RFID tag authentication with public-key cryptography

US 9,111,283 B1
Filed: 12/14/2014
Issued: 08/18/2015
Est. Priority Date: 06/14/2010
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a Radio Frequency Identification (RFID) tag, the method comprising:

retrieving a tag public key (TPK), an item identifier (II), and an electronic signature (ES) from the tag, the ES computed over at least the TPK and the II;

retrieving a signing-authority public key (SAPK) associated with the ES;

verifying, using the SAPK and the ES, the TPK and the II;

challenging the tag with a challenge;

receiving a response from the tag; and

authenticating the tag by verifying the response using the TPK.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication method includes RFID readers authenticating RFID tags using public-key cryptography. A tag manufacturer or other legitimate authority produces a tag private-public key pair and stores the tag private key in externally unreadable tag memory and the tag public key in externally readable tag memory. The authority produces a master private-public key pair and distributes the master public key to readers in the field. The authority generates a tag-specific electronic signature based on at least the tag public key and the master private key and stores this signature in externally readable tag memory. A reader authenticates the tag by retrieving the tag public key and electronic signature from the tag, verifying the authenticity of the tag public key using the master public key and the electronic signature, challenging the tag, receiving a response from the tag to the challenge, and verifying the response using the tag public key.

32 Citations

View as Search Results

20 Claims

1. A method for authenticating a Radio Frequency Identification (RFID) tag, the method comprising:
- retrieving a tag public key (TPK), an item identifier (II), and an electronic signature (ES) from the tag, the ES computed over at least the TPK and the II;
  
  retrieving a signing-authority public key (SAPK) associated with the ES;
  
  verifying, using the SAPK and the ES, the TPK and the II;
  
  challenging the tag with a challenge;
  
  receiving a response from the tag; and
  
  authenticating the tag by verifying the response using the TPK.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the tag is embedded into or onto an item associated with the II.
  - 3. The method of claim 1, wherein the II comprises one or more of:
    - a tag identifier (TID), a unique item identifier (UII), an electronic product code (EPC), and a serialized trade identification number (SGTIN).
  - 4. The method of claim 1, wherein the ES is computed from the TPK, the II, and a signing-authority private key (SAPRK) associated with the SAPK.
  - 5. The method of claim 1, wherein at least one of:
    - the challenge includes a random number and verifying the response includes decrypting the response using the TPK; and
      
      the challenge includes a random number encrypted using the TPK and verifying the response includes comparing the response with the random number.
  - 6. The method of claim 1, wherein the challenge is generated from at least a reader random number and a tag random number.
  - 7. The method of claim 1, wherein computing the response further comprises computing the response from at least the challenge, a tag private key (TPRK), and a tag random number using a cryptographic algorithm.
  - 8. The method of claim 1, wherein sending the TPK precedes receiving the challenge.

9. A method for a Radio Frequency Identification (RFID) tag integrated circuit (IC) to authenticate itself to an RFID reader system, the IC storing a tag public key (TPK) and a tag private key (TPRK) corresponding to the TPK, the method comprising:
- sending the TPK, an item identifier (II), and an electronic signature (ES) to the reader system, the ES computed over at least the TPK and the II, thereby enabling the reader system to;
  
  retrieve a signing-authority public key (SAPK) associated with the ES; and
  
  verify the TPK and the II using the SAPK and the ES;
  
  receiving a challenge from the reader system;
  
  computing a response based on the challenge and the TPRK; and
  
  sending the response to the reader system, thereby enabling the reader system to authenticate the IC by verifying the response using the TPK.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein the IC is embedded into or onto an item associated with the II.
  - 11. The method of claim 9, wherein the ES is computed from the TPK, the II, and a signing-authority private key (SAPRK) associated with the SAPK.
  - 12. The method of claim 9, wherein at least one of:
    - the challenge includes a random number and verifying the response includes decrypting the response using the TPK; and
      
      the challenge includes a random number encrypted using the TPK and verifying the response includes comparing the response with the random number.
  - 13. The method of claim 9, wherein the challenge is generated from at least a reader random number and a tag random number.
  - 14. The method of claim 9, wherein computing the response further comprises computing the response from at least the challenge, the TPRK, and a tag random number using a cryptographic algorithm.
  - 15. The method of claim 9, wherein sending the TPK to the reader system precedes receiving the challenge from the reader system.

16. A method for a Radio Frequency Identification (RFID) reader system to authenticate an RFID tag, the method comprising:
- retrieving a tag public key (TPK), an item identifier (II), and an electronic signature (ES), the ES computed over at least the TPK and the II, from the tag;
  
  retrieving a signing-authority public key (SAPK) associated with the ES;
  
  verifying, using the SAPK and the ES, the TPK and the II;
  
  challenging the tag with a challenge;
  
  receiving a response from the tag; and
  
  authenticating the tag by verifying the response using the TPK.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the tag is embedded into or onto an item associated with the II.
  - 18. The method of claim 16, wherein the ES is computed from the TPK, the II, and a signing-authority private key (SAPRK) associated with the SAPK.
  - 19. The method of claim 16, wherein at least one of:
    - the challenge includes a random number and verifying the response includes decrypting the response using the TPK; and
      
      the challenge includes a random number encrypted using the TPK and verifying the response includes comparing the response with the random number.
  - 20. The method of claim 16, wherein the challenge is generated from at least a reader random number and a tag random number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Impinj, Inc.
Original Assignee
Impinj, Inc.
Inventors
Diorio, Christopher J., Cooper, Scott A.
Primary Examiner(s)
Nguyen, Nam V

Application Number

US14/569,779
Time in Patent Office

247 Days
Field of Search

380/25, 380/45, 713/176, 713/180, 713/169, 705/76
US Class Current

1/1
CPC Class Codes

G06Q 30/0185   Product, service or busines...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

H04W 4/80   Services using short range ...

RFID tag authentication with public-key cryptography

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

RFID tag authentication with public-key cryptography

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links