RFID and sensor signing algorithm

US 7,800,499 B2
Filed: 06/05/2007
Issued: 09/21/2010
Est. Priority Date: 06/05/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for signing tags associated with objects, the method comprising:

receiving, at a computer system that provides one or more applications with tracking information associated with the objects, a first identifier associated with an object, the first identifier configured to be used by the one or more applications to obtain tracking information associated with the object from the computer system;

determining, with a processor associated with the computer system, a bit-reducing scheme for generating identifiers to be stored in tags;

generating, with the processor associated with the computer system, a second identifier for a tag associated with the object based on the bit-reducing scheme applied to the first identifier, the second identifier having a predetermined key portion set according to the bit-reducing scheme and configured to be stored in the tag and readable by one or more tag reading devices to recognize the tag when in the presence of the tag, the second identifier being different from the first identifier and having a smaller number of bits than the first identifier;

generating, with the processor associated with the computer system, information reserved in secret from the one or more applications that associates the first identifier associated with the object with the second identifier for the tag such that the one or more applications obtain first tracking information from the computer system for the object based on the first identifier, the first tracking information derived from at least one of the one or more tag reading devices in response to an authentication from reading the second identifier from the tag;

determining, with the processor associated with the computer system, a private key-public key pair for the bit-reducing scheme from a plurality of private key-public key pairs accessible to the computer-system;

wherein said key pair corresponds to said predetermined key portion;

generating, with the processor associated with the computer system, a first signature for the tag based on and in response to encrypting the second identifier with a selected public key in the private key-public key pair;

storing the second identifier and the first signature in the tag.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various embodiments, a method for signing tags associated with objects includes receiving a first identifier associated with a tag. A first signature is generated for the tag based on the identifier and a public key. The first identifier and the first signature are then stored in the tag.

42 Citations

View as Search Results

20 Claims

1. A computer-implemented method for signing tags associated with objects, the method comprising:
- receiving, at a computer system that provides one or more applications with tracking information associated with the objects, a first identifier associated with an object, the first identifier configured to be used by the one or more applications to obtain tracking information associated with the object from the computer system;
  
  determining, with a processor associated with the computer system, a bit-reducing scheme for generating identifiers to be stored in tags;
  
  generating, with the processor associated with the computer system, a second identifier for a tag associated with the object based on the bit-reducing scheme applied to the first identifier, the second identifier having a predetermined key portion set according to the bit-reducing scheme and configured to be stored in the tag and readable by one or more tag reading devices to recognize the tag when in the presence of the tag, the second identifier being different from the first identifier and having a smaller number of bits than the first identifier;
  
  generating, with the processor associated with the computer system, information reserved in secret from the one or more applications that associates the first identifier associated with the object with the second identifier for the tag such that the one or more applications obtain first tracking information from the computer system for the object based on the first identifier, the first tracking information derived from at least one of the one or more tag reading devices in response to an authentication from reading the second identifier from the tag;
  
  determining, with the processor associated with the computer system, a private key-public key pair for the bit-reducing scheme from a plurality of private key-public key pairs accessible to the computer-system;
  
  wherein said key pair corresponds to said predetermined key portion;
  
  generating, with the processor associated with the computer system, a first signature for the tag based on and in response to encrypting the second identifier with a selected public key in the private key-public key pair;
  
  storing the second identifier and the first signature in the tag.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein encrypting the second identifier with the selected public key comprises generating a hash key using the second identifier and the selected public key with a hash function.
  - 3. The method of claim 1 further comprising:
    - receiving, at the computer system, information from the tag in response to a reading of the tag using a tag reading device;
      
      determining, with the processor associated with the computer system, the second identifier based on the received information;
      
      determining, with the processor associated with the computer system, that the private key-public key pair corresponds to the second identifier based on the predetermined key portion of the second identifier;
      
      determining, with the processor associated with the computer system, the first signature based on the received information; and
      
      authenticating, with the processor associated with the computer system, the the tag based on the second identifier and decrypting the first signature with a selected private key in the corresponding private key-public key pair.
  - 4. The method of claim 1 further comprising:
    - receiving, at the computer system, an EPC identifier associated with an object as the first identifier; and
      
      generating, with the processor associated with the computer system, the second identifier based on the EPC identifier.
  - 5. The method of claim 1 wherein generating the information associating the first identifier associated with the object and the second identifier comprises generating information associating the first identifier with a third identifier related to the second identifier, the method further comprising:
    - receiving, at the computer system, a window for the bit-reducing scheme indicative of validity of the second identifier, the window specifying a range mask to be applied to the second identifier to generate the third identifier;
      
      determining, with the processor associated with the computer system, the first identifier for the object based on the second identifier, the window specifying the range mask to be applied to the second identifier to generate the third identifier, and the information associating the first identifier associated with the object and the third identifier related to the second identifier; and
      
      generating, with the processor associated with the computer system, the first tracking information for the object based on the first identifier in response to authenticating the tag.
  - 6. The method of claim 1 wherein generating, with the processor associated with the computer system, the second identifier comprises generating an identifier having a reduced number of bits than that which may be stored in the tag.
  - 7. The method of claim 1 further comprising:
    - generating, with the processor associated with the computer system, a third identifier for the tag associated with the object based on the bit-reducing scheme according to a rotation scheme, the third identifier having a predetermined key portion according to the bit-reducing scheme and configured to be stored in the tag and readable by one or more tag reading devices to recognize the tag when in the presence of the tag, the third identifier being different from the first identifier and the second identifier and having a smaller number of bits than the first identifier;
      
      generating, with the processor associated with the computer system, information reserved in secret from the one or more applications that associates the first identifier associated with the object with the third identifier for the tag such that the one or more applications obtain second tracking information from the computer system for the object based on the first identifier, the second tracking information derived from at least one of the one or more tag reading devices in response to an authentication from reading the third identifier from the tag;
      
      generating, with the processor associated with the computer system, a second signature for the tag based on and in response to encrypting the third identifier with the selected public key in the private key-public key pair; and
      
      storing the third identifier and the second signature in the tag.

8. A data processing system for signing tags associated with objects, the system comprising:
- a processor; and
  
  a memory coupled to the processor, the memory storing a plurality of code modules which when executed by the processor configure the processor to;
  
  receive a first identifier associated with an object, the first identifier being used by one or more applications to obtain tracking information associated with the object;
  
  determine a bit-reducing scheme applied to the first identifier for generating identifiers to be stored in tags;
  
  generate a second identifier for the a tag associated with the object based on the bit-reducing scheme, the second identifier having a predetermined key portion according to the bit-reducing scheme and configured to be stored in the tag and readable by one or more tag reading devices to recognize the tag when in the presence of the tag, the second identifier being different from the first identifier and having a smaller number of bits than the first identifier;
  
  generate information reserved in secret from the one or more applications that associates the first identifier associated with the object with the second identifier such that the one or more applications obtain first tracking information for the object based on the first identifier, the first tracking information derived from at least one of the one or more tag reading devices in response to an authentication from reading the second identifier from the tag;
  
  store the information associating the first identifier associated with the object with the second identifier in a database;
  
  determine a private key-public key pair for the bit-reducing scheme from a plurality of private key-public key pairs;
  
  wherein said key pair corresponds to said predetermined key portion;
  
  generate a first signature for the tag based on and in response to encrypting the second identifier with a selected public key in the private key-public key pair; and
  
  generate one or more instructions to store the second identifier and the first signature in the tag.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8 wherein the processor is further configured to generate a hash key using the second identifier and the public key with a hash function.
  - 10. The system of claim 8 wherein the processor is further configured to:
    - receive information from the tag in response to a reading of the tag using a tag reading device;
      
      determine the second identifier based on the received information;
      
      determine that the private key-public key pair corresponds to the second identifier based on the predetermined key portion of the second identifier;
      
      determine the first signature based on the received information; and
      
      authenticate the tag based on the second identifier and decrypting the first signature with a selected private key in the corresponding private key-public key pair.
  - 11. The system of claim 8 wherein the processor is configured to:
    - receive an EPC identifier associated with an object as the first identifier; and
      
      generate the second identifier based on the EPC identifier.
  - 12. The system of claim 8 wherein the processor is configured to:
    - generate information associating the first identifier with a third identifier related to the second identifier to generate the information associating the first identifier associated with the object and the second identifier;
      
      receive a window for the bit-reducing scheme indicative of validity of the second identifier, the window specifying a range mask to be applied to the second identifier to generate the third identifier;
      
      determine the first identifier for the object based on the second identifier, the window specifying the range mask to be applied to the second identifier to generate the third identifier, and the information associating the first identifier associated with the object and the third identifier related to the second identifier; and
      
      generate the first tracking information based on the first identifier in response to authenticating the tag.
  - 13. The system of claim 8 wherein the second identifier comprises a reduced number of bits than that which may be stored in the tag.
  - 14. The system of claim 8 wherein the processor is configured to:
    - generate a third identifier for the tag associated with the object based on the bit-reducing scheme according to a rotation scheme, the third identifier having a predetermined key portion according to the bit-reducing scheme and configured to be stored in the tag and readable by one or more tag reading devices to recognize the tag when in the presence of the tag, the third identifier being different from the first identifier and the second identifier and having a smaller number of bits than the first identifier;
      
      generate information reserved in secret from the one or more applications that associates the first identifier associated with the object with the third identifier for the tag such that the one or more applications obtain second tracking information for the object based on the first identifier, the second tracking information derived from at least one of the one or more tag reading devices in response to an authentication from reading the third identifier from the tag;
      
      generate a second signature for the tag based on and in response to encrypting the third identifier with the selected public key in the private-key-public key pair; and
      
      generate one or more instructions to store the third identifier and the second signature in the tag.

15. A computer-readable storage medium storing a computer program product executable by one or more processors of one or more computer systems for signing tags associated with objects, the computer-readable storage medium comprising:
- code for receiving a first identifier associated with an object, the first identifier being used by one or more applications to obtain tracking information associated with the objects;
  
  code for determining a bit-reducing scheme applied to the first identifier for generating identifiers to be stored in tags;
  
  code for generating a second identifier for a tag associated with the object based on a bit-reducing scheme, the second identifier having a key predetermined portion according to the bit-reducing scheme and configured to be stored in the tag and readable by one or more tag reading devices to recognize the tag when in the presence of the tag, the second identifier being different from the first identifier and having a smaller number of bits than the first identifier;
  
  code for generating information reserved in secret from the one or more applications that associates the first identifier associated with the object with the second identifier such that the one or more applications obtain first tracking information for the object based on the first identifier, the first tracking information derived from at least one of the one or more tag reading devices in response to an authentication from reading the second identifier from the tag;
  
  code for determining a private key-public key pair for the bit-reducing scheme from a plurality of private key-public key pairs;
  
  wherein said key pair corresponds to said predetermined key portion;
  
  code for generating a first signature for the tag based on and in response to encrypting the second identifier with a selected public key in the private-key-public key pair; and
  
  code for storing the second identifier and the first signature in the tag.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable storage medium of claim 15 wherein the code for generating the first signature for the tag comprises code for generating a hash key using the second identifier and the public key with a hash function.
  - 17. The computer-readable storage medium of claim 15 further comprising:
    - code for receiving information from the tag in response to a reading of the tag using a tag reading device;
      
      code for determining the second identifier based on the received information;
      
      code for determining that the private key-public key pair corresponds to the second identifier based on the key predetermined portion of the second identifier;
      
      code for determining the first signature based on the received information; and
      
      code for authenticating the tag based on the second identifier and decrypting the first signature with a selected private key in the corresponding private key-public key pair.
  - 18. The computer-readable storage medium of claim 15 further comprising:
    - code for receiving an EPC identifier associated with an object as the first identifier; and
      
      code for generating the second identifier based on the EPC identifier.
  - 19. The computer-readable storage medium of claim 15 wherein the code for generating the information associating the first identifier associated with the object and the second identifier includes code for generating information associating the first identifier with a third identifier related to the second identifier, the computer-readable storage medium further comprising:
    - code for receiving a window for the bit-reducing scheme indicative of validity of the second identifier, the window specifying a range mask to be applied to the second identifier to generate the third identifier;
      
      code for determining the first identifier for the object based on the second identifier, the window specifying the range mask to be applied to the second identifier to generate the third identifier, and the information associating the first identifier associated with the object and the third identifier related to the second identifier; and
      
      code for generating the first tracking information for the object based on the first identifier in response to authenticating the tag.
  - 20. The computer-readable storage medium of claim 15 further comprising:
    - code for generating a third identifier for the tag associated with the object based on the bit-reducing scheme according to a rotation scheme, the third identifier having a key predetermined portion according to the bit-reducing scheme and configured to be stored in the tag, the third identifier being different from the first identifier and having a smaller number of bits than the first identifier;
      
      code for generating information reserved in secret from the one or more applications that associates the first identifier associated with the object with the third identifier for the tag such that the one or more applications obtain second tracking information from the computer system for the object based on the first identifier, the second tracking information derived from at least one of the one or more tag reading devices in response to an authentication from reading the third identifier from the tag;
      
      code for generating a second signature for the tag on based on and in response to encrypting the third identifier with the selected public key in the private key-public key pair; and
      
      code for storing the third identifier and the second signature in the tag.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Rehman, Samuelson
Primary Examiner(s)
Lee; Benjamin C
Assistant Examiner(s)
Pham; Quang

Application Number

US11/758,532
Publication Number

US 20080303667A1
Time in Patent Office

1,204 Days
Field of Search

340/572, 340/572.1, 340/825.69, 340/825.72, 340/5.8, 340/10.51, 340/10.1, 341/176, 235/385, 713/176, 713/161, 713/166, 713/167, 713/170, 713/181, 455/410, 380/280
US Class Current

340/572.1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/73   by creating or determining ...

G06F 2221/2129   Authenticate client device ...

RFID and sensor signing algorithm

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

RFID and sensor signing algorithm

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links