying an authentication instruction corresponding to the selected transceiver authentication value to the request data value in conjunction with a transceiver identification code of the transceiver to which the authentication request was provided in order to produce a control station response; and
      
      comparing the control station response to the authentication response answer within the authentication response to determine if they are equivalent, and if they are equivalent, indicating that the authentication response answer is valid.

34. A transceiver comprising:
- a memory;
  
  a processor;
  
  a communications interface;
  
  an interconnection mechanism coupling the memory, the processor, and the communications interface, the memory encoded with an authentication process that when executed by the processor, causes the transceiver authenticate operation of the transceiver with a control station within a wireless remote identification system by causing the transceiver to perform the operations of;
  
  receiving, via the communications interface, transceiver configuration information including a network address and transceiver authentication credentials,receiving, via the communications interface, an authentication request from a control station within the remote identification system;
  
  applying authentication processing to request information within the authentication request by modifying the request information using the transceiver authentication credentials;
  
  producing an authentication response to include the modified request information; and
  
  transmitting, via the communications interface, the authentication response to the control station to allow the control station to determine if the transceiver is authorized to communicate within the remote identification system;
  
  wherein when the transceiver performs the operation of receiving transceiver configuration information including a network address and transceiver authentication credentials, the transceiver performs the operations of;
  
  performing address assignment processing to receive the network address;
  
  receiving transceiver authentication credentials including receiving;
  
  i) a transceiver identification code uniquely assigned to the transceiver; and
  
  ii) a transceiver instruction set containing a set of authentication values and corresponding authentication instructions.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 35. The transceiver of claim 34 wherein the transceiver is an RFID (Radio Frequency Identification) transceiver and wherein the control station operates an RFID (Radio Frequency Identification) management application.
  - 36. The transceiver of claim 34 wherein when the transceiver performs the operation of receiving transceiver configuration information, the transceiver performs the operation of:
    - performing an automatic download operation to receive the transceiver authentication credentials during trusted time period of operation of the transceiver.
  - 37. The transceiver of claim 34 wherein the transceiver performs the operation of repeating receiving an authentication request, applying authentication processing and transmitting the authentication response until at least one of:
    - i) an authentication acknowledgement is received from the control station indicating that the transceiver was successfully authenticated; and
      
      ii) a number of repeated attempts to authenticate the transceiver each fail.
  - 38. The transceiver of claim 37 wherein the transceiver performs the operation of repeating the operations of receiving an authentication request, applying authentication processing and transmitting the authentication response and upon each repeated iteration of such operations, the authentication request specifies at least one of:
    - i) a different request authentication result for use by the transceiver to select an authentication instruction; and
      
      ii) a different request data value for use by the transceiver during application of the selected authentication instruction.
  - 39. The transceiver of claim 34 wherein when the transceiver performs the operation of receiving transceiver configuration information, the transceiver performs the operation of:
    - periodically receiving replacement transceiver authentication credentials to replace the transceiver authentication credentials formerly received by the transceiver.
  - 40. The transceiver of claim 39 wherein the request information within the authentication request includes:
    - i) an request authentication result; and
      
      ii) a request data value;
      
      wherein when the transceiver performs the operation of applying authentication processing to request information within the authentication request in conjunction with the transceiver authentication credentials to produce an authentication response, the transceiver performs the operations of;
      
      identifying an authentication instruction that matches the request authentication result; and
      
      applying the authentication instruction that matches the request authentication result to the request data value from the authentication request to produce the authentication response.
  - 41. The transceiver of claim 40 wherein the identified authentication instruction is at least one of a roll forward and a roll back instruction and wherein the request data value indicates an amount by which to roll the instruction set and wherein when the transceiver performs the operation of applying the authentication instruction that matches the request authentication result to the request data value from the authentication request to produce the authentication response, the transceiver performs the operation of:
    - shifting a relationship position of the authentication instruction relative to the transceiver authentication values in the authentication credentials by an amount specified by the request data value, such that each transceiver authentication value in the authentication credentials corresponds to a different authentication instruction than prior to shifting the relationship position of the authentication instruction.
  - 42. The transceiver of claim 40 wherein when the transceiver performs the operation of identifying an authentication instruction that matches the request authentication result, the transceiver performs the operations of:
    - applying an authentication function to authentication values in the set of authentication values within the transceiver authentication credentials to produce corresponding transceiver authentication results; and
      
      for each transceiver authentication result produced, determining if the transceiver authentication result matches the request authentication result for that authentication value, and if the transceiver authentication result matches the request authentication result for that authentication value, performing the operation applying the authentication instruction to produce the authentication response.
  - 43. The transceiver of claim 42 wherein the request authentication result is a hash value result produced from a hash function within the control station and wherein the authentication function is an equivalent hash function within the transceiver and wherein the request authentication result is calculated by the control station using the hash function on a copy of the authentication values in the set of authentication values within the transceiver authentication credentials that is programmed into the control station.
  - 44. The transceiver of claim 42 wherein when the transceiver performs the operation of applying the authentication instruction that matches the request authentication result to the request data value from the authentication request to produce the authentication response, the transceiver performs the operation of:
    - applying the authentication instruction to the request data value in conjunction with the transceiver identification code to obtain the authentication response.

45. A control station comprising:
- a memory;
  
  a processor;
  
  a communications interface;
  
  an interconnection mechanism coupling the memory, the processor, and the communications interface, the memory encoded with an authentication process that when executed by the processor, causes the control station to authenticate operation of a transceiver with the control station within a wireless remote identification system by causing the control station to perform the operations of;
  
  providing, via the communications interface, transceiver configuration information including a network address and transceiver authentication credentials to a transceiver;
  
  providing, via the communications interface, an authentication request from the control station within the remote identification system to the transceiver, the authentication request containing a request authentication result and a request data value;
  
  receiving, via the communications interface, an authentication response from the transceiver, the authentication response containing an authentication response answer to the authentication request; and
  
  determining if the authentication response answer is valid by applying authentication processing to the authentication response answer within the authentication response in conjunction with the transceiver authentication credentials, and if the authentication response answer is valid, transmitting, via the communications interface, an authentication success message to the transceiver.
- View Dependent Claims (46, 47)
- - 46. The control station of claim 45 wherein when the control station performs the operation of providing an authentication request from the control station within the remote identification system to the transceiver, the authentication request containing a request authentication result and a request data value, the control station performs the operations of:
    - selecting a transceiver authentication value from the transceiver authentication credentials; and
      
      applying an authentication function to the transceiver authentication value to produce the request authentication result for use in the authentication request.
  - 47. The control station of claim 46 wherein when the control station performs the operation of determining if the authentication response answer is valid, the control station performs the operations of:
    - applying an authentication instruction corresponding to the selected transceiver authentication value to the request data value in conjunction with a transceiver identification code of the transceiver to which the authentication request was provided in order to produce a control station response; and
      
      comparing the control station response to the authentication response answer within the authentication response to determine if they are equivalent, and if they are equivalent, indicating that the authentication response answer is valid.

48. A method for authenticating operation of a transceiver with a control station within a wireless remote identification system, the method comprising:
- receiving transceiver configuration information including a network address and transceiver authentication credentials for associating with the transceiver, wherein receiving the authentication request includes receiving a first data value and a second data value from the control station;
  
  receiving an authentication request from a control station within the remote identification system;
  
  producing an authentication response for authenticating the transceiver by applying authentication processing to request information in the authentication request, the authentication processing being based on use of the transceiver authentication credentials associated with the transceiver, wherein producing the authentication response includes;
  
  utilizing the first data value to identify an instruction of multiple instructions associated with the transceiver;
  
  computing an authentication response value by applying the identified instruction to the second data value; and
  
  generating the authentication response to include the authentication response value; and
  
  transmitting the authentication response to the control station to allow the control station to determine if the transceiver is authorized to communicate within the remote identification system;
  
  wherein receiving the transceiver authentication credentials includes;
  
  receiving a first alphanumeric value and a corresponding first instruction;
  
  receiving a second alphanumeric value and a corresponding second instruction; and
  
  maintaining the first alphanumeric value and the corresponding first instruction at the transceiver as a first value-instruction pair;
  
  maintaining the second alphanumeric value and the corresponding second instruction at the transceiver as a second value-instruction pair.
- View Dependent Claims (49, 50, 51)
- - 49. A method as in claim 48 further comprising:
    - applying the authentication processing at the transceiver to the first alphanumeric value to generate a first transceiver generated result associated with the first alphanumeric value and the corresponding first instruction;
      
      applying the authentication processing at the transceiver to the second alphanumeric value to generate a second transceiver generated result associated with the second alphanumeric value and the corresponding second instruction;
      
      maintaining the first transceiver generated result along with the first value-instruction pair; and
      
      maintaining the second transceiver generated result along with the second value-instruction pair.
  - 50. A method as in claim 49, wherein applying authentication processing to request information within the authentication request includes:
    - identifying an authentication value in the authentication request received from the control station;
      
      matching the authentication value in the authentication request to one of the first transceiver generated result and the second transceiver generated result; and
      
      if the authentication value in the authentication request received from the control station matches the first transceiver generated result, utilizing the corresponding first instruction to generate a response to the control station; and
      
      if the authentication value in the authentication request received from the control station matches the second transceiver generated result, utilizing the corresponding second instruction to generate a response to the control station.
  - 51. A method as in claim 49, wherein applying authentication processing to request information within the authentication request includes:
    - identifying an authentication value in the authentication request received from the control station;
      
      attempting to match the authentication value in the authentication request to one of the first transceiver generated result and the second transceiver generated result; and
      
      if the authentication value in the authentication request received from the control station does not match either of the first and second transceiver generated result, failing authentication of the transceiver.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Kaundinya, Murali P.
Primary Examiner(s)
Ly; Nghi H

Application Number

US10/786,529
Time in Patent Office

1,868 Days
Field of Search

455/411, 455/415, 455/410, 455/418, 380/247, 380/270, 340/5.8, 349/5.8
US Class Current

455/411
CPC Class Codes

G06Q 10/08   Logistics, e.g. warehousing...

H04L 63/0823   using certificates cryptogr...

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

H04W 12/069   using certificates or pre-s...

Methods and apparatus for authenticating devices in a network environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for authenticating devices in a network environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links