Method and system for validating a device that uses a dynamic identifier

US 8,412,638 B2
Filed: 12/23/2008
Issued: 04/02/2013
Est. Priority Date: 12/20/2007
Status: Active Grant

First Claim

Patent Images

1. A method for execution by a processing entity of a reader, the method comprising:

receiving a first signature from a device over a communication pathway;

decrypting the first signature with a computing apparatus to obtain a candidate identifier and a candidate scrambling code;

consulting a storage entity to obtain a set of other scrambling codes associated with the candidate identifier, the other scrambling codes having been encoded in signatures received before the first signature;

validating the first signature based on a comparison of the candidate scrambling code to the set of other scrambling codes associated with the candidate identifier; and

updating the set of other scrambling codes associated with the candidate identifier to include the candidate scrambling code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method that comprises obtaining a currently received signature from a device; obtaining a candidate identifier associated with the device; consulting a database to obtain a set of previously received signatures associated with the candidate identifier; and validating the currently received signature based on a comparison of the currently received signature to the set of previously received signatures associated with the candidate identifier. Also, a method that comprises obtaining a currently received signature from a device; decrypting the currently received signature to obtain a candidate identifier; and a candidate scrambling code; consulting a database to obtain a set of previously received scrambling codes associated with the candidate identifier; and validating the currently received signature based on a comparison of the candidate scrambling code to the set of previously received scrambling codes associated with the candidate identifier.

80 Citations

View as Search Results

39 Claims

1. A method for execution by a processing entity of a reader, the method comprising:
- receiving a first signature from a device over a communication pathway;
  
  decrypting the first signature with a computing apparatus to obtain a candidate identifier and a candidate scrambling code;
  
  consulting a storage entity to obtain a set of other scrambling codes associated with the candidate identifier, the other scrambling codes having been encoded in signatures received before the first signature;
  
  validating the first signature based on a comparison of the candidate scrambling code to the set of other scrambling codes associated with the candidate identifier; and
  
  updating the set of other scrambling codes associated with the candidate identifier to include the candidate scrambling code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method defined in claim 1, wherein decrypting the first signature is performed using a decryption key, the method further comprising receiving an index accompanying the first signature;
    - and consulting a database that stores potential keys associated with respective indexes to identify the decryption key as the potential key associated with the index accompanying the first signature.
  - 3. The method defined in claim 1, further comprising consulting a database comprising a plurality of potential keys;
    - wherein the decrypting is performed using a first one of the potential keys.
  - 4. The method defined in claim 3, further comprising comparing the candidate identifier to a set of expected identifiers and, if there is no match, repeating the decrypting using another one of the potential keys until occurrence of:
    - (i) a match between the candidate identifier and one of the expected identifiers; and
      
      (ii) exhaustion of all potential keys without finding a match between the candidate identifier and any of the expected identifiers.
  - 5. The method defined in claim 4, further comprising concluding that the validation is unsuccessful in the case of exhaustion of all potential keys without finding a match between the candidate identifier and any of the expected identifiers.
  - 6. The method defined in claim 1, wherein validating comprises determining whether the candidate scrambling code is a member of the set of other scrambling codes associated with the candidate identifier.
  - 7. The method defined in claim 6, further comprising concluding that the validating is unsuccessful if the determining indicates that the candidate scrambling code is a member of the set of other scrambling codes associated with the candidate identifier.
  - 8. The method defined in claim 6, further comprising concluding that the validating is not unsuccessful if the determining indicates that the candidate scrambling code is not a member of the set of other scrambling codes associated with the candidate identifier.
  - 9. The method defined in claim 6, further comprising updating the set of other scrambling codes associated with the candidate identifier to include the candidate scrambling code.
  - 10. The method defined in claim 1, wherein validating comprises determining a number of times that a signature encoding the candidate scrambling code was received before the first signature.
  - 11. The method defined in claim 10, further comprising concluding that the validating is unsuccessful if the determining indicates that the number of times that a signature encoding the candidate scrambling code was received before the first signature is more than a pre-determined number of times.
  - 12. The method defined in claim 1, wherein validating comprises determining how long ago the candidate scrambling code was first received.
  - 13. The method defined in claim 12, further comprising concluding that the validating is unsuccessful if the determining indicates that the candidate scrambling code was first received more than a pre-determined time interval ago.
  - 14. The method defined in claim 1, wherein the communication pathway comprises a contact-less channel, further comprising issuing a read request to the device over the contact-less channel, wherein receiving the first signature occurs over the contact-less channel subsequent to issuing of the read request.
  - 15. The method defined in claim 1, wherein the communication pathway is non-secure pathway.
  - 16. The method defined in claim 1, wherein the non-secure pathway traverses the Internet.
  - 17. The method defined in claim 1, wherein if the validating is successful, the method further comprises granting access to a resource and wherein if the validating is unsuccessful, the method further comprises denying access to the resource.
  - 18. The method defined in claim 17, wherein the resource comprises at least one of:
    - computing equipment, a computer network, a building, a portion of a building, an entrance, an exit and a vehicle.
  - 19. The method defined in claim 17, wherein the resource comprises at least one of an online resource and a financial resource.
  - 20. The method defined in claim 1, wherein if the validating is successful, the method further comprises authorizing an attempted transaction and wherein if the validating is unsuccessful, the method further comprises denying the attempted transaction.
  - 21. The method defined in claim 20, wherein the transaction comprises a financial transaction.

22. A computer-readable storage medium comprising computer-readable program code which, when interpreted by a computing apparatus, causes the computing apparatus to execute a method that includes:
- receiving a first signature from a device;
  
  decrypting the first signature to obtain a candidate identifier and a candidate scrambling code;
  
  consulting a database to obtain a set of other scrambling codes associated with the candidate identifier, the other scrambling codes having been encoded in signatures received before the first signature;
  
  validating the first signature based on a comparison of the candidate scrambling code to the set of other scrambling codes associated with the candidate identifier; and
  
  updating the set of other scrambling codes associated with the candidate identifier to include the candidate scrambling code.

23. A system for processing signatures received from devices, comprising:
- an interrogation portion configured to receive a first signature from a particular device; and
  
  a processing portion configured to;
  
  decrypt the first signature in order to obtain a candidate identifier and a candidate scrambling code;
  
  consult a database in order to obtain a set of other scrambling codes associated with the candidate identifier, the other scrambling codes having been encoded in signatures received before the first signature;
  
  validate the first signature based on a comparison of the candidate scrambling code to the set of other scrambling codes associated with the candidate identifier; and
  
  update the set of other scrambling codes associated with the candidate identifier to include the candidate scrambling code.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 24. The system defined in claim 23, further comprising a network controller communicatively coupled to the interrogation portion and configured to implement the processing portion.
  - 25. The system defined in claim 23, wherein to validate the first signature, the processing portion is configured to carry out a determination of whether the candidate scrambling code is a member of the set of other scrambling codes associated with the candidate identifier.
  - 26. The system defined in claim 25, wherein the processing portion is further configured to conclude that validation of the first signature is unsuccessful if the determination indicates that the candidate scrambling code is a member of the set of other scrambling codes associated with the candidate identifier.
  - 27. The system defined in claim 25, wherein the processing portion is further configured to conclude that the validation of the first signature is not unsuccessful if the determination indicates that the candidate scrambling code is not a member of the set of other scrambling codes associated with the candidate identifier.
  - 28. The system defined in claim 25, wherein the processing portion is one among a plurality of processing portions spatially distributed over a plurality of sites, the processing portions being communicatively coupled to one another to enable the determination to be made jointly by the plurality of processing portions.
  - 29. The system defined in claim 23, wherein the processing portion is distributed among a plurality of spatially distributed sites.
  - 30. The system defined in claim 23, wherein the interrogation portion is one among a plurality of interrogation portions spatially distributed over a plurality of sites.
  - 31. The system defined in claim 23, wherein to validate the first signature, the processing portion is configured to effect a determination of a number of times that a signature encoding the candidate scrambling code was received before the first signature.
  - 32. The system defined in claim 31, wherein the processing portion is further configured to conclude that validation of the first signature is unsuccessful if the determination is indicative that the number of times that a signature encoding the candidate scrambling code was received before the first signature is more than a pre-determined number of times.
  - 33. The system defined in claim 23, wherein to validate the first signature, the processing portion is configured to effect a determination of how long ago the candidate scrambling code was first received.
  - 34. The system defined in claim 33, wherein the processing portion is further configured to conclude that validation of the first signature is unsuccessful if the determination is indicative of the candidate scrambling code having been first received more than a pre-determined time interval ago.
  - 35. The system defined in claim 23, wherein if the validating is successful, the processing portion is configured to grant access to a resource and wherein if the validating is unsuccessful, the processing portion is configured to deny access to the resource.
  - 36. The system defined in claim 35, wherein the resource comprises at least one of:
    - computing equipment, a computer network, a building, a portion of a building, an entrance, an exit and a vehicle.
  - 37. The system defined in claim 35, wherein the resource comprises at least one of an online resource and a financial resource.
  - 38. The system defined in claim 23, wherein if the validating is successful, the processing portion is configured to authorize an attempted transaction and wherein if the validating is unsuccessful, the processing portion is configured to deny the attempted transaction.
  - 39. The system defined in claim 38, wherein the transaction comprises a financial transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BCE Incorporated
Original Assignee
BCE Incorporated
Inventors
Yeap, Tet Hin, O'Brien, William G.
Primary Examiner(s)
OBEID, MAMON A

Application Number

US12/343,268
Publication Number

US 20090216679A1
Time in Patent Office

1,561 Days
Field of Search

726/2, 726/4, 726/5, 726/9, 726/10, 726/27, 726/30, 705/64, 705/65, 705/67, 235/375, 235/382, 235/382.5
US Class Current

705/71
CPC Class Codes

G06F 21/43   wireless channels

G06F 21/79   in semiconductor storage me...

G06F 9/445   Program loading or initiati...

G06Q 10/087   Inventory or stock manageme...

G06Q 20/02   involving a neutral party, ...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/401   Transaction verification

G06Q 20/40975   using encryption therefor

G06Q 20/425   using two different network...

G07F 7/1008   Active credit-cards provide...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2209/84   Vehicles

H04L 63/0823   using certificates cryptogr...

H04L 63/0846   using time-dependent-passwo...

H04L 63/126   the source of the received ...

H04L 9/3247 : involving digital signatures

H04W 12/08 : Access security

H04W 12/10 : Integrity

H04W 12/47 : using near field communicat...

View All

Method and system for validating a device that uses a dynamic identifier

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

80 Citations

39 Claims

Specification

Use Cases

Quick Links

Others

Method and system for validating a device that uses a dynamic identifier

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

39 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others