Method, system, and device for generating, storing, using, and validating tags and data
First Claim
Patent Images
1. A smart tag, comprising:
- data storage configured to store tag data, an address of an authentication service, a cryptographic key, and a changeable data part that is initially stored in the data storage with an initial value and is changed to a new and non-repeated value after each use of the smart tag;
a Tag Authentication Cryptogram (TAC) module that invokes a cryptographic engine to utilize the cryptographic key and the changeable data part to generate a unique TAC in response to receiving a read request from a reading device; and
a communication interface that enables the TAC module to transmit the unique TAC along with the tag data and the address of the authentication service to the reading device, wherein the reading device is enabled to validate the smart tag by requesting a signature certificate for the unique TAC from the authentication service prior to the reading device executing one or more instructions contained in the tag data, wherein the authentication service receives the unique TAC from the reading device, validates the unique TAC and subsequently issues the signature certificate to the reading device.
1 Assignment
0 Petitions
Accused Products
Abstract
A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag (308) is enabled to generate a Tag Authentication Cryptogram (TAC) and include the TAC in a data signature transmitted (S305) to a reading device (304). The data signature can be forwarded by the reading device (304) to an authentication service (340) that will issue a valid signature certificate (S309) if the TAC is determined to be unique and correct. Upon receiving the valid signature certificate, the reading device (304) can validate other data read from the smart tag (308) based on the increased trust relationship between the smart tag (308) and reading device (304).
-
Citations
15 Claims
-
1. A smart tag, comprising:
-
data storage configured to store tag data, an address of an authentication service, a cryptographic key, and a changeable data part that is initially stored in the data storage with an initial value and is changed to a new and non-repeated value after each use of the smart tag; a Tag Authentication Cryptogram (TAC) module that invokes a cryptographic engine to utilize the cryptographic key and the changeable data part to generate a unique TAC in response to receiving a read request from a reading device; and a communication interface that enables the TAC module to transmit the unique TAC along with the tag data and the address of the authentication service to the reading device, wherein the reading device is enabled to validate the smart tag by requesting a signature certificate for the unique TAC from the authentication service prior to the reading device executing one or more instructions contained in the tag data, wherein the authentication service receives the unique TAC from the reading device, validates the unique TAC and subsequently issues the signature certificate to the reading device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of operating a smart tag, comprising:
-
receiving, at the smart tag, a read request from a reading device; in response to receiving the read request, generating, at the smart tag, a data object that includes tag data and response-specific data, the response-specific data including a signature value, a unique certificate Universal Resource Locator (URL), and a changeable data part that is initially stored in the smart tag with an initial value and is changed to a new and non-repeated value after each use of the smart tag; and transmitting the data object from the smart tag to the reading device via a proximity-based Radio Frequency (RF) protocol, wherein the reading device validates the smart tag by requesting a signature certificate for the response-specific data from an authentication service prior to the reading device executing one or more instructions contained in the tag data, wherein the authentication service receives the response-specific data from the reading device, validates the response-specific data and subsequently issues the signature certificate to the reading device. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A method of authenticating a smart tag, comprising:
-
receiving, at an authentication service from a reading device, a request for a signature certificate, wherein the request for the signature certificate includes a Tag Authentication Cryptogram (TAC) generated by the smart tag during an interaction between the smart tag and the reading device, wherein the TAC is generated using a changeable data part that is initially stored in the smart tag with an initial value and is changed to a new and non-repeated value after each use of the smart tag; analyzing the TAC to determine whether the TAC is unique and generated by a known and valid smart tag; based on the analysis of the TAC, determining that the TAC is unique and generated by the known and valid smart tag; in response to determining that the TAC is unique and generated by the known and valid smart tag, generating a valid signature certificate; and transmitting the valid signature certificate to the reading device, wherein the reading device conditions execution of instructions contained in tag data exchanged between the smart tag and reading device during the interaction upon receiving the valid signature certificate.
-
Specification