RFID transponder information security methods systems and devices

US 7,548,152 B2
Filed: 10/08/2004
Issued: 06/16/2009
Est. Priority Date: 10/08/2004
Status: Active Grant

First Claim

Patent Images

1. A method in a transceiver comprising:

reading an identifier of a transponder from the transponder;

transmitting to a datastore the identifier as a query to access data associated with the transponder;

receiving as a response to the query, the data;

reading encrypted information from the transponder;

transmitting to an authentication authority a request to access the encrypted information;

wherein the request comprises authentication credentials for authenticating the transceiver and wherein the request further comprises the data.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and devices for providing RFID system security are provided that involve cryptographically encrypting data on a transponder and managing the release of the decryption information, decryption keys, or the data itself to a transceiver having a transaction with the transponder.

46 Citations

View as Search Results

45 Claims

1. A method in a transceiver comprising:
- reading an identifier of a transponder from the transponder;
  
  transmitting to a datastore the identifier as a query to access data associated with the transponder;
  
  receiving as a response to the query, the data;
  
  reading encrypted information from the transponder;
  
  transmitting to an authentication authority a request to access the encrypted information;
  
  wherein the request comprises authentication credentials for authenticating the transceiver and wherein the request further comprises the data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 2. The method of claim 1 wherein the request further comprises authorization data for authorizing the transceiver.
  - 3. The method of claim 1 further comprising:
    - receiving as a response to the request, decryption information for use in decrypting the encrypted information to recover the information.
  - 4. The method of claim 3 wherein the decryption information is encrypted so as to be decryptable by the transceiver.
  - 5. The method of claim 4 further comprising:
    - decrypting the encrypted decryption information; and
      
      decrypting the encrypted information with use of the decryption information, to recover the information.
  - 6. The method of claim 5 wherein the decryption information is a decryption key.
  - 7. The method of claim 4 wherein the decryption information is encrypted with a public key corresponding to a private key of the transceiver.
  - 8. The method of claim 6 wherein the decryption key is a symmetric key, and the encrypted information comprises the information encrypted with the symmetric key.
  - 9. The method of claim 6 wherein the decryption key is a private key corresponding to a public key of the transponder, and the encrypted information comprises the information encrypted with the symmetric key.
  - 10. The method of claim 5 further comprising:
    - encrypting new information to generate encrypted new information; and
      
      storing the encrypted new information on the transponder.
  - 11. The method of claim 10 further comprising:
    - storing new data in the datastore.
  - 12. The method of claim 11 wherein the new data comprises encrypted new decryption information for use in decryption of the encrypted new information.
  - 13. The method of claim 12 further comprising:
    - encrypting the new decryption information with a public key of the authenticating authority.
  - 14. The method of claim 10 wherein the new information is encrypted with a new key.
  - 15. The method of claim 14 wherein the new key is generated by the transceiver.
  - 16. The method of claim 15 wherein the new key is a new symmetric key.
  - 17. The method of claim 10 wherein the encrypted new information is stored in the datastore in association with the RFID of the transponder.
  - 18. The method of claim 5 wherein the decryption information is information for generation of a decryption key, wherein the step of decrypting the encrypted information with use of the decryption information comprises:
    - generating the decryption key using the decryption information;
      
      decrypting the encrypted information using the decryption key to recover the information.
  - 19. The method of claim 1 wherein the data associated with the transponder is for use in decrypting the encrypted information.
  - 20. The method of claim 1 wherein the data comprises encrypted decryption information, the decryption information for use in decrypting the encrypted information.
  - 21. The method of claim 1 wherein the data is encrypted using a public key corresponding to a private key of the authenticating authority.
  - 22. The method of claim 21 wherein the authenticating authority is a key release agent (KRA).
  - 23. The method of claim 1 wherein the datastore is an RFID infrastructure database.
  - 24. The method of claim 23 wherein the datastore and the authenticating authority are part of an RFID infrastructure.
  - 25. The method of claim 1,wherein the data is encrypted decryption information, the decryption information for use in decrypting the encrypted information to recover the information;
    - and after transmitting the request;
      
      receiving as a response to the request, the decryption information re-encrypted, wherein the decryption information is decryptable by the transceiver.
  - 26. The method of claim 25 wherein the decryption information is a symmetric key encrypted with a public key corresponding to a private key of the transceiver, the method further comprising after receiving the re-encrypted decryption information:
    - decrypting the re-encrypted decryption information to recover the symmetric key; and
      
      decrypting the encrypted information with use of the symmetric key, to recover the information.
  - 27. The method of claim 26 wherein the query is transmitted to an RFID infrastructure database of an RFID infrastructure, and wherein the data received in response to the query is encrypted with a public key corresponding to a private key of a key release agent (KRA) of the RFID infrastructure, and wherein the request is transmitted to the KRA.
  - 28. The method of claim 1 wherein the request further comprises the encrypted information.
  - 29. The method of claim 28 further comprising:
    - receiving as a response to the request, the information re-encrypted in a manner decryptable by the transceiver.
  - 30. The method of claim 29 wherein the encrypted information is encrypted with a public key of an authenticating authority of an infrastructure, and wherein the request is transmitted to the authenticating authority.
  - 31. The method of claim 30 wherein the re-encrypted information is encrypted with a public key corresponding to a private key of the transceiver, the method further comprising after receiving the re-encrypted information:
    - decrypting the re-encrypted information to recover the information.
  - 32. The method of claim 31 wherein the information comprises data pertaining to the transponder.
  - 33. The method of claim 31 wherein the information is an identifier of the transponder.
  - 34. The method of claim 1, wherein:
    - reading an identifier comprises reading an encrypted identifier of the transponder from the transponder; and
      
      transmitting the identifier comprises transmitting the encrypted identifier as a query to access data associated with the transponder.
  - 35. The method of claim 34 wherein the data associated with the transponder comprises encrypted decryption information, the decryption information for use in decrypting the encrypted information and for use in decrypting the encrypted identifier.
  - 36. The method of claim 35 wherein the data is encrypted with a public key corresponding to a private key of an authenticating authority of an infrastructure, and wherein the request is transmitted to the authenticating authority.
  - 37. The method of claim 36 wherein the query is sent to a datastore of the infrastructure.
  - 38. The method of claim 1 wherein the transceiver is of a specific domain of a multi-domain system, the method further comprising:
    - receiving as a response to the request, decryption information for use in decrypting a portion of the encrypted information corresponding to the domain of the transceiver, to recover a portion of the information corresponding to the domain.
  - 39. The method of claim 1 wherein the authentication credentials for authenticating the transceiver are further for authorizing a data security level of data the transceiver is allowed access, the method further comprising:
    - receiving in response to the request, decryption information for use in decrypting a portion of the encrypted information having the data security level the transceiver is authorized to access.

40. A method in a transceiver comprising:
- reading encrypted information from a transponder;
  
  transmitting a request to access the encrypted information;
  
  wherein the request comprises authentication credentials for authenticating the transceiver;
  
  wherein the transceiver is of a specific domain of a multi-domain system, and wherein the authentication credentials for authenticating the transceiver are further for authorizing the transceiver to access data of a domain other than the specific domain, the method further comprising;
  
  receiving as a response to the request, decryption information for use in decrypting a portion of the encrypted information corresponding to the domain of the transceiver, to recover a portion of the information corresponding to the domain, and policy rule information specifying which if any domain the transceiver is authorized access to other than the specific domain.
- View Dependent Claims (41)
- - 41. The method of claim 40 wherein the request is transmitted to an authenticating authority of the specific domain, the method further comprising:
    - transmitting a request to access a portion of the encrypted information corresponding to a domain other than the specific domain, wherein the request comprises the authentication credentials of the transponder.

42. A method in a transceiver comprising:
- reading encrypted information from a transponder;
  
  transmitting a request to access the encrypted information;
  
  wherein the request comprises authentication credentials for authenticating the transceiver;
  
  further comprising;
  
  to access a particular capability/function, the transceiver employing a passcode needed to unlock this capability/function;
  
  wherein to obtain the passcode to unlock a capability/function, the transceiver requests the passcode from an RFID infrastructure, and the transceiver receives the passcode from the RFID infrastructure if a set of one or more defined rules are satisfied.

43. A method in an authenticating authority comprising:
- receiving a request from a transceiver for access to encrypted information of a transponder, the request comprising authentication credentials;
  
  authenticating the transceiver with use of the authentication credentials;
  
  wherein the authenticating authority is of a specific domain of a multi-domain system, and wherein the authentication credentials for authenticating the transceiver are further for authorizing the transceiver to access data of the specific domain, the method further comprising;
  
  transmitting to the transceiver as a response to the request, decryption information for use in decrypting a portion of the encrypted information corresponding to the specific domain, to recover a portion of the information corresponding to the specific domainthe method further comprising;
  
  if the transceiver is of the same domain as the authenticating authority;
  
  transmitting to the transceiver further in response to the request, policy rule information specifying which if any domain the transceiver is authorized access to other than the specific domain.

44. A transceiver configured to:
- read an identifier of a transponder from the transponder;
  
  transmit to a datastore the identifier as a query to access data associated with the transponder;
  
  receive as a response to the query, the data;
  
  read encrypted information from the transponder;
  
  transmit to an authentication authority a request to access the encrypted information;
  
  wherein the request comprises authentication credentials for authenticating the transceiver and wherein the request further comprises the data.

45. A computer readable medium having computer readable instructions stored thereon for execution by one or more computers for reading and accessing encrypted information from a transponder, said computer readable instructions comprising:
- computer readable instructions for reading an identifier of a transponder from the transponder;
  
  computer readable instructions for transmitting to a datastore the identifier as a query to access data associated with the transponder;
  
  computer readable instructions for receiving as a response to the query, the data;
  
  computer readable instructions for reading encrypted information from the transponder;
  
  computer readable instructions for transmitting to an authentication authority a request to access the encrypted information;
  
  wherein the request comprises authentication credentials for authenticating the transceiver and wherein the request further comprises the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Corp.
Original Assignee
Entrust Incorporated (Entrust Corp.)
Inventors
Hillier, Stephen
Primary Examiner(s)
Holloway, III, Edwin C

Application Number

US10/960,115
Publication Number

US 20060077034A1
Time in Patent Office

1,712 Days
Field of Search

340/5.61, 340/5.26, 340/5.1, 340/825.69, 340/10.1, 340/10.5, 340/10.51, 235/382.5, 380/270, 713/168
US Class Current

340/5.61
CPC Class Codes

G06Q 20/3278   RFID or NFC payments by mea...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 20/40975   using encryption therefor

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2463/062   applying encryption of the ...

H04L 63/0492   by using a location-limited...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 9/0822   using key encryption key

H04L 9/321   involving a third party or ...

RFID transponder information security methods systems and devices

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

RFID transponder information security methods systems and devices

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links