Method and apparatus for providing security in a radio frequency identification system

US 8,116,454 B2
Filed: 12/31/2007
Issued: 02/14/2012
Est. Priority Date: 07/23/2007
Status: Active Grant

First Claim

Patent Images

1. A radio frequency identification (RFID) tag, comprising:

a receiver configured to receive wireless communications including an authentication request, the authentication request including a first digital certificate, a transient public key, a random number, and a list identifying at least one authentication technique; and

a memory, the memory storing a firmware module, the firmware module including a security shim, the security shim being configured to;

select an authentication technique from the list identifying at least one authentication technique;

determine whether the first digital certificate is in a trust relationship with a second digital certificate that is different from said first digital certificate and that is stored in the memory;

generate a second random number; and

encrypt, using the public key, said second random number and an authentication identification identifying the selected authentication technique; and

a transmitter configured to wirelessly transmit an authentication response, the authentication response including the encrypted second random number, the encrypted authentication identification, and entity information that includes a unique identification of said RFID tag.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One aspect involves receiving by a tag of wireless communications that utilize a first security provision, and wireless communications that utilize a second security provision different from the first security provision. A different aspect involves receiving by an entity of an authentication request that is based on a first digital certificate unknown to the entity, and determining by the entity, without external authentication of the first digital certificate, whether the first digital certificate is in a trust relationship with a second digital certificate that is different from the first digital certificate and that is known to the entity.

74 Citations

View as Search Results

11 Claims

1. A radio frequency identification (RFID) tag, comprising:
- a receiver configured to receive wireless communications including an authentication request, the authentication request including a first digital certificate, a transient public key, a random number, and a list identifying at least one authentication technique; and
  
  a memory, the memory storing a firmware module, the firmware module including a security shim, the security shim being configured to;
  
  select an authentication technique from the list identifying at least one authentication technique;
  
  determine whether the first digital certificate is in a trust relationship with a second digital certificate that is different from said first digital certificate and that is stored in the memory;
  
  generate a second random number; and
  
  encrypt, using the public key, said second random number and an authentication identification identifying the selected authentication technique; and
  
  a transmitter configured to wirelessly transmit an authentication response, the authentication response including the encrypted second random number, the encrypted authentication identification, and entity information that includes a unique identification of said RFID tag.
- View Dependent Claims (2, 3, 4)
- - 2. An apparatus according to claim 1,wherein the first digital certificate defines a first level of secure access to said RFID tag;
    - andthe second digital certificate defines a second level of secure access to said RFID tag, said second level of secure access being different from said first level of secure access.
  - 3. An apparatus according to claim 1, wherein said wireless communications all conform to a predetermined communications protocol.
  - 4. An apparatus according to claim 3, wherein said communications protocol is ISO 18000-7.

5. A method of operating an RFID tag having a protocol residing in a security shim in memory, comprising:
- receiving, by said RFID tag, a wireless communication of an authentication request from an RFID interrogator, the authentication request including a first digital certificate unknown to said RFID tag, a transient public key, a random number, and a list identifying at least one authentication technique;
  
  selecting, by the RFID tag, an authentication technique from the list identifying at least one authentication technique;
  
  determining, by said RFID tag, without external authentication of said first digital certificate, whether said first digital certificate is in a trust relationship with a second digital certificate that is different from said first digital certificate and that is known to said RFID tag.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. A method according to claim 5, further comprising before said receiving:
    - generating by said RFID interrogator a transient keyset that includes the public key and a corresponding private key;
      
      generating by said RFID interrogator the random number; and
      
      transmitting by said RFID interrogator said authentication request.
  - 7. A method according to claim 5, further comprising:
    - generating, by said RFID tag, a second random number;
      
      encrypting, by said RFID tag, using said public key, said second random number and an authentication identification identifying said selected authentication technique; and
      
      transmitting, by said RFID tag, to the RFID interrogator a communication that includes said encrypted second random number, said encrypted authentication identification, and entity information that includes a unique identification of said RFID tag.
  - 8. A method according to claim 7, further comprising:
    - receiving in said authentication request an identification of at least one encryption technique;
      
      selecting by said RFID tag an encryption technique identified in said authentication request;
      
      wherein said encrypting by said RFID tag includes encrypting an encryption identification identifying said selected encryption technique; and
      
      wherein said transmitting includes transmitting said encrypted encryption identification in said communication.
  - 9. A method according to claim 7, including after said transmitting:
    - receiving by said RFID interrogator said communication;
      
      decrypting by said RFID interrogator, using a private key corresponding to said public key, said encrypted second random number and authentication identification;
      
      computing by said RFID interrogator, according to said selected authentication technique, an authentication value;
      
      generating by said RFID interrogator a third random number;
      
      signing, using said private key, information that includes said authentication value and said third random number; and
      
      transmitting by said RFID interrogator said information signed by said private key.
  - 10. A method according to claim 7, including after said transmitting:
    - receiving by said RFID tag information signed with a private key corresponding to said public key, said information including a first authentication value computed according to said selected authentication technique, and a third random number;
      
      verifying by said RFID tag, using said public key, the signature of said signed information;
      
      computing by said RFID tag a second authentication value according to said selected authentication technique;
      
      comparing by said RFID tag said first and second authentication values to verify they are the same;
      
      deriving by said RFID tag, using the selected technique, a cryptographic keyset as a function of said source information, said RFID tag information, and said first, second and third random numbers; and
      
      transmitting by said RFID tag a selected communication to the RFID interrogator.
  - 11. A method according to claim 10, including after said transmitting of said selected communication:
    - receiving by said RFID interrogator said selected communication; and
      
      deriving by said RFID interrogator, using said selected technique, said cryptographic keyset as a function of said RFID interrogator information, said RFID tag information, and said first, second and third random numbers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Savi Technology Incorporated
Original Assignee
Savi Technology Incorporated
Inventors
Balabine, Igor V., Cargonja, Nikola, Evans, Allan M., Zhu, Liping Julia, Shiledar, Devendra, Stough, Stephen Alan
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
WYSZYNSKI, AUBREY H

Application Number

US11/967,951
Publication Number

US 20090028333A1
Time in Patent Office

1,506 Days
Field of Search

380/258, 380/270, 380/282, 380/30, 380/44, 726/14
US Class Current

380/258
CPC Class Codes

G06K 19/0723   the record carrier comprisi...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/0471   applying encryption by an i...

H04L 63/0492   by using a location-limited...

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

H04L 63/105   Multiple levels of security

H04W 12/069   using certificates or pre-s...

Method and apparatus for providing security in a radio frequency identification system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

74 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing security in a radio frequency identification system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links