Tag-handle-based authentication of RFID readers

US 9,916,483 B1
Filed: 08/18/2017
Issued: 03/13/2018
Est. Priority Date: 03/14/2013
Status: Active Grant

First Claim

Patent Images

1. A method for a Radio Frequency Identification (RFID) integrated circuit (IC) to execute an instruction, the method comprising:

generating first and second random numbers;

sending an identifier, wherein the identifier is stored in a memory of the IC, is different from the first and second random numbers, and is used to determine a key via a table lookup or as input to an algorithmic key generator;

sending the first random number;

receiving a challenge;

retrieving the key from the memory;

determining a response to the challenge based on a cryptographic algorithm, the key, the challenge, and at least the second random number;

sending the response;

receiving a derived parameter and an instruction; and

executing the instruction upon verifying that the derived parameter derives from at least the first and second random numbers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An RFID tag may execute instructions from an authenticated RFID reader. A tag determines a handle and a first parameter, both of which may be random numbers, and sends the handle to a reader. Upon receiving a challenge from the reader, the tag determines and sends a cryptographic response to the challenge based on an algorithm, a tag key, the first parameter, and the challenge. Upon receiving a message with a second parameter and a tag instruction, the tag executes the tag instruction upon verifying that the second parameter derives from the first parameter and the tag handle.

24 Citations

View as Search Results

20 Claims

1. A method for a Radio Frequency Identification (RFID) integrated circuit (IC) to execute an instruction, the method comprising:
- generating first and second random numbers;
  
  sending an identifier, wherein the identifier is stored in a memory of the IC, is different from the first and second random numbers, and is used to determine a key via a table lookup or as input to an algorithmic key generator;
  
  sending the first random number;
  
  receiving a challenge;
  
  retrieving the key from the memory;
  
  determining a response to the challenge based on a cryptographic algorithm, the key, the challenge, and at least the second random number;
  
  sending the response;
  
  receiving a derived parameter and an instruction; and
  
  executing the instruction upon verifying that the derived parameter derives from at least the first and second random numbers.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising storing the first and second random numbers in the memory.
  - 3. The method of claim 1, further comprising sending the first random number in response to a read command.
  - 4. The method of claim 1, further comprising discarding the first random number at the end of a reader-to-tag dialog.
  - 5. The method of claim 1, wherein the verifying employs the cryptographic algorithm.
  - 6. The method of claim 1, wherein the verifying uses the key.
  - 7. The method of claim 1, wherein the instruction is one of encrypted and decrypted.

8. A Radio Frequency Identification (RFID) integrated circuit (IC) configured to execute an instruction, the IC comprising:
- a memory configured to store an identifier and a key; and
  
  a processor block configured to;
  
  generate first and second random numbers;
  
  store the first and second random numbers in the memory;
  
  send the identifier, wherein the identifier is different from the first and second random numbers and is used to determine the key via a table lookup or as input to an algorithmic key generator;
  
  send the first random number;
  
  receive a challenge;
  
  determine a response to the challenge based on a cryptographic algorithm, the key, the challenge, and at least the second random number;
  
  send the response;
  
  receive a derived parameter and an instruction; and
  
  execute the instruction upon verifying that the derived parameter derives from at least the first and second random numbers.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The IC of claim 8, wherein the processor block is configured to send the identifier in response to a read command.
  - 10. The IC of claim 8, wherein processor block is configured to discard the first random number at the end of a reader-to-tag dialog.
  - 11. The IC of claim 8, wherein the processor block is configured to perform the verification using the cryptographic algorithm.
  - 12. The IC of claim 8, wherein the processor block is configured to perform the verification using the key.
  - 13. The IC of claim 8, wherein the instruction is one of encrypted and decrypted.

14. A Radio Frequency Identification (RFID) reader comprising:
- a transceiver module configured to transmit and receive RF signals; and
  
  a processor block configured to;
  
  receive an identifier from an RFID tag;
  
  retrieve a first random number from a memory of the tag, wherein the first random number is generated by the tag and different from the identifier;
  
  send a challenge to the tag;
  
  receive a response to the challenge from the tag, the response based on a cryptographic algorithm, a key, the challenge, and a second random number generated by the tag and different from the first random number;
  
  authenticate the response using the key, the key determined by using the identifier in a table lookup or as input into an algorithmic key generator; and
  
  upon authenticating the response, send a derived parameter and an instruction to the tag, wherein the derived parameter authorizes the execution of the instruction and is based on at least the first and second random numbers.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The reader of claim 14, wherein the processor block is configured to retrieve the first random number using a read command.
  - 16. The reader of claim 14, wherein the processor block is further configured to discard the first random number at the end of a communication dialog with the tag.
  - 17. The reader of claim 14, wherein the cryptographic algorithm is employed to determine the derived parameter.
  - 18. The reader of claim 14, wherein the key is employed to determine the derived parameter.
  - 19. The reader of claim 14, wherein the processor block is further configured to authenticate the response by one of:
    - transmitting the response, the identifier, and the challenge to a verification authority and the verification authority authenticating the response; and
      
      determining the key using the identifier in the table lookup or as input into the algorithmic key generator and authenticating the response using the key.
  - 20. The reader of claim 14, wherein the instruction is one of encrypted and decrypted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Impinj, Inc.
Original Assignee
Impinj, Inc.
Inventors
Robshaw, Matthew J B, Heinrich, Harley, Wu, Tan Mau, Diorio, Christopher
Primary Examiner(s)
Haile, Benyam

Application Number

US15/680,639
Time in Patent Office

207 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2221/2103   Challenge-response

G06F 2221/2129   Authenticate client device ...

G06K 7/10257   arrangements for protecting...

G06Q 20/4097   using mutual authentication...

G06Q 20/40975   using encryption therefor

H04L 2463/062   applying encryption of the ...

H04L 63/08   for authentication of entit...

H04L 9/3271   using challenge-response

H04L 9/3273   for mutual authentication n...

H04L 9/3278   using physically unclonable...

H04W 12/069   using certificates or pre-s...

Tag-handle-based authentication of RFID readers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Tag-handle-based authentication of RFID readers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links