Verification of movement of items

US 8,310,346 B2
Filed: 03/11/2008
Issued: 11/13/2012
Est. Priority Date: 03/14/2007
Status: Active Grant

First Claim

Patent Images

1. An apparatus for use in verification of a route taken during movement of an RFID tag, the apparatus comprising:

a processing system having one or more processors;

sealed storage comprising a store for storing a private key and a policy; and

a trusted platform module which is operatively coupled to the sealed storage to protect the private key and policy, and which is operatively coupled to the processing system to;

(i) use the private key to provide, for the given RFID tag identity, an encrypted signature based on the policy; and

(ii) forward data comprising the encrypted signature to an RFID tag writer for writing to the RFID tag.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus and system for verifying a route taken during movement of an RFID tag, comprising a trusted platform module; sealed storage (80) comprising one or more stores (50, 52) for storing a public key (64), a private key (68) and a policy (62); and processors arranged to: receive data (60) read-out from the RFID tag (4) and comprising an RFID tag identity and an encrypted signature (9); use the public key (64) to decrypt the encrypted signature (9); verify that the decrypted signature (9) corresponds to a first entity from which, according to the policy (62), a second entity is authorised to receive the given RFID tag (4); use the private key (68) to provide an encrypted signature (9); and forward data comprising the encrypted signature (9) to an RFID tag writer (22).

Citations

16 Claims

1. An apparatus for use in verification of a route taken during movement of an RFID tag, the apparatus comprising:
- a processing system having one or more processors;
  
  sealed storage comprising a store for storing a private key and a policy; and
  
  a trusted platform module which is operatively coupled to the sealed storage to protect the private key and policy, and which is operatively coupled to the processing system to;
  
  (i) use the private key to provide, for the given RFID tag identity, an encrypted signature based on the policy; and
  
  (ii) forward data comprising the encrypted signature to an RFID tag writer for writing to the RFID tag.
- View Dependent Claims (2, 3, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The apparatus according to claim 1, further comprising:
    - one or more stores for storing a public key; and
      
      wherein the processing system in operation with the trusted platform module is further arranged to;
      
      (i) receive, from an RFID tag reader, data read-out from the RFID tag and comprising an RFID tag identity and an encrypted signature;
      
      (ii) use the public key to decrypt the encrypted signature from the data read-out from the RFID tag; and
      
      (iii) verify that the decrypted signature corresponds to a first entity from which, according to the policy, a second entity associated with the apparatus is authorised to receive an RFID tag with the given RFID tag identity.
  - 3. The apparatus according to claim 2, wherein the sealed storage further comprises one or more of the stores for storing the public key and the policy.
  - 7. The verification apparatus according to claim 1, wherein the apparatus further comprises the RFID tag reader and the RFID tag writer.
  - 8. The verification apparatus according to claim 1, arranged to allow remote attestation by a third party.
  - 9. The verification apparatus according to claim 1, wherein the processing system in operation with the trusted platform module is further arranged to report the verification to one or more third parties.
  - 10. The verification apparatus according to claim 1, wherein the processing system in operation with the trusted platform module is further arranged to raise an alarm responsive to the verifying step determining that the decrypted signature does not correspond to an entity from which the second entity is authorised to receive an RFID tag with the given RFID tag identity.
  - 11. The verification apparatus according to claim 9, wherein a third party to which verification is reported and a third party by whom remote attestation is allowed are identical.
  - 12. A system for verifying a route taken during movement of an RFID tag, the system comprising:
    - the apparatus according to claim 1
  - 13. The system according to claim 12, further comprising one or more further apparatuses.
  - 14. The system according to claim 12, further comprising a controller apparatus operatively coupled to the apparatus.
  - 15. The system according to claim 14, wherein the controller apparatus is arranged to provide one or more of a public key, the private key and the policy to one or more of the apparatuses of the system.
  - 16. The system according to claim 14, wherein the controller apparatus is arranged to perform remote attestation of one or more of the apparatus of the system.

4. A verification apparatus for use in verification of a route taken during movement of an RFID tag, the verification apparatus comprising:
- a processing system having one or more processors;
  
  sealed storage comprising one or more stores for storing a public key, a private key and a policy; and
  
  a trusted platform module which is operatively coupled to the sealed storage to protect the public key, private key and policy, and which is operatively coupled to the processing system to;
  
  (i) receive, from an RFID tag reader, data read-out from the RFID tag and comprising an RFID tag identity and an encrypted signature;
  
  (ii) use the public key to decrypt the encrypted signature from the data read-out from the RFID tag; and
  
  (iii) verify that the decrypted signature corresponds to a first entity from which, according to the policy, a second entity associated with the verification apparatus is authorised to receive an RFID tag with the given RFID tag identity.
- View Dependent Claims (5, 6)
- - 5. The verification apparatus according to claim 4,wherein the processing system in operation with trusted platform module is further arranged to:
    - (i) use the private key to provide, for the given RFID tag identity, an encrypted signature; and
      
      (ii) forward data comprising the encrypted signature to an RFID tag writer for writing to the RFID tag.
  - 6. The verification apparatus according to claim 5, wherein the sealed storage further comprises the store for storing a private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
British Telecommunications PLC (BT Group PLC)
Original Assignee
British Telecommunications PLC (BT Group PLC)
Inventors
Burbridge, Trevor, Soppera, Andrea
Primary Examiner(s)
Wu, Daniel
Assistant Examiner(s)
Littlejohn, Mancil

Application Number

US12/531,143
Publication Number

US 20100109851A1
Time in Patent Office

1,708 Days
Field of Search

340/5.92, 340/10.1, 340/10.42, 340/572.1, 340/572.4, 340/572.7, 340/572.8, 340/825.32, 235/375, 235/383, 235/385, 235/440, 700/30, 705/1, 705/75, 380/270, 380/282, 713/155, 713/162, 713/172, 713/176, 713/180
US Class Current

340/10.42
CPC Class Codes

G06Q 10/08   Logistics, e.g. warehousing...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0897   involving additional device...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04L 9/50   using hash chains, e.g. blo...

Verification of movement of items

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Verification of movement of items

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links