Radio frequency identification technology incorporating cryptographics

US 9,867,042 B2
Filed: 08/08/2012
Issued: 01/09/2018
Est. Priority Date: 08/08/2011
Status: Active Grant

First Claim

Patent Images

1. A radio frequency identification (RFID) tag comprising:

an RFID functional portion configured to enable wireless communication between the RFID tag and an RFID reader;

a data processing functional portion with asymmetric cryptographic capability and symmetric cryptographic capability; and

a power source configured to power the data processing functional portion,wherein the data processing functional portion comprises;

means to generate public-private cryptographic key pairs, each public-private cryptographic key pair comprising a public key and a private key for use in asymmetric cryptographic operations;

means to securely and secretly retain said private keys; and

means to release said public keys for use by other devices,wherein communication between the RFID tag and the RFID reader is based on both the symmetric and asymmetric cryptographic capabilities of the data processing functional portion.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a radio frequency identification (RFID) tag comprising: an RFID functional portion configured to enable wireless communication between the RFID tag and an RFID reader; a data processing functional portion with asymmetric cryptographic capability; and a power source configured to power the data processing functional portion.

66 Citations

View as Search Results

19 Claims

1. A radio frequency identification (RFID) tag comprising:
- an RFID functional portion configured to enable wireless communication between the RFID tag and an RFID reader;
  
  a data processing functional portion with asymmetric cryptographic capability and symmetric cryptographic capability; and
  
  a power source configured to power the data processing functional portion,wherein the data processing functional portion comprises;
  
  means to generate public-private cryptographic key pairs, each public-private cryptographic key pair comprising a public key and a private key for use in asymmetric cryptographic operations;
  
  means to securely and secretly retain said private keys; and
  
  means to release said public keys for use by other devices,wherein communication between the RFID tag and the RFID reader is based on both the symmetric and asymmetric cryptographic capabilities of the data processing functional portion.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A tag according to claim 1, wherein said power source is configured to power the RFID functional portion.
  - 3. A tag according to claim 2, wherein said power source is not configured to generate or boost radio frequency transmission from the RFID functional portion.
  - 4. A tag according to claim 1, wherein the data processing functional portion is further configured to store a unique unalterable identification code.
  - 5. A tag according to claim 1, wherein the data processing functional portion further comprises:
    - means to associate one or more private cryptographic keys with an authorized user of the RFID tag;
      
      means to store said associated private keys in a default disabled state such that in the disabled state said private keys cannot be used;
      
      means to securely store template biometric data for said authorized user in association with said private keys;
      
      means to accept live biometric data from a user of the RFID tag;
      
      means to compare said live biometric data with said template biometric data and thereby determine whether said live biometric data corresponds to said authorized user of the RFID tag;
      
      means to select and enable for a specified cryptographic operation a biometrically associated private cryptographic key depending on the result of said comparison of live and template biometric data, said biometrically associated private cryptographic key otherwise remaining disabled, and wherein the live biometric data comprises one or more of the group consisting of fingerprint data, voice data, facial image data, and retinal scan data.

6. A network comprising:
- a server with asymmetric cryptographic capability;
  
  a plurality of radio frequency identification (RFID) tags;
  
  one or more RFID readers, each RFID reader being configured to relay data between the server and one or more RFID tags, thereby enabling secure and authenticable communication between the one or more RFID tags and the server; and
  
  a public key server configured to securely store public keys from public-private cryptographic key pairs for retrieval by any of the server, the RFID readers, and the RFID tags,wherein each of the server and the RFID tags is configured to upload at least one public key generated thereby to the public key server.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. A network according to claim 6, wherein the server comprises:
    - means to generate public-private cryptographic key pairs, each public-private cryptographic key pair comprising a public key and a private key for use in asymmetric cryptographic operations;
      
      means to securely and secretly retain said private keys; and
      
      means to release said public keys for use by other devices.
  - 8. A network according to claim 6, wherein each RFID functional portion is configured to enable wireless communication between the corresponding RFID tag and any of the RFID readers.
  - 9. A network according to claim 6, wherein the server and each RFID tag are further configured with symmetric cryptographic capability, and wherein the secure and authenticable communication between the one or more RFID tags and the server uses both the symmetric and asymmetric cryptographic capabilities thereof.
  - 10. A network according to claim 6, wherein at least one RFID reader is further configured to add supplemental information to the data being relayed between the server and the one or more RFID tags, and wherein the at least one RFID reader has asymmetric cryptographic capability such that said supplemental information is added securely and authenticably to the data being relayed between the server and the one or more RFID tags.
  - 11. A network according to claim 10, wherein the at least one RFID reader has symmetric cryptographic capability such that said supplemental information is added securely to the data being relayed between the server and the one or more RFID tags, and at least one RFID tag is configured to interface to an apparatus or process in order to:
    - receive data from said apparatus or process, ortransfer information to said apparatus or process to influence or control said apparatus or process.
  - 12. A network according to claim 6, further comprising a device connected to the server, the device being configured to perform one or more of:
    - obtain information from the server, the information relating to one or more of the RFID tags; and
      
      send data to the server, the server being configured to transfer the data to one or more of the RFID tags via the RFID readers, and wherein at least one RFID reader is configured to relay data between the server and the one or more RFID tags in a manner dependent on the type of the one or more RFID tags.
  - 13. A network according to claim 6, further comprising one or more passive RFID tags, wherein each passive RFID tag comprises an RFID functional portion configured to enable wireless communication between the passive RFID tag and an RFID reader, and wherein at least one RFID reader is configured to relay data between the server and the one or more RFID tags in a manner dependent on whether the one or more RFID tags are passive RFID tags.

14. A method of securely communicating data between a radio frequency identification (RFID) tag and a server, the method comprising:
- generating, by the RFID tag and the server, a symmetric encryption/decryption key;
  
  encrypting, by one of the RFID tag and the server, the data using the symmetric encryption/decryption key;
  
  generating, by the one of the RFID tag and the server, a digital signature for the data using an asymmetric private key;
  
  wirelessly transmitting, by the one of the RFID tag and the server, the encrypted data and the digital signature to the other of the RFID tag and the server;
  
  validating, by the other of the RFID tag and the server, the digital signature using an asymmetric public key corresponding to the asymmetric private key, said asymmetric public key being authenticated by reference to a public key server;
  
  decrypting, by the other of the RFID tag and the server, the encrypted data using the symmetric encryption/decryption key.
- View Dependent Claims (15, 16, 17)
- - 15. A method according to claim 14, wherein the generating of the symmetric encryption/decryption key comprises:
    - generating, by one of the RFID tag and the server, a random number;
      
      encrypting, by the one of the RFID tag and the server, the random number using a public cryptographic encryption key of the other of the RFID tag and the server;
      
      transmitting, by the one of the RFID tag and the server, the encrypted number to the other of the RFID tag and the server;
      
      decrypting, by the other of the RFID tag and the server, the encrypted random number using a private decryption key of the other of the RFID tag and the server corresponding to the public cryptographic encryption key; and
      
      generating, by the RFID tag and the server, the symmetric encryption/decryption key using the random number.
  - 16. A method according to claim 14, wherein the digital signature is generated for the encrypted data, and the method further comprises, prior to wirelessly transmitting the encrypted data and the digital signature, encrypting the digital signature using the symmetric encryption/decryption key.
  - 17. A method according to claim 14, wherein the wireless transmitting comprises:
    - transmitting, by the one of the RFID tag and the server, the encrypted data and the digital signature to an RFID reader;
      
      encrypting, by the RFID reader, supplemental information using a public cryptographic encryption key of the other of the RFID tag and the server;
      
      generating, by the RFID reader, a second digital signature for the encrypted supplemental information and the encrypted data and the digital signature using an asymmetric private key associated with the RFID reader;
      
      transmitting, by the RFID reader, the encrypted supplemental information, the encrypted data and the digital signature, and the second digital signature to the other of the RFID tag and the server;
      
      validating, by the other of the RFID tag and the server, the second digital signature using a second asymmetric public key corresponding to the asymmetric private key associated with the RFID reader, said second asymmetric public key being authenticated by reference to a public key server; and
      
      decrypting, by the other of the RFID tag and the server, the encrypted supplemental information using a private decryption key of the other of the RFID tag and the server corresponding to the public cryptographic encryption key.

18. A method of updating a public cryptographic decryption key stored at one of an RFID tag and a server, said public cryptographic decryption key originating from the other of the RFID tag and the server, the method comprising:
- combining, by the other of the RFID tag and the server, a new public cryptographic decryption key with a current public cryptographic decryption key corresponding to the public cryptographic decryption key stored at the one of the RFID tag and the server;
  
  generating, by the other of the RFID tag and the server, a digital signature for the combined new public cryptographic decryption key and current public cryptographic decryption key using a private cryptographic encryption key corresponding to the current public cryptographic decryption key;
  
  transmitting, by the other of the RFID tag and the server, the combined new public cryptographic decryption key and current public cryptographic decryption key and the digital signature to the one of the RFID tag and the server,validating, by the one of the RFID tag and the server, the digital signature using the public cryptographic decryption key stored at the one of the RFID tag and the server, where the public cryptographic decryption key has previously been securely transferred to the one of the RFID tag and the server; and
  
  replacing the public cryptographic decryption key stored at the one of the RFID tag and the server with the new public cryptographic decryption key.
- View Dependent Claims (19)
- - 19. A method according to claim 18, further comprising, before the combining, determining, by the other of the RFID tag and the server, whether the public cryptographic decryption key stored at the one of the RFID tag and the server is the same as the new public cryptographic decryption key, and proceeding with the combining based on the determination, and wherein before the combining, transferring, by the other of the RFID tag and the server, via an authenticated communications link, the current public cryptographic decryption key for storage at the one of the RFID tag and the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mikoh Corporation
Original Assignee
Mikoh Corporation
Inventors
Atherton, Peter Samuel
Primary Examiner(s)
Vostal, O. C.

Application Number

US14/237,478
Publication Number

US 20140286491A1
Time in Patent Office

1,980 Days
Field of Search

380270
US Class Current
CPC Class Codes

G06K 7/10267   the arrangement comprising ...

H04L 2209/80   Wireless network architectu...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0442   wherein the sending and rec...

H04L 63/045   wherein the sending and rec...

H04L 63/0861   using biometrical features,...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0866   involving user or device id...

H04L 9/0891   Revocation or update of sec...

H04L 9/14   using a plurality of keys o...

H04L 9/321   involving a third party or ...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/47   using near field communicat...

Radio frequency identification technology incorporating cryptographics

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

66 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Radio frequency identification technology incorporating cryptographics

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links