Method, system, and device for generating, storing, using, and validating tags and data

US 9,825,941 B2
Filed: 03/06/2014
Issued: 11/21/2017
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A smart tag, comprising:

data storage configured to store tag data, an address of an authentication service, a cryptographic key, and a changeable data part that is initially stored in the data storage with an initial value and is changed to a new and non-repeated value after each use of the smart tag;

a Tag Authentication Cryptogram (TAC) module that invokes a cryptographic engine to utilize the cryptographic key and the changeable data part to generate a unique TAC in response to receiving a read request from a reading device; and

a communication interface that enables the TAC module to transmit the unique TAC along with the tag data and the address of the authentication service to the reading device, wherein the reading device is enabled to validate the smart tag by requesting a signature certificate for the unique TAC from the authentication service prior to the reading device executing one or more instructions contained in the tag data, wherein the authentication service receives the unique TAC from the reading device, validates the unique TAC and subsequently issues the signature certificate to the reading device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag (308) is enabled to generate a Tag Authentication Cryptogram (TAC) and include the TAC in a data signature transmitted (S305) to a reading device (304). The data signature can be forwarded by the reading device (304) to an authentication service (340) that will issue a valid signature certificate (S309) if the TAC is determined to be unique and correct. Upon receiving the valid signature certificate, the reading device (304) can validate other data read from the smart tag (308) based on the increased trust relationship between the smart tag (308) and reading device (304).

Citations

15 Claims

1. A smart tag, comprising:
- data storage configured to store tag data, an address of an authentication service, a cryptographic key, and a changeable data part that is initially stored in the data storage with an initial value and is changed to a new and non-repeated value after each use of the smart tag;
  
  a Tag Authentication Cryptogram (TAC) module that invokes a cryptographic engine to utilize the cryptographic key and the changeable data part to generate a unique TAC in response to receiving a read request from a reading device; and
  
  a communication interface that enables the TAC module to transmit the unique TAC along with the tag data and the address of the authentication service to the reading device, wherein the reading device is enabled to validate the smart tag by requesting a signature certificate for the unique TAC from the authentication service prior to the reading device executing one or more instructions contained in the tag data, wherein the authentication service receives the unique TAC from the reading device, validates the unique TAC and subsequently issues the signature certificate to the reading device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The smart tag of claim 1, wherein the data storage includes a secure element that stores at least one of the tag data, the address of the authentication service, and the cryptographic key in an encrypted fashion.
  - 3. The smart tag of claim 1, wherein the address of the authentication service comprises a Universal Resource Locator (URL) and wherein the unique TAC is appended to the URL when transmitted to the reading device.
  - 4. The smart tag of claim 3, wherein the unique TAC and URL are used to request the signature certificate from the authentication service, wherein if the signature certificate is valid and received at the reading device, the smart tag is validated to the reading device.
  - 5. The smart tag of claim 1, wherein the data storage is configured to also store a TagID and wherein this TagID is transmitted by the TAC module along with the TAC.
  - 6. The smart tag of claim 1, wherein the communication interface comprises a Near-Field Communications (NFC) interface.
  - 7. The smart tag of claim 1, wherein the communication interface comprises a Bluetooth interface.
  - 8. The smart tag of claim 1, wherein the cryptographic key comprises a symmetric cryptographic key.
  - 9. The smart tag of claim 1, wherein the tag data comprises at least one of a phone number, email address, and Universal Resource Locator (URL).

10. A method of operating a smart tag, comprising:
- receiving, at the smart tag, a read request from a reading device;
  
  in response to receiving the read request, generating, at the smart tag, a data object that includes tag data and response-specific data, the response-specific data including a signature value, a unique certificate Universal Resource Locator (URL), and a changeable data part that is initially stored in the smart tag with an initial value and is changed to a new and non-repeated value after each use of the smart tag; and
  
  transmitting the data object from the smart tag to the reading device via a proximity-based Radio Frequency (RF) protocol, wherein the reading device validates the smart tag by requesting a signature certificate for the response-specific data from an authentication service prior to the reading device executing one or more instructions contained in the tag data, wherein the authentication service receives the response-specific data from the reading device, validates the response-specific data and subsequently issues the signature certificate to the reading device.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, wherein the unique certificate URL comprises a substantially unique Tag Authentication Cryptogram (TAC) and a Tag Identifier (TAGID) incorporated therein.
  - 12. The method of claim 11, wherein the unique certificate URL is transmitted to the reading device with one or more delimiters separating the tag data, the TAGID, and the TAC.
  - 13. The method of claim 11, wherein the unique certificate URL and the TAC incorporated therein are used to obtain a valid signature certificate from the authentication service and wherein the reading device conditions execution of the one or more instructions contained in the tag data upon receiving the valid signature certificate.
  - 14. The method of claim 10, wherein the proximity-based RF protocol comprise at least one of a Near-Field Communications (NFC) protocol, an Ultra-High Frequency (UHF) protocol, a High Frequency (HF) protocol, and a Bluetooth protocol.

15. A method of authenticating a smart tag, comprising:
- receiving, at an authentication service from a reading device, a request for a signature certificate, wherein the request for the signature certificate includes a Tag Authentication Cryptogram (TAC) generated by the smart tag during an interaction between the smart tag and the reading device, wherein the TAC is generated using a changeable data part that is initially stored in the smart tag with an initial value and is changed to a new and non-repeated value after each use of the smart tag;
  
  analyzing the TAC to determine whether the TAC is unique and generated by a known and valid smart tag;
  
  based on the analysis of the TAC, determining that the TAC is unique and generated by the known and valid smart tag;
  
  in response to determining that the TAC is unique and generated by the known and valid smart tag, generating a valid signature certificate; and
  
  transmitting the valid signature certificate to the reading device, wherein the reading device conditions execution of instructions contained in tag data exchanged between the smart tag and reading device during the interaction upon receiving the valid signature certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Hoyer, Philip
Primary Examiner(s)
Plecha, Thaddeus

Application Number

US14/772,921
Publication Number

US 20160021100A1
Time in Patent Office

1,356 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/9566   URL specific, e.g. using al...

H04L 2101/69   using geographic informatio...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0492   by using a location-limited...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04L 67/02   based on web technology, e....

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/10   Integrity

H04W 12/106   Packet or message integrity

H04W 12/35   Protecting application or s...

H04W 12/47   using near field communicat...

H04W 4/80   Services using short range ...

Method, system, and device for generating, storing, using, and validating tags and data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system, and device for generating, storing, using, and validating tags and data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links