Method for transferring data, a computer program product, a data provision and a data receiving device and a communication system

US 8,459,550 B2
Filed: 02/02/2006
Issued: 06/11/2013
Est. Priority Date: 02/04/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing an initial variable number as a current data-provision-device-variable-number;

providing a new variable number as a next data-provision-device-variable-number;

providing a current data-provision-device-authenticity-indicator as a function of the current data-provision-device-variable-number and an initial authenticity-indicator;

providing a next data-provision-device-authenticity-indicator as a function of the current data-provision-device-authenticity indicator and the next data-provision-device-variable number;

determining a data-authenticity-indicator as a function of a provision data, the provision data including the current data-provision-device-variable-number, the next data-provision-device-authenticity-indicator, and a message data, wherein the determining is performed by one or more processors; and

sending a message to a data receiving device, the message including the provision data and the data-authenticity-indicator.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present application relates to a method for transferring data, a computer program product, a data provision device, a data receiving device and a communication system, in particular to authentication/verification of data provided between one or more radio frequency identification reader(s) and one or more radio frequency identification transponder(s). In some embodiments, the method includes an initializing step and a data provisioning step.

Citations

23 Claims

1. A method comprising:
- providing an initial variable number as a current data-provision-device-variable-number;
  
  providing a new variable number as a next data-provision-device-variable-number;
  
  providing a current data-provision-device-authenticity-indicator as a function of the current data-provision-device-variable-number and an initial authenticity-indicator;
  
  providing a next data-provision-device-authenticity-indicator as a function of the current data-provision-device-authenticity indicator and the next data-provision-device-variable number;
  
  determining a data-authenticity-indicator as a function of a provision data, the provision data including the current data-provision-device-variable-number, the next data-provision-device-authenticity-indicator, and a message data, wherein the determining is performed by one or more processors; and
  
  sending a message to a data receiving device, the message including the provision data and the data-authenticity-indicator.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 23)
- - 2. The method according to-claim 1, wherein the provision data includes at least one of:
    - data provision device identification data; and
      
      data receiving device identification data.
  - 3. The method according to-claim 1, wherein at least one of the current data-provision-device-authenticity-indicator, the next data-provision-device-authenticity-indicator, the data-authenticity-indicator, a test-data-authenticity-indicator, and a test-authenticity-indicator is calculated using a one-way-function, in particular accordance with at least one of the following formulas:
    - PDAI_i=h₁(PDVN_i,AI₀),
      PDAI_i+1=h₁(PDVN_i+1,PDAI_i),
      DataAI=h₂(DataP),
      DataAI_test=h₂(DataP) and
      AI_test=h₁(RDVN_i,RDAI_i−
      
      1),whereinAI₀represents the initial-authenticity-indicator,PDVN_irepresents the current data-provision-device-variable-number,PDVN_i+1represents the next data-provision-device-variable-number,DataP represents the provision data,RDAI_i−
      
      1represents the foregoing data-receiving-device-authenticity-indicator,RDVN_irepresents the current data-receiving-device-variable-number,PDAI_irepresents the current data-provision-device-authenticity-indicator,PDAI_i+1represents the next data-provision-device-authenticity-indicator,DataAI represents the data-authenticity-indicator,DataAI_testrepresents the test-data-authenticity-indicator,AI_testrepresents the test-authenticity-indicator, andh₁and h₂represent the one way functions.
  - 4. The method according to claim 3, wherein the one way functions are hash functions.
  - 5. The method according to claim 3, wherein the one way functions are chosen from the set of hash functions comprising at least:
    - SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD2, MD4, MD5 and RIPEMD-160, Snefru, Tiger and Whirlpool.
  - 6. The method according to claim 1, wherein the message data comprises computer program code to be carried out by the data-receiving-device.
  - 7. The method according to claim 1, wherein the step of providing the provision data to the data receiving device includes sending the provision data via radio channel.
  - 8. The method according to claim 1, wherein the data provision device comprises a radio frequency transmitter.
  - 9. The method according to claim 1, wherein the data-receiving-device comprises a radio frequency receiver.
  - 12. The method of claim 1, further comprising:
    - setting the next data-provision-device-variable-number as the current data-provision-device-variable-number;
      
      setting the next data-provision-device-authenticity-indicator as the current data-provision-device-authenticity-indicator;
      
      providing a new variable number as the next data-provision-device-variable-number;
      
      generating an additional next data-provision-device-authenticity-indicator as a function of the current data-provision-device-authenticity-indicator and the next data-provision-device-variable-number;
      
      determining an additional data-authenticity-indicator as a function of an additional provision data, the additional provision data including the current data-provision-device-variable-number, the next data-provision-device-authenticity-indicator, and an additional message data, wherein the determining is performed by one or more processors; and
      
      sending an additional message to the data receiving device, the additional message including the additional provision data and the additional data-authenticity-indicator.
  - 13. The method of claim 1, further comprising generating at least one of the initial authenticity-indicator, the current provision-device variable number, and the next data-provision-device-variable number using a pseudo-random number generator.
  - 14. The method of claim 1, further comprising sending the initial authenticity-indicator to a data receiving device or receiving the initial authenticity-indicator from the data receiving device by bringing a data provision device into physical contact with the data receiving device or using a radio frequency communication in a secure environment.
  - 23. The method of claim 1, wherein the provision data is not encrypted by the data provision device.

10. A data provision device comprising:
- a variable number generating device to provide an initial variable number as a current data-provision-device-variable-number and to provide a new variable number as a next data-provision-device-variable-number;
  
  a data-provision-device-authenticity-indicator generating device to provide a data-provision-device-authenticity-indicator as a function of the current data-provision-device-variable-number and an initial authenticity-indicator and to provide a next data-provision-device-authenticity-indicator as a function of the current data-provision-device-authenticity indicator and the next data-provision-device-variable-number;
  
  a data-authenticity-indicator generating device to provide a data-authenticity-indicator as a function of the provision data, the provision data including the current data-provision-device-variable-number, the next data-provision-device-authenticity-indicator, and a message data; and
  
  a provision data provision device to send a message from a data provision device to a data receiving device, the message including the provision data and the data-authenticity-indicator.
- View Dependent Claims (11)
- - 11. The data provision device according to claim 10, wherein the provision data provision device comprises a radio frequency emitter.

15. A method comprising,receiving a message from a data provision device, the message including a provision data and a data-authenticity-indicator, the provision data including a current data-provision-device-variable-number and a message data;
- computing a test data-authenticity-indicator as a function of the provision data;
  
  comparing the data-authenticity indicator with the test-data-authenticity-indicator, wherein the comparing is performed by one or more processors;
  
  setting an initial-authenticity-indicator as a foregoing receiving-device-authenticity-indicator;
  
  setting the current data-provision-device-variable as a current data-receiving-device-variable number;
  
  based on the comparing of the data-authenticity indicator with the test-data-authenticity indicator;
  
  computing a test authenticity-indicator as a function of the foregoing receiving-device-authenticity-indicator and the current data-receiving-device-variable-number;
  
  comparing a current receiving-device-authenticity-indicator with the test authenticity-indicator; and
  
  accepting the message data based on the comparing of the current authenticity-indicator with the test authenticity-indicator.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising:
    - receiving an additional message from the data provision device, the additional message including an additional provision data and an additional data-authenticity-indicator, the additional data-authenticity-indicator being a function of the additional provision data;
      
      computing an additional test data-authenticity-indicator as a function of the additional provision data; and
      
      comparing the additional data-authenticity indicator with the additional test-data-authenticity-indicator.
  - 17. The method of claim 16, wherein:
    - the provision data includes a next data-provision-device-authenticity-indicator, the next data-provision-device-authenticity-indicator being a function of a current data-provision-device-authenticity-indicator and a next data-provision-device-variable-number, the current data-provision-device-authenticity-indicator being a function of the current data-provision-device-variable-number and the initial authenticity-indicator; and
      
      the additional provision data includes;
      
      an additional next data-provision-device-authenticity-indicator; and
      
      an additional current data-provision-device-variable number; and
      
      the method further comprises;
      
      setting the next data-provision-device-authenticity-indicator as the next data-receiving-device-authenticity-indicator;
      
      setting the next data-receiving-device-authenticity-indicator as a foregoing receiving-device-authenticity-indicator;
      
      setting the next data-receiving-device-authenticity-indicator as the current receiving-device-authenticity-indicator;
      
      setting the additional next data-receiving-device-authenticity-indicator as the next receiving-device-authenticity-indicator;
      
      setting the additional current data-receiving-device-variable number as the current data-provision-device-variable number;
      
      based on the comparing of the additional data-authenticity indicator with the additional test-data-authenticity;
      
      computing an additional test authenticity-indicator as a function of the foregoing receiving-device-authenticity-indicator and the current data-receiving-device-variable-number;
      
      comparing the current receiving-device-authenticity-indicator with the additional test authenticity-indicator; and
      
      accepting the additional message data based on the comparing of the current authenticity-indicator with the additional test authenticity-indicator.
  - 18. The method of claim 15, further comprising:
    - receiving a current data-provision-device-authenticity-indicator from the data provision device; and
      
      setting the current data-provision-device-authenticity-indicator as the current data-receiving-device-authenticity-indicator.
  - 19. The method of claim 15, thither comprising generating the initial authenticity-indicator or receiving the initial authenticity-indicator from the data provision device in a secure way during an initialization operation.
  - 20. The method of claim 15, further comprising calculating the current data-receiving-device-authenticity-indicator as a function of the current data-receiving-device-variable-number and the initial authenticity-indicator.

21. A data receiving device comprising:
- a provision data receiving device to receive a message from a data provision device, the message including a provision data and a data-authenticity-indicator, the data-authenticity-indicator being a function of the provision data, the provision data including a current data-provision-device-variable-number and a message data;
  
  a test-data-authenticity-indicator generating device to compute a test-data-authenticity-indicator as a function of the provision data; and
  
  a comparing device to compare the data-authenticity indicator with the test-data-authenticity-indicator; and
  
  wherein the data receiving device is further to;
  
  set an initial-authenticity-indicator as a foregoing receiving-device-authenticity-indicator;
  
  set the current data-provision-device-variable number as a current data-receiving-device-variable number; and
  
  based on the comparing of the data-authenticity indicator with the test-data-authenticity indicator the comparing device is further to;
  
  compute a test authenticity-indicator as a function of the foregoing receiving-device-authenticity-indicator and the current data-receiving-device-variable-number;
  
  compare a current receiving-device-authenticity-indicator with the test authenticity-indicator; and
  
  accept the message data based on the comparing of the current authenticity-indicator with the test authenticity-indicator.

22. A computer program product, in particular stored on a computer-readabie storage medium which, when loaded on a data receiving device, carries out a method, the method comprising:
- receiving a message, the message including provision data, the provision data including a message data, the message data including a program code; and
  
  carrying out the program code based on an identification that the provision data came from an authorized data provision device and an identification that the provision data was not replaced or altered by a third party, wherein;
  
  the message includes a data-authenticity indicator;
  
  the identification that the provision data was not replaced or altered by a third party is based on a comparison between the data-authenticity-indicator and a test-data-authenticity-indicator, the test-data-authenticity indicator being a function of an indicator exchanged in a secure way between the data receiving device and the data provision before the receiving of the message;
  
  the message is a first message;
  
  the provision data includes a first variable-number; and
  
  the identification that the provision data came from an authorized data provision device is based on a comparison of current authenticity-indicator and a test authenticity-indicator, the current-authenticity-indicator received before the sending of the first message during an initialization operation or as a next data-authenticity-indicator of a second message, the test authenticity-indicator being a function of a foregoing authenticity-indicator and the first variable-number, the foregoing authenticity-indicator received during an initialization operation or as a next data-authenticity-indicator of a third message, the second message preceding the first message by one, the third message preceding the first message by two.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Nochta, Zoltan
Primary Examiner(s)
Lee, Michael G
Assistant Examiner(s)
Mikels, Matthew

Application Number

US11/347,112
Publication Number

US 20060186200A1
Time in Patent Office

2,686 Days
Field of Search

235/380, 235/382, 235/383, 235/375
US Class Current

235/382
CPC Class Codes

H04L 2209/805 Lightweight hardware, e.g. ...

H04L 9/3236 using cryptographic hash fu...

Method for transferring data, a computer program product, a data provision and a data receiving device and a communication system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method for transferring data, a computer program product, a data provision and a data receiving device and a communication system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links