RFID tags with dynamic key replacement
First Claim
1. A method to wirelessly authenticate an item, the method comprising:
- sending a message to a Radio Frequency Identification (RFID) integrated circuit (IC) associated with the item;
receiving, from the RFID IC, an identifier and a cryptographic response to the message;
determining, based on the identifier, a plurality of potential keys including a used key and at least one unused key;
generating a plurality of processed cryptographic responses, each processed cryptographic response based on the received cryptographic response and a respective potential key in the plurality of potential keys;
extracting a verification value from a first one of the plurality of processed cryptographic responses;
if the verification value corresponds to a known value then authenticating the item;
else;
extracting other verification values from the other ones of the plurality of processed cryptographic responses; and
if the other verification values do not correspond to the known value then considering the item suspect.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographically-enabled RFID tag stores a primary secret key and derives secondary keys from the primary key. A secondary key may be derived by combining the primary key with one or more other parameters using one or more algorithms. The tag uses a derived secondary key to encrypt or electronically sign a tag response sent to a verifying entity. The verifying entity does not know the derived secondary key, but knows the tag primary key and the parameters and algorithms used to derive the secondary key and can derive all of the potential secondary keys. The verifying entity can then attempt to authenticate the tag or tag response by trying potential secondary keys.
74 Citations
20 Claims
-
1. A method to wirelessly authenticate an item, the method comprising:
-
sending a message to a Radio Frequency Identification (RFID) integrated circuit (IC) associated with the item; receiving, from the RFID IC, an identifier and a cryptographic response to the message; determining, based on the identifier, a plurality of potential keys including a used key and at least one unused key; generating a plurality of processed cryptographic responses, each processed cryptographic response based on the received cryptographic response and a respective potential key in the plurality of potential keys; extracting a verification value from a first one of the plurality of processed cryptographic responses; if the verification value corresponds to a known value then authenticating the item; else; extracting other verification values from the other ones of the plurality of processed cryptographic responses; and if the other verification values do not correspond to the known value then considering the item suspect. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A cryptographic module configured to wirelessly authenticate an item, the cryptographic module comprising:
-
key-generation module configured to determine, based on an identifier received from a Radio Frequency Identification (RFID) integrated circuit (IC) associated with the item, a plurality of potential keys including a used key and at least one unused key; and a processing module configured to; send a message to the RFID IC; receive, from the RFID IC, the identifier and a cryptographic response to the message; determine a plurality of processed cryptographic responses, each processed cryptographic response based on the received cryptographic response and a respective potential key in the plurality of potential keys; extract a verification value from a first one of the plurality of processed cryptographic responses; if the verification value corresponds to a known value then authenticate the item; else; extract other verification values from the other ones of the plurality of processed cryptographic responses; and if the other verification values do not correspond to the known value then consider the item suspect. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A Radio Frequency Identification (RFID) system configured to wirelessly authenticate an item, the system comprising:
-
RFID integrated circuit (IC) associated with the item and configured to; send an identifier; receive a first challenge; determine a secondary key based on at least one of a primary key, the received first challenge, and a first value of an IC parameter; determine a first cryptographic response based on at least the first IC parameter value and the secondary key; and send the first cryptographic response; and a processor module configured to; transmit the first challenge to the RFID IC; receive, from the RFID IC, the identifier and the first cryptographic response; determine, based on the identifier, a plurality of potential keys including the secondary key and at least one unused key; determine a plurality of processed cryptographic responses, each processed cryptographic response based on the first cryptographic response and a respective potential key in the plurality of potential keys; extract a verification value from a first one of the plurality of processed cryptographic responses; if the verification value corresponds to the first IC parameter value then authenticate the item; else; extract other verification values from the other ones of the plurality of processed cryptographic responses; and if the other verification values do not correspond to the first IC parameter value then consider the item suspect. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification