Method, system and device for generating, storing, using, and validating NFC tags and data

US 9,860,236 B2
Filed: 02/21/2014
Issued: 01/02/2018
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a unique interaction between a mobile device and a smart tag, the method comprising:

receiving, at an authentication server, a Tag Unique Identifier (TAGID) and a Tag Authentication Cryptogram (TAC) generated by a smart tag in response to interacting with the mobile device, wherein the TAGID and TAC are received from at least one of the mobile device and a content server;

determining, at the authentication server, that the interaction between the mobile device and the smart tag occurred and corresponds to a unique event by analyzing the TAC;

comparing, at the authentication server, the TAGID with a plurality of TAGIDs stored in a TAGID repository to determine that the TAGID is a valid TAGID; and

in response to determining (i) that the interaction between the mobile device and the smart tag occurred and corresponds to a unique event and (ii) that the TAGID is a valid TAGID, transmitting a message from the authentication server indicating that the mobile device participated in a unique event and the TAGID is a valid TAGID, wherein the TAGID and TAC are received from the content server, wherein the content server hosts one or more web pages corresponding to a Universal Resource Locator (URL) that contains the TAGID and TAC, wherein the authentication server is administered by a first entity, wherein the content server is administered by a second entity, and wherein the first and second entities are different.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag (308) is enabled to generate a Tag Authentication Cryptogram (TAC) and include the TAC in response (S303) to a read request (S301). Accordingly, each response generated by the smart tag (308) will include a different TAC. It follows that interactions between the smart tag (308) and a reading device (304) can be authenticated as unique interactions if the TAC is validated as a unique and correct TAC.

57 Citations

View as Search Results

20 Claims

1. A method of authenticating a unique interaction between a mobile device and a smart tag, the method comprising:
- receiving, at an authentication server, a Tag Unique Identifier (TAGID) and a Tag Authentication Cryptogram (TAC) generated by a smart tag in response to interacting with the mobile device, wherein the TAGID and TAC are received from at least one of the mobile device and a content server;
  
  determining, at the authentication server, that the interaction between the mobile device and the smart tag occurred and corresponds to a unique event by analyzing the TAC;
  
  comparing, at the authentication server, the TAGID with a plurality of TAGIDs stored in a TAGID repository to determine that the TAGID is a valid TAGID; and
  
  in response to determining (i) that the interaction between the mobile device and the smart tag occurred and corresponds to a unique event and (ii) that the TAGID is a valid TAGID, transmitting a message from the authentication server indicating that the mobile device participated in a unique event and the TAGID is a valid TAGID, wherein the TAGID and TAC are received from the content server, wherein the content server hosts one or more web pages corresponding to a Universal Resource Locator (URL) that contains the TAGID and TAC, wherein the authentication server is administered by a first entity, wherein the content server is administered by a second entity, and wherein the first and second entities are different.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - determining that a second form of authentication is required;
      
      in response to determining that a second form of authentication is required and only after the authentication service has provided the content server with the message indicating that the one or more web pages can be provided to the mobile device, issuing a second challenge to a user of the mobile device;
      
      receiving a response to the second challenge from the user of the mobile device;
      
      determining that the response to the second challenge matches an expected response; and
      
      in response to determining that the response to the second challenge matches the expected response, providing the one or more web pages to the mobile device.
  - 3. The method of claim 1, wherein the TAC is generated with a pseudo-random number generator.
  - 4. The method of claim 1, wherein the TAC is analyzed by comparing the TAC with a set of previously-received TACs.
  - 5. The method of claim 4, wherein the TAC is analyzed without tracking a counter value at the authentication server.
  - 6. The method of claim 1, wherein the TAC is received in response to the content server issuing a request for the TAC to the mobile device after the NFC-capable device requested the one or more web pages from the content server.
  - 7. The method of claim 6, wherein the request for the TAC is transmitted to the mobile device via a command embedded in a Hyper Text Markup Language (HTML) file.
  - 8. The method of claim 1, wherein the TAGID and the TAC are incorporated into a single Universal Resource Locator (URL).
  - 9. The method of claim 1, wherein the content server receives the TAGID and the TAC in a data object, the method further comprising:
    - parsing the data object at the content server to extract the TAGID and the TAC from the data object; and
      
      sending the TAGID and the TAC from the content server to the authentication server.

10. A method of authenticating a unique interaction between a mobile device and a smart tag, the method comprising:
- receiving, at an authentication server, a Tag Unique Identifier (TAGID) and a Tag Authentication Cryptogram (TAC) generated by a smart tag in response to interacting with the mobile device, wherein the TAGID and TAC are received from at least one of the mobile device and a content server;
  
  determining, at the authentication server, that the interaction between the mobile device and the smart tag occurred and corresponds to a unique event by analyzing the TAC;
  
  comparing, at the authentication server, the TAGID with a plurality of TAGIDs stored in a TAGID repository to determine that the TAGID is a valid TAGID;
  
  in response to determining (i) that the interaction between the mobile device and the smart tag occurred and corresponds to a unique event and (ii) that the TAGID is a valid TAGID, transmitting a message from the authentication server indicating that the mobile device participated in a unique event and the TAGID is a valid TAGID, wherein the message is transmitted by the authentication server such that the content server is enabled to provide content to the mobile device that is referenced by the TAGID.

11. An authentication service, comprising:
- a Tag Unique Identifier (TAGID) repository that contains a listing of TAGIDs corresponding to valid and known TAGIDs; and
  
  a cryptographic engine that, when executed, enables the authentication service to verify that an interaction between a tag and a mobile device corresponds a unique interaction, wherein the authentication service is operable to;
  
  receive a TAGID and TAC generated by the tag in response to the tag interacting with the mobile device, wherein the TAGID and TAC are received in a text message or a Universal Resource Locator (URL) with one or more delimiters;
  
  extract the TAGID and TAG from the text message or URL;
  
  determine that the interaction between the mobile device and the tag occurred and corresponds to a unique event;
  
  determine that the TAGID is listed in the TAGID repository; and
  
  transmit a message to a content server that enables the content server to provide web content to the mobile device, wherein the web content is referenced by the TAGID.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The authentication service of claim 11, wherein the cryptographic engine is identical to a cryptographic engine of the tag.
  - 13. The authentication service of claim 11, wherein the authentication service if further operable to:
    - use the cryptographic engine to generate a complimentary TAC based on internally-maintained K and C values; and
      
      match the complimentary TAC with the TAC received in the text message or URL.
  - 14. The authentication service of claim 11, wherein the message transmitted to the content server traverses at least one network border element.
  - 15. The authentication service of claim 11, wherein the TAGID and TAC are received from the content server.
  - 16. The authentication service of claim 11, wherein the TAGID and TAC are received directly from the mobile device via the text message.
  - 17. The authentication service of claim 11, wherein the TAGID and TAC are contained within a common URL.
  - 18. The authentication service of claim 11, wherein the authentication service is further operable to:
    - analyze a signature of the TAC and determine whether the signature was generated with a valid key; and
      
      provide the content server with results of the analysis of the signature of the TAC.
  - 19. The authentication service of claim 18, wherein the signature is analyzed with a public key that is paired with a private key written to the tag.
  - 20. The authentication service of claim 11, wherein the content server is administered by a different entity than the authentication service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Hoyer, Philip, Lovelock, Julian Eric, Robinton, Mark
Primary Examiner(s)
Truong, Thanhnga B

Application Number

US14/772,011
Publication Number

US 20160205549A1
Time in Patent Office

1,411 Days
Field of Search

713159, 713168, 370216, 367128, 367125, 367127, 358 115, 455418, 455 411, 3405721, 340 1051, 340 1052, 235437, 709201
US Class Current
CPC Class Codes

G06F 16/9566   URL specific, e.g. using al...

H04L 2101/69   using geographic informatio...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0492   by using a location-limited...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/12   Applying verification of th...

H04L 67/02   based on web technology, e....

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/10   Integrity

H04W 12/106   Packet or message integrity

H04W 12/35   Protecting application or s...

H04W 12/47   using near field communicat...

H04W 4/80   Services using short range ...

Method, system and device for generating, storing, using, and validating NFC tags and data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system and device for generating, storing, using, and validating NFC tags and data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links