U.S. patent application number 12/343187 was filed with the patent office on 2009-09-24 for dynamic identifier for use in identification of a device.
Invention is credited to William G. O'Brien, Tet Hin YEAP.
Application Number | 20090240946 12/343187 |
Document ID | / |
Family ID | 40787423 |
Filed Date | 2009-09-24 |
United States Patent
Application |
20090240946 |
Kind Code |
A1 |
YEAP; Tet Hin ; et
al. |
September 24, 2009 |
DYNAMIC IDENTIFIER FOR USE IN IDENTIFICATION OF A DEVICE
Abstract
A method for execution by a device, which comprises: generating
a first signature by encrypting an identifier of the device
together with first additional data; generating a second signature
by encrypting the identifier of the device together with second
additional data that is different from the first additional data;
releasing the first signature to identify the device on a first
occasion; and releasing the second signature to identify the device
on a second occasion. Also, a device, which comprises: a memory
storing an identifier of the device; a processing entity configured
to generate a plurality of different signatures encoding the
identifier and to store the signatures in the memory; and a
transmit/receive entity configured to identify the device on
respective occasions by releasing individual ones of the
signatures.
Inventors: |
YEAP; Tet Hin; (Ottawa,
CA) ; O'Brien; William G.; (Nanaimo, CA) |
Correspondence
Address: |
SMART & BIGGAR
1000 DE LA GAUCHETIERE ST. W., SUITE 3300
MONTREAL
QC
H3B 4W5
CA
|
Family ID: |
40787423 |
Appl. No.: |
12/343187 |
Filed: |
December 23, 2008 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
PCT/CA2007/002343 |
Dec 20, 2007 |
|
|
|
12343187 |
|
|
|
|
Current U.S.
Class: |
713/176 |
Current CPC
Class: |
G06F 9/445 20130101;
H04W 12/08 20130101; H04W 12/47 20210101; G06Q 10/087 20130101;
G06Q 20/3829 20130101; G07F 7/1008 20130101; H04L 2209/56 20130101;
H04L 2209/805 20130101; G06Q 20/401 20130101; H04W 12/10 20130101;
G06Q 20/40975 20130101; H04L 2209/84 20130101; G06Q 20/40 20130101;
G06F 21/43 20130101; G06Q 20/341 20130101; G06Q 20/385 20130101;
H04L 63/126 20130101; G06F 21/79 20130101; G06Q 20/3825 20130101;
H04L 9/3247 20130101; H04L 63/0846 20130101; G06Q 20/425 20130101;
H04L 63/0823 20130101; G06Q 20/02 20130101 |
Class at
Publication: |
713/176 |
International
Class: |
H04L 9/32 20060101
H04L009/32; H04W 12/06 20090101 H04W012/06 |
Claims
1. A method for execution by a device, comprising: generating a
first signature by encrypting an identifier of the device together
with first additional data; generating a second signature by
encrypting the identifier of the device together with second
additional data that is different from the first additional data;
releasing the first signature to identify the device on a first
occasion; and releasing the second signature to identify the device
on a second occasion.
2. The method defined in claim 1, wherein generating the second
signature is performed after generating the first signature.
3. The method defined in claim 1, further comprising receiving a
request from a network entity, wherein releasing the first
signature is performed no earlier than when the request is
received.
4. The method defined in claim 3, further comprising receiving a
second request from the network entity, wherein releasing the
second signature is performed no earlier than when the second
request is received.
5. The method defined in claim 4, wherein the first and second
requests are received wirelessly.
6. The method defined in claim 4, wherein the first and second
requests are received non-wirelessly.
7. The method defined in claim 1, further comprising receiving a
request, wherein generating the first signature is performed no
earlier than when the request is received.
8. The method defined in claim 7, further comprising receiving a
second request, wherein generating the second signature is
performed no earlier than when the second request is received.
9. The method defined in claim 1, wherein releasing the first
signature and releasing the second signature are performed by the
device autonomously.
10. The method defined in claim 1, wherein releasing the first
signature and releasing the second signature are performed by the
device on a basis of a command sensed to be received from a user of
the device.
11. The method defined in claim 1, wherein the device comprises at
least one of a modem and a computer.
12. The method defined in claim 1, wherein the identifier of the
device is a MAC address of the device stored in a memory of the
device.
13. The method defined in claim 12, wherein the device comprises at
least one of a network adapter and a network interface card
identifiable using said MAC address.
14. The method defined in claim 1, wherein the device comprises a
mobile telephone and wherein the identifier of the device is an
electronic serial number of the mobile telephone stored in a memory
of the mobile telephone.
15. The method defined in claim 1, wherein the device comprises an
RFID tag and wherein the identifier of the device is an identifier
of the RFID tag stored in a memory of the RFID tag.
16. The method defined in claim 1, wherein the identifier of the
device is an account number stored in a memory of the device.
17. The method defined in claim 1, wherein the first and second
signatures are released over a non-secure pathway.
18. The method defined in claim 17, wherein the non-secure pathway
traverses the Internet.
19. The method defined in claim 1, wherein the first and second
signatures are generated at respective times, and wherein the first
and second additional data are related, respectively, to the times
at which the first and second signatures are generated.
20. The method defined in claim 1, wherein the second additional
data differs from the first additional data by an amount reflective
of an output of a function to which has been input the first
additional data.
21. The method defined in claim 1, wherein the first and second
additional data differ by an incremental amount.
22. The method defined in claim 1, wherein encrypting the
identifier of the device together with the first additional data
comprises combining the identifier of the device and the first
additional data into a result and encrypting the result using an
encryption key.
23. The method defined in claim 22, wherein encrypting the
identifier of the device together with the second additional data
comprises combining the identifier of the device and the second
additional data into a second result and encrypting the second
result using the encryption key.
24. The method defined in claim 23, wherein the encryption key is a
private key of the device and is complementary to a public key that
is available to a recipient of the first and second signatures.
25. A computer-readable storage medium comprising a set of
computer-readable instructions for execution by a device, wherein
execution of the set of instructions by the device causes the
device to execute a method that includes: generating a first
signature by encrypting an identifier of the device together with
first additional data; generating a second signature by encrypting
the identifier of the device together with second additional data
that is different from the first additional data; releasing the
first signature to identify the device on a first occasion; and
releasing the second signature to identify the device on a second
occasion.
26. A device, comprising: a memory storing an identifier of the
device; a processing entity configured to generate a plurality of
different signatures encoding the identifier and to store the
signatures in the memory; and transmit/receive circuitry configured
to identify the device on respective occasions by releasing
individual ones of the signatures.
27. The device defined in claim 26, wherein to generate a first one
of the signatures, the processing entity is configured to encrypt
the identifier together with first additional data and wherein to
generate a second one of the signatures, the processing entity is
configured to encrypt the identifier together with second
additional data that is different from the first additional data.
Description
CROSS-REFERENCE TO RELATED APPLICATION
[0001] The present application is a continuation-in-part, and
claims the benefit under 35 USC 120, of PCT International
Application PCT/CA2007/002343, filed on Dec. 20, 2007 and hereby
incorporated by reference herein.
FIELD OF THE INVENTION
[0002] The present invention relates generally to communication
over a network and, more specifically, to a method for
identification of a device when communicating with a network entity
over the network.
BACKGROUND
[0003] In many everyday applications, such as access control,
payment and tracking, devices involved in those applications need
to be identified. Devices are typically assigned an identifier for
such purposes. Thus, when the time comes for a device to be
identified, the device transmits its assigned identifier to a
network entity, which takes a decision as to whether the device (or
a user thereof) is authorized to access a physical resource, view
online content, utilize funds, etc.
[0004] In many situations, at least a portion of the pathway
between a given device and the network entity might not be secure.
For example, RFID, Bluetooth, WiFi, WiMax, Internet all present
potential security risks whereby a malicious individual could
detect and copy identifiers transmitted by the given device. Once
the malicious individual gains knowledge of the given device's
identifier, it is possible that he or she can simulate the given
device and potentially gain access to a secured resource facility
or vehicle, conduct unauthorized payments, impersonate the given
device, etc.
[0005] Thus, an improved approach to the identification of devices
would be welcome in the industry.
SUMMARY OF THE INVENTION
[0006] According to a broad aspect, there is provided a method for
execution by a device, which comprises: generating a first
signature by encrypting an identifier of the device together with
first additional data; generating a second signature by encrypting
the identifier of the device together with second additional data
that is different from the first additional data; releasing the
first signature to identify the device on a first occasion; and
releasing the second signature to identify the device on a second
occasion.
[0007] According to another broad aspect, there is provided a
computer-readable storage medium comprising a set of
computer-readable instructions for execution by a device, wherein
execution of the set of instructions by the device causes the
device to execute a method that includes: generating a first
signature by encrypting an identifier of the device together with
first additional data; generating a second signature by encrypting
the identifier of the device together with second additional data
that is different from the first additional data; releasing the
first signature to identify the device on a first occasion; and
releasing the second signature to identify the device on a second
occasion.
[0008] According to yet another broad aspect, there is provided a
device, which comprises: a memory storing an identifier of the
device; a processing entity configured to generate a plurality of
different signatures encoding the identifier and to store the
signatures in the memory; and a transmit/receive entity configured
to identify the device on respective occasions by releasing
individual ones of the signatures.
[0009] These and other aspects and features of the present
invention will now become apparent to those of ordinary skill in
the art upon review of the following description of specific
embodiments of the invention in conjunction with the accompanying
drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
[0010] In the accompanying drawings:
[0011] FIG. 1 is a block diagram of a system comprising a reader
and a tag, in accordance with a non-limiting embodiment of the
present invention.
[0012] FIG. 2 is a block diagram showing details of the tag, in
accordance with a non-limiting embodiment of the present
invention.
[0013] FIG. 3 illustrates a decoding function implemented by a
controller in the tag, for generation of a signature at two points
in time.
[0014] FIGS. 4A and 4B depict two possible functional architectures
for generation of a signature.
[0015] FIG. 5 is a block diagram of a system comprising a device in
communication with a network entity.
[0016] FIG. 6A shows application of a non-limiting embodiment of
the present invention in a validation context.
[0017] FIG. 6B is a block diagram of a multi-reader architecture,
in accordance with a non-limiting embodiment of the present
invention.
[0018] FIG. 7A is a flowchart showing operation of a processing
entity of FIG. 6 when considering tags whose signatures encode a
variable scrambling code and that are encrypted using a common key
that is known to the reader or can be determined from an index
supplied with the signature.
[0019] FIG. 7B is a flowchart similar to that of FIG. 7A, but where
the common key is unknown to the reader.
[0020] FIG. 8 shows application of a non-limiting embodiment of the
present invention in an identification context when considering
tags whose signatures are encrypted using a variable key.
[0021] FIG. 9 is a flowchart showing operation of a processing
entity of FIG. 8 when considering tags whose signatures are
encrypted using a variable key.
[0022] It is to be expressly understood that the description and
drawings are only for the purpose of illustration of certain
embodiments of the invention and are an aid for understanding. They
are not intended to be a definition of the limits of the
invention.
DETAILED DESCRIPTION
[0023] With reference to FIG. 5, there is shown a system comprising
a device 1000 in communication with a network entity 1002. The
network entity 1002 controls access to a resource 1004. The
resource 1004 can be any desired resource to which the device 1000
(or a user thereof) may wish to gain access. Non-limiting examples
of the resource 1004 include real property (e.g., computing
equipment, a computer network, a building, a portion of a building,
an entrance, an exit, a vehicle, etc.), online property (e.g.,
access to a network such as the Internet or a virtual private
network, a user account on a website, etc.) and financial property
(e.g., a credit card account, bank account, utility company
account, etc.).
[0024] The network entity 1002 may in some embodiments comprise an
interrogation portion 1010 and a processing portion 1012. Depending
on the embodiment, the interrogation portion 1010 may take the form
of an RFID reader, a server, a modem, a WiFi node, a WiMax node, a
base station, an infrared/Bluetooth receiver, etc. The
interrogation portion 1010 communicates with the network device
1002 over a communication pathway 1014. In a non-limiting example,
the communication pathway 1014 may traverse the Internet.
Alternatively or in addition, the communication pathway 1014 may
traverse the public switched telephone network (PSTN). The
communication pathway 1014 may include one or more portions, any
one or more of which may physically consist of one or more of a
wireless, guided optical or wired link. Non-limiting examples of a
wireless link include a radio frequency link and a free-space
optical link, which may be established using any suitable protocol,
including but not limited to RFID, Bluetooth, WiFi, WiMax, etc.
Furthermore, the wireless link may be fixed wireless or mobile
wireless, to name but two non-limiting possibilities.
[0025] The processing portion 1012 of the network entity 1002 is in
communication with the interrogation portion 1010 and obtains
therefrom data obtained as a result of interaction with the device
1000. The processing portion 1012 has the ability to process the
data obtained by the interrogation portion 1010 and to determine
whether or not to grant access to the resource 1004.
[0026] The device 1000 can be any suitable device that is
susceptible of being used to access the resource 1004. In one
non-limiting example, the device may take the form of a
contactlessly readable tag (e.g., an RFID tag) that can be affixed
to or integrated with: an item for sale, transported merchandise, a
person's clothing, an animal (including livestock), a piece of
equipment (including communications equipment such as wireless
communications equipment), a vehicle, an access card and a credit
card, to name jut a few non-limiting examples. In another
non-limiting example, the device 1000 may take the form of a
communication device (e.g., a mobile telephone (including smart
phones and networked personal digital assistants), a computer
(e.g., desktop or laptop), a modem, a network adapter, a network
interface card (NIC), etc.).
[0027] The device 1000 comprises a memory 1016 and a processing
entity 1020 (e.g., a microcontroller) that is coupled to the memory
1020. The processing entity 1020 has the ability to execute
computer-readable instructions stored in the memory 1016 which,
upon execution, result in the device 1000 implementing a desired
process or application. In a non-limiting example, the application
is a software application, such as a telephony or banking
application, to give but two non-limiting examples.
[0028] The memory 1016 includes a memory element 1018 that stores
an identifier I.sub.D of the device 1000. Depending on the type of
device, the identifier may be configured differently.
[0029] For example, in the case where the device 1000 takes the
form of an RFID tag, the identifier I.sub.D may be an identifier
specifically used in RFID tags and may encode information such as,
without limitation, a serial number, a universal product code
(UPC), a vehicle registration number (VIN), an account number and a
customized identifier.
[0030] In the case where the device 1000 takes the form of a
communication device that is a mobile telephone, the identifier
I.sub.D may be an electronic serial number of the mobile
telephone.
[0031] In the case where the device 1000 takes the form of a
network adapter or NIC, the identifier I.sub.D may be a
manufacturer-assigned identifier associated with the communication
device. A non-limiting example of a suitable identifier is a Media
Access Control address (MAC address), Ethernet Hardware Address
(EHA), hardware address, adapter address or physical address, which
can be assigned to network adapter or NIC by the manufacturer for
identification and can encode a registered identification number of
the manufacturer.
[0032] In order to gain access to the resource, the device 1000
identifies itself to the network entity 1002 at certain instants
hereinafter referred to as "identification occasions". Depending on
the application at hand, the identification occasions can arise
under control of the device 1000 (i.e., autonomously), under
control of the network entity 1002 (e.g., in response to receipt of
a request issued by the network entity 1002) or under control of a
user (not shown) of the device 1000. For example, in the case of an
application involving control of access to real property, an
identification occasion may arise whenever the device 1000 is
queried by an external reader, which may occur when the device 1000
is sensed by the reader to be within the vicinity thereof. In the
case of an application involving control of access to online
property, the device 1000 may autonomously identify itself to a
remote modem on a regular or irregular basis (e.g., in the context
of keeping a session alive). In the case of an application
involving control of financial property, an identification occasion
may arise at the discretion of the user of the device 1000, e.g.,
when deciding to make a purchase. In such a case, the device 1000
may comprise an interface with the user that senses user input and
can detect or decode when a transaction is taking place or is about
to take place.
[0033] In accordance with non-limiting embodiments of the present
invention, when identifying itself, the device 1000 releases a
"signature". Over the course of time, it is assumed that the device
1000 will identify itself to the network entity on at least two
identification occasions, which will result in the release of a
"signature" each time. As will be described in greater detail
herein below, the signatures released on different identification
occasions will be different, but all encode the same identifier
I.sub.D of the device 1000. Changes to the signature can be
effected by the processing entity 1020 which interacts with the
memory 1016.
[0034] To take the specific non-limiting example embodiment of an
RFID environment, reference is now made to FIG. 1, where the
interrogation portion 1010 of the network entity 1002 is
implemented as a reader 12 and where the device 1000 is implemented
as a contactlessly readable tag 14, a non-limiting example of which
is an RFID tag. Communication between the reader 12 and the tag 14
occurs over a contact-less medium 16. In a specific non-limiting
embodiment, the contact-less medium 16 is a wireless medium that
may include a spectrum of radio frequencies. As described earlier,
the tag 14 could be affixed to or integrated with: an item for
sale, transported merchandise, a person's clothing, an animal
(including livestock), a piece of equipment (including
communications equipment such as wireless communications
equipment), a vehicle, an access card and a credit card, to name
jut a few non-limiting examples. For its part, the reader 12 can be
fixed or mobile. In the fixed scenario, the reader 12 could be
located at any desired position within a building, vehicle,
warehouse, campus, etc. In the mobile scenario, the reader 12 could
be implemented in a handheld or portable unit, for example.
[0035] FIG. 2 shows details of the tag 14, in accordance with a
specific non-limiting embodiment of the present invention. The tag
14 comprises a memory 202 (which can be a possible implementation
of the memory 1016), transmit/receive circuitry 204 (including an
antenna), a controller 206 and a power source 208.
[0036] The memory 202 includes a memory element 203 (which can be a
possible implementation of the memory element 1018) that stores the
identifier I.sub.D. In addition, the memory 202 stores a current
signature 212. In addition, the memory 202 may store a program for
execution by the controller 206, including computer-readable
program code for causing the controller 206 to execute various
steps and achieve wide-ranging functionality. In a non-limiting
embodiment, the current signature 212 can take the form of a bit
pattern having a certain number of bits. In accordance with an
embodiment of the present invention, the bit pattern exhibited by
the current signature 212 is dynamic, that is to say the current
signature 212 changes over time.
[0037] The controller 206 executes various functions that allow
communication to take place via the transmit/receive circuitry 204
between the tag 14 and an external reader such as the reader 12. In
what follows, communications will hereinafter be referred to as
occurring with the reader 12 although it will be appreciated that
the tag 14 may communicate similarly with other external readers
that it encounters.
[0038] As part of its functionality, the controller 206 is
operative to retrieve the current signature 212 from the memory 202
and to release the current signature 212 via the transmit/receive
circuitry 204. Alternatively, depending on the computational
capabilities of the controller 206, the controller 206 can be
operative to compute the current signature 212 on demand and to
release via the transmit/receive circuitry 204 the current
signature 212 so computed.
[0039] It is recalled that in this embodiment, the current
signature 212 is dynamic. Accordingly, the controller 206 is
operative to communicate with the memory 202 in order to change the
bit pattern of the current signature 212 stored in the memory 202.
This can be achieved by executing diverse functionality that will
be described in greater detail later on, and which may include
implementing functional elements such as an encryption engine 222,
a counter 230, a pseudo-random number generator 240, a geo-location
module 250 and a clock module 260, among others.
[0040] The configuration of the power source 208 and its
inter-relationship with the controller 206 depend on whether the
tag 14 is categorized as "passive", "active" or somewhere in
between. Specifically, the tag 14 may be designed as "passive",
whereby transmissions of the current signature 212 via the
transmit/receive circuitry 204 are effected in response to
detection of a burst of energy via the transmit/receive circuitry
204, such burst of energy typically coming from the reader 12
issuing a "read request". In this case, the controller 206 only
needs to be powered during the short time period following the
detection of the burst. In fact, the burst itself can charge the
power source 208 for a brief period, enough to allow the controller
206 to cause transmission of the current signature 212 via the
transmit/receive circuitry 204 in response to the read request. The
current signature 212 may be extracted from the memory 202 or it
may be generated on demand, upon receipt of the read request.
[0041] Alternatively, in some embodiments of an "active" tag,
transmissions of the current signature 212 via the transmit/receive
circuitry 204 are similarly effected in response to detection of a
read request via the transmit/receive circuitry 204. In this case,
the availability of the power source 208 allows the controller 206
to transmit the current signature 212 at a longer range than for
passive devices. Certain active tags also have the capability to
switch into a passive mode of operation upon depletion of the power
source 208. In other embodiments of an active tag, transmissions of
the current signature 212 are effected via the transmit/receive
circuitry 204 at instances or intervals that are controlled by the
controller 206. This can be referred to as autonomous (or
unsolicited) issuance of the current signature 212. To this end,
the controller 206 needs to be continuously powered from the power
source 208.
[0042] Active and passive tags may have other features that will be
known to those of skill in the art.
[0043] In still other cases, the power source 208 (either
continually storing a charge or accumulating a sensed charge) can
be connected to the controller 206 via a switch 210, which is
optional. The switch 210 can be toggled between a first state
during which an electrical connection is established between the
power source 208 and the controller 206, and a second state during
which this electrical connection is broken. The switch 210 is
biased in the second state, and can be placed into the first state.
Toggling into the first state can be achieved by a burst of energy
that is sensed at a sensor (not shown) or by use of an activation
element. In various non-limiting embodiments, the activation
element may be a touch-sensitive pad on a surface of the tag 14, or
a mechanical component (e.g., a button). Placing the switch 210
into the first state may also trigger the controller 260 to change
the current signature 212 in the memory 202.
[0044] With reference now to FIG. 3, there is shown conceptually
how the current signature 212 stored in the memory 202 may change
over time. Specifically, different versions of the current
signature 212 (denoted S.sub.A and S.sub.B) are generated by an
encoding function 302 implemented by the controller 206. For
notational convenience, the current signature 212 is used to denote
which of the two signatures S.sub.A, S.sub.B is currently stored in
the memory 202. The encoding function 302 generates the signatures
S.sub.A and S.sub.B by encoding the aforementioned identifier
I.sub.D (which, as will be recalled, is the identifier of the
device 1000, to which is affixed the tag 14 in this example
embodiment) with a respective "additional data set" (denoted
D.sub.A and D.sub.B) at respective time instants (denoted T.sub.A
and T.sub.B). Thus, at T.sub.A, the signature S.sub.A is generated
by encoding the identifier I.sub.D with the additional data set
D.sub.A, whereas at T.sub.B, the signature S.sub.B is generated by
encoding the identifier I.sub.D with the additional data set
D.sub.B. While in this example, two time instants are shown and
described, this is solely for simplicity, and it should be
understood that in actuality, the current signature 212 may change
many times.
[0045] In accordance with a non-limiting embodiment of the present
invention, the additional data sets D.sub.A and D.sub.B are
different, which makes both signatures S.sub.A, S.sub.B different.
In fact, the two signatures S.sub.A, S.sub.B will appear scrambled
relative to one another due to use of the encryption engine 222
within the encoding function 302. More specifically, the signatures
S.sub.A and S.sub.B can be generated from the additional data sets
D.sub.A and D.sub.B in a variety of ways, two of which will be
described herein below.
First Approach
[0046] In a first approach, described with reference to FIG. 4A,
the identifier I.sub.D is encrypted by the encryption engine 222
with a dynamic key--represented by the additional data sets
D.sub.A, D.sub.B themselves, resulting in the two signatures
S.sub.A, S.sub.B. The two signatures S.sub.A, S.sub.B will be
different because the additional data sets D.sub.A, D.sub.B are
different. In fact, they will appear scrambled relative to one
another when observed by someone who has not applied a decryption
process using a counterpart to the keys used by the encryption
engine 222.
[0047] It will be noted that in order to make the first approach
practical, the reader 12 needs to have knowledge of which key
(i.e., which of the additional data sets D.sub.A, D.sub.B) was used
for encryption of a received one of the signatures S.sub.A,
S.sub.B, in order to effect proper decryption and recover the
identifier I.sub.D. For this purpose, in order to assist the reader
12 in identifying the correct key to be used for decryption, and
with reference again to FIG. 2, the current signature 212 may be
accompanied by an index 214 also stored in the memory 202. The
index 214 may point the reader 12 to the correct key to be used.
The reader 12 may have access to a key database (not shown) for
this purpose.
[0048] For example, consider the case where the keys (in this case,
the additional data sets D.sub.A, D.sub.B) correspond to outputs of
the pseudo-random number generator 240 having a seed known a priori
to the tag 14 and to the reader 12. Here, at T.sub.A, the index 214
may indicate the sequential position in the output of the
pseudo-random number generator 240 that corresponds to the
additional data set D.sub.A, while at T.sub.B, the index 214 may
indicate the sequential position in the output of the pseudo-random
number generator 240 that corresponds to the additional data set
D.sub.B. The reader 12 can then easily find the value occupying the
correct sequential position in the output of an identical local
pseudo-random number generator and effect successful decryption of
the received signature (S.sub.A or S.sub.B).
[0049] Alternatively, the keys (in this case, the additional data
sets D.sub.A, D.sub.B) are provided by the reader 12. This can be
done where the reader 12 (or an entity associated therewith)
decides that a change in the current signature 212 is required. As
a variant, the reader 12 may issue a trigger which, when received
by the controller 206, causes the controller 206 to effect a change
in the current signature 212. In such cases, changes to the key
(and thus to the current signature 212) are effected by the
controller 206 in response to triggers received from the reader
12.
Second Approach
[0050] For other applications, the approach of FIG. 4B may be
useful. Here, the identifier I.sub.D is augmented with differing
scrambling codes (denoted C.sub.A and C.sub.B), and then encrypted
by the encryption engine 222 with a common key (denoted K), thus
producing the two signatures S.sub.A, S.sub.B. The "additional data
set" D.sub.A used for encryption at T.sub.A is therefore composed
of the key K and the scrambling code C.sub.A, while the "additional
data set" D.sub.B used for encryption at T.sub.B is composed of the
same key K and the scrambling code C.sub.B. The encryption process
can be designed so that small differences (in terms of the number
of bits where there is a difference) between the scrambling codes
C.sub.A and C.sub.B will cause large differences (in terms of the
number of bits where there is a difference) in the resultant
signatures S.sub.A and S.sub.B. Thus, the scrambling codes C.sub.A,
C.sub.B have the effect of scrambling (i.e., randomizing) the
resultant signatures S.sub.A, S.sub.B.
[0051] The controller 206 is responsible for determining which
scrambling code is to be used to generate a particular signature at
a particular time instant. The current version of the scrambling
code can be stored in the memory 202 and is denoted 220 for
convenience. It will be appreciated based on the above description
that the scrambling code C.sub.A corresponds to the current
scrambling code 220 at T.sub.A and that the scrambling code C.sub.B
corresponds to the current scrambling code 220 at T.sub.B.
[0052] Continuing with the second approach, several classes of
embodiments are contemplated for changing the current scrambling
code 220. In a first class of embodiments relevant to the approach
of FIG. 4B, the current scrambling code 220 is changed in a way
that can be predicted by the reader 12, that is to say, where the
reader 12 (or an entity associated therewith) has knowledge of how
each successive scrambling code is generated.
[0053] For example, the current scrambling code 220 can be changed
each time (or, generally, each N.sup.th time where N.gtoreq.1) that
the controller 206 receives a read request or releases the current
signature 212 in response to a read request. This can ensure that
the current signature 212 is different each N.sup.th time that the
controller 206 receives a read request. Alternatively, the current
scrambling code 220 is changed every the current scrambling code
220 can be changed every set period of time (ex. every N seconds,
minutes, hours, days, etc.). The variations in the current
scrambling code 220 may governed in a variety of ways that are
predictable to the reader 12. For example, the controller 206 may
implement a counter 230, whose output is incremented (by a step
size that can equal unity or can be negative, for example) after
each N.sup.th time that the controller 206 responds to a read
request received from a nearby reader (or each N seconds, etc.). If
the current scrambling code 220 is set to correspond to the current
output of the counter 230, then the scrambling codes C.sub.A,
C.sub.B used to generate the two signatures S.sub.A, S.sub.B will
differ by the step size.
[0054] Alternatively, the controller 206 may implement the
aforesaid pseudo-random number generator 240, which produces an
output that depends on one or more previous values of the output
and on a seed. If the current scrambling code 220 is set to
correspond to the current output of the pseudo-random number
generator 240, then the scrambling codes C.sub.A, C.sub.B used to
generate the two signatures S.sub.A, S.sub.B will differ in
accordance with the characteristics of the pseudo-random number
generator 240.
[0055] Other variants will become apparent to those of skill in the
art without departing from the scope of the present invention.
[0056] In a second class of embodiments relevant to the approach of
FIG. 4B, the additional data sets D.sub.A, D.sub.B are not only
predicted by the reader 12 but are actually controlled by the
reader 12. This can be useful where the reader 12 (or an entity
associated therewith) decides that a change in the current
signature 212 is required. Alternatively, and recognizing that the
key K is common to both of the additional data sets D.sub.A,
D.sub.B, the reader 12 could supply the unique portions of the
additional data sets D.sub.A, D.sub.B, namely the scrambling codes
C.sub.A, C.sub.B.
[0057] As a variant, the reader 12 may simply issue a trigger
which, when received by the controller 206, causes the controller
206 to effect a change in the current signature 212. In such cases,
changes to the current signature 212 are effected by the controller
206 in response to triggers received from the reader 12.
[0058] In a third class of embodiments relevant to the approach of
FIG. 4B, it may be desired to change the signatures S.sub.A,
S.sub.B in a stochastic way, that is to say, without the need to
follow an underlying pattern that could be predicted by the reader
12.
[0059] For example, the controller 206 may implement the
aforementioned geo-location module 250, which is configured to
output a current spatial position of the tag 14 or of an item,
person, vehicle, etc., to which it is affixed. If the current
scrambling code 220 is set to correspond to the current output of
the geo-location module 250, then the scrambling codes C.sub.A,
C.sub.B used to generate the two signatures S.sub.A, S.sub.B will
differ in a stochastic fashion.
[0060] Alternatively, the controller 206 may implement a clock
module 260, which is configured to determine a current time. If the
current scrambling code 220 is set to correspond to a value
measured by the clock module 260 (e.g., number of milliseconds
elapsed since midnight of the day before), then the scrambling
codes C.sub.A, C.sub.B used to generate the two signatures S.sub.A,
S.sub.B will differ in a stochastic fashion.
[0061] Although the foregoing description has focused on a
non-limiting example wherein the device 1000 bore the tag 14,
wherein the interrogation portion 1010 of the network entity 1002
consisted of the reader 12 and the communication pathway 1014 was a
wireless medium, it should be apparent to persons of skill in the
art that there exist many other embodiments of the present
invention with application to a wide variety of other scenarios, as
has been mentioned earlier.
[0062] In view of the above, it should thus be appreciated that a
common identifier of the device 1000 is encoded within a plurality
of signatures that vary over time for the same device 1000. This
identifier can be extracted by the network entity 1002 (either the
interrogation portion 1010 or the processing portion 1012, as
applicable) by utilizing the appropriate key for decryption. This
allows the network entity 1002 to perform a variety of functions,
including but not limited to validation of the identifier based on
the signature and/or the scrambling code (hereinafter "scenario
(I)") and/or an action related to identification, based on the
identifier (hereinafter, "scenario (II)"). Both of these scenarios,
which are not mutually exclusive, are now described in some detail,
again in the specific non-limiting example embodiment of an RFID
environment.
[0063] In scenario (I), a dynamic scrambling code is used in the
generation of a signature that continually encodes the same
identifier, and it is of interest to recover the current scrambling
code to detect a potential instance of tag cloning. Accordingly,
with reference to FIG. 6A, there is shown a system that is similar
to the system of FIG. 1. In addition, the system of FIG. 6A
comprises a processing entity 610 that implements a validation
operation, as will be described herein below. In various
embodiments, the processing entity 610 referred to above may be
connected to the reader 12, or it may be a remote entity. Such a
remote entity may be reachable over a network, or it may be
integrated with the reader 12. Thus, the processing entity 610 may
be part of the network entity 1002 or, more specifically, part of
the processing portion 1012.
[0064] The system of FIG. 6A also includes a storage entity, such
as a database 602, that is accessible to the processing entity 610
and stores a plurality of records 604, each associated with a
respective identifier. For the purposes of the present example, one
can consider that each identifier for which there exists a record
in the database 602 is indicative of a privilege to access certain
property or make certain transactions, although other scenarios are
possible without departing from the scope of the present
invention.
[0065] In accordance with one embodiment of the present invention,
each of the records 604 also comprises a field 606 indicative of
zero or more scrambling codes 608 that were encoded in signatures
which were previously received and which encoded the respective
identifier for that record. Thus, receipt of a particular signature
that encodes the identifier in a given one of the records 604 as
well as one of the scrambling code(s) 608 stored in the
corresponding field 606 will indicate that the particular signature
has been previously received and therefore its instant receipt may
be indicative that a cloning attempt has been made.
[0066] More specifically, with reference to the flowchart in FIG.
7A, consider what happens following step 710 when a signature
S.sub.X is received at a particular time instant by the reader 12.
At the time of receipt, whether the signature S.sub.X encodes any
particular identifier or scrambling code is unknown to the reader
12. At step 730, an attempt to decrypt the signature S.sub.X is
made by the processing entity 610 using a decryption key K.sub.X.
The decryption key K.sub.X may be known in advance to the
processing entity 610. Alternatively, as shown in step 720, the
signature S.sub.X may be accompanied by an index that allows the
processing entity 610 to determine the appropriate decryption key
K.sub.X. The result of the decryption attempt at step 730 is a
candidate identifier I.sub.X and a candidate scrambling code,
denoted C.sub.X.
[0067] At step 740, the processing entity 610 consults the database
602 based on the candidate identifier I.sub.X in an attempt to
identify a corresponding record and extract therefrom a list of
scrambling code(s) that have been received in the past in
association with the candidate identifier I.sub.X. For the purposes
of the present example, it is useful to assume that such a record
exists (i.e., the "YES" branch is taken out of step 740), but if
there is no such record, this may indicate that there is a
high-level failure requiring further action. At step 750, the
processing entity 610 compares the candidate scrambling code
C.sub.X to the scrambling code(s) 608 in the field 606 of the
record identified at step 740 and corresponding to identifier
I.sub.X.
[0068] If there is a match, this indicates that the scrambling code
C.sub.X has been used in the past in association with the
identifier I.sub.X. Under certain conditions, this may lead the
processing entity 610 to conclude that the validation operation was
unsuccessful.
[0069] For example, if the signature S.sub.X was expected to change
at least as often as every time that the tag on which it is stored
was read, then the fact that the scrambling code C.sub.X matches
one of the scrambling code(s) 608 stored in the field 606 of the
record corresponding to identifier I.sub.X may lead the processing
entity 610 to conclude that the validation operation was
unsuccessful. Alternatively, if the signature S.sub.X was expected
to change every N.sup.th time that the tag on which it is stored
was read, then the processing entity 610 may look at how many of
the scrambling code(s) 608 stored in the field 606 of the record
corresponding to identifier I.sub.X correspond to the scrambling
code C.sub.X, and if this number is greater than or equal to N,
this may lead the processing entity 610 to conclude that the
validation operation was unsuccessful. Alternatively still, if the
signature S.sub.X was expected to change at least as often as every
N seconds etc., then the processing entity 610 may look at how long
ago it has been since a matching one of the scrambling code(s) 608
was first stored in the field 606 of the record corresponding to
identifier I.sub.X, and if this time interval is greater than or
equal to a pre-determined number of seconds, minutes, hours, days,
etc., this may lead the processing entity 610 to conclude that the
validation operation was unsuccessful.
[0070] Where a conclusion is reached that the validation operation
was unsuccessful, the privilege to access the property or make
transactions may be revoked or at least questioned on the basis of
suspected tag cloning.
[0071] On the other hand, if there is no match between the
scrambling code C.sub.X and any of the scrambling code(s) 608
stored in the field 606 of the record corresponding to identifier
I.sub.X, this may lead the processing entity 610 to conclude that
the validation operation was potentially successful. In such a
case, the default privilege to access the property or make
transactions may be granted (or at least not revoked on the basis
of suspected tag cloning).
[0072] In accordance with an alternative embodiment of the present
invention, the field 606 in the record associated with each
particular identifier may be indicative of an "expected" scrambling
code, i.e., the scrambling code that should (under valid
circumstances) be encoded in a signature received from a tag that
encodes the particular identifier. Alternatively, the field 606 in
the record associated with each particular identifier may be
indicative of an "expected" signature, i.e., the signature that
should (under valid circumstances) be received from a tag that
encodes the particular identifier. Thus, upon receipt of the
signature S.sub.X, if it is found to correspond to the expected
signature (or if the scrambling code C.sub.X is found to correspond
to the expected scrambling code), this may lead the processing
entity 610 to conclude that the validation operation was
potentially successful. On the other hand, if there is no match
between the signature S.sub.X and the expected signature stored in
the database 602 (or between the scrambling code C.sub.X and the
expected scrambling code), this may lead the processing entity 610
to conclude that the validation operation was unsuccessful.
[0073] It should be appreciated that in the above alternative
embodiments, the processing entity 610 may obtain knowledge of the
expected scrambling code or the expected signature by implementing
plural pseudo-random number generators for each of the identifiers,
analogous to the pseudo-random number generator 240 implemented by
the controller 206 in a given tag 14, which produces an output that
depends on one or more previous values of the output and on a seed.
Thus, the next output of the pseudo-random number generator
implemented by the processing entity 610 for a given identifier
allows the processing entity 610 to predict the scrambling code (or
the signature) that should be received from a tag legitimately
encoding the given identifier. In another embodiment, the
processing entity 610 may know what is the expected scrambling
code/signature because it has instructed the reader 12 to cause
this expected scrambling code/signature to be stored in the memory
of the tag.
[0074] In accordance with an alternative embodiment of the present
invention, the database 602 simply comprises a running list of all
signatures that have been received in the past. Thus, upon receipt
of the signature S.sub.X, if it is found to correspond to one of
the signatures on the list, this may lead the processing entity 610
to conclude that the validation operation was unsuccessful. On the
other hand, if there is no match between the signature S.sub.X and
any of the signatures stored in the database 602, this may lead the
processing entity 610 to conclude that the validation operation was
potentially successful (or at least not unsuccessful).
[0075] It should also be appreciated that having obtained the
identifier I.sub.X, the processing entity 610 may also perform an
action related to identification of an item, vehicle, person, etc.,
associated with the particular tag that encoded the identifier
I.sub.X.
[0076] In a first example of an action related to identification,
the processing entity 610 may simply note the fact that the item,
vehicle, person, etc. (bearing the identifier I.sub.X) was
encountered in a vicinity of the reader 12. This information may be
stored in a database (not shown) or sent as a message, for example.
In an inventory management scenario, the processing entity 610 may
consult an inventory list and "check off" the inventory item as
having been located, or may signal that the presence of a spurious
inventory item (i.e., one that is not on the inventory list) has
been detected.
[0077] In another example of an action related to identification,
the processing entity 610 may consult another database (not shown)
in order to ascertain whether the identifier is on a list of
identifiers associated with individuals/objects permitted to
access, or prohibited from accessing, certain property. Examples of
property include, without limitation: computing equipment, a
computer network, a building, a portion of a building, an entrance,
an exit and a vehicle.
[0078] In another example of an action related to identification,
the processing entity 610 may consult another database (not shown)
in order to ascertain whether the identifier is on a list of
identifiers associated with individuals permitted to effect, or
prohibited from effecting, a transaction, which could be a
financial transaction or a login to controlled online content, for
example.
[0079] FIG. 7B shows a variant where multiple keys are possible but
no index (or one that does not permit identification of the
appropriate decryption key) is provided along with the signature
S.sub.X. Specifically, taking the "NO" branch after step 750 does
not conclude the validation operation. Rather, the validation
operation goes through step 770 where a next key is selected and
then the validation operation returns to step 730, whereby steps
730 through 770 are re-executed until the earlier occurrence of (i)
taking the "YES" branch at step 750 and (ii) exhaustion of all
keys, which can result in the equivalent of taking the "NO" branch
out of 740 (i.e., this may indicate that there is a high-level
failure requiring further action).
[0080] It should be appreciated that in the above embodiments,
encryption and decryption can be effected using various techniques
known in the art, including encryption using a symmetric key, an
asymmetric key pair, a public/private key pair, etc., as well as in
accordance with a variety of algorithms and protocols For example,
RSA and ECC are suitable examples of asymmetric encryption
algorithms, while AES, DES, and Blowfish are suitable examples of
symmetric algorithms. Still other possibilities exist and are
within the scope of the present invention.
[0081] In the above example with reference to FIGS. 6A, 7A and 7B,
although a single reader was described and illustrated, it should
be appreciated that it is within the scope of the present invention
to provide a multi-reader architecture, as shown in FIG. 6B. A
plurality of readers 662 are connected to each other and to a
centralized control entity 660 by a network 680, which can be a
public packet-switched network, a VLAN, a set of point-to-point
links, etc. In such a case, the centralized control entity 660
(e.g., a network controller) can implement the combined
functionality of each individual processing entity 610, including
decryption and validation. To this end, the centralized control
entity 660 maintains a master database 670, which includes the
equivalent of a consolidated version of various instances of the
database 602 previously described as being associated with the
reader 12 in the single-reader scenario.
[0082] Thus, decryption and validation can be performed entirely in
the centralized control entity 660. Alternatively, certain
functionality (such as decryption) can be performed by the readers
662 while other functionality (such as validation) can be performed
by the centralized control entity 660. Still alternatively, the
processing entities 610 can inter-operate amongst themselves in the
absence of the centralized entity 660, thereby to implement
decryption on a local basis, and the validation operation in a
joint fashion. In such a distributed scenario, the master database
670 can still be used, or the processing entities 610 can
communicate with one another to share information in their
respective databases 602.
[0083] In scenario (II), a dynamic key is used in the generation of
a signature that encodes a constant identifier, and it is of
interest to recover the underlying identifier despite the
time-varying key. Accordingly, with reference now to FIG. 8, there
is shown a system that is similar to the system of FIG. 1. In
addition, the system of FIG. 8 comprises a processing entity 810
that implements an identification operation, as will be described
herein below. The processing entity 810 may be connected to the
reader 12, or it may be a remote entity. Such a remote entity may
be reachable over a network, or it may be integrated with the
reader 12. Thus, the processing entity 810 may be part of the
network entity 1002 or, more specifically, part of the processing
portion 1012. It should be understood that the system in FIG. 8 is
being shown separately from the system in FIG. 6; however, it is
within the scope of the present invention to combine the
functionality of both systems.
[0084] With reference to the flowchart in FIG. 9, consider what
happens following step 910 when a signature S.sub.Y is received
from a particular tag at a particular time instant by the reader
12. The signature S.sub.Y is assumed to have been generated by
encrypting an identifier I.sub.Y using an encryption key that
varies in a dynamic fashion. To this end, the particular tag may
have generated the dynamic encryption key based on, for example:
[0085] the output of the aforementioned clock module 260 (e.g., in
terms of seconds, minutes or hours of elapsed time since an event
known also to the processing entity 810); [0086] the output of the
aforementioned geo-location module 250; [0087] an index; [0088] a
seed for use by a pseudo-random number generator.
[0089] Still other possibilities are within the scope of the
present invention. The decryption key can then be determined based
on the above quantity. For example, the decryption key could be the
above-mentioned output of the clock module or the geo-location
module. Alternatively, the encryption key could be the output of a
table or a pseudo-random number generator (both known to the
processing entity 810) based on the above-mentioned seed, or at a
position that corresponds to the above-mentioned index. In the
latter case, the index or seed can be supplied along with the
signature S.sub.Y.
[0090] In accordance with the present embodiment, once the
signature S.sub.Y is read by the reader 12, the processing entity
810 is expected to determine the appropriate decryption key,
denoted K.sub.Y. Accordingly, at step 930, the processing entity
810 first determines a dynamic parameter that will allow the
decryption key K.sub.Y to be determined. Examples of the dynamic
parameter include: [0091] the output of a clock module (which
attempts to emulate the aforementioned clock module 260) at the
time of receipt of the signature S.sub.Y (e.g., in terms of
seconds, minutes or hours of elapsed time since a known event);
[0092] the output of a geo-location module (which can be similar to
the aforementioned geo-location module 250); [0093] the index or
seed provided along with the signature S.sub.Y.
[0094] Next, at step 940, the processing entity 810 obtains the
decryption key K.sub.Y based on the dynamic parameter determined at
step 930. For example, where the dynamic parameter corresponds to
the output of a clock module or a geo-location module, the
decryption key K.sub.Y could be the dynamic parameter itself.
Alternatively, where the dynamic parameter is an index or a seed,
the decryption key K.sub.Y could be the output of the
aforementioned table or pseudo-random number generator known to the
processing entity 810, at a position that corresponds to the
received index, or using the received seed.
[0095] Once the decryption key has been obtained, the signature
S.sub.Y is decrypted at step 950 using the decryption key. This
leads to extraction of the identifier I.sub.Y. It is noted that a
scrambling code was not required in this embodiment, although its
use is not disallowed.
[0096] Having obtained the identifier I.sub.Y, the processing
entity 810 proceeds to step 960, where it performs an action
related to identification of an item, vehicle, person, etc.,
associated with the particular tag that encoded the identifier
I.sub.Y.
[0097] In a first example of an action related to identification,
the processing entity 810 may simply note the fact that the item,
vehicle, person, etc. (bearing the identifier I.sub.Y) was
encountered in a vicinity of the reader 12. This information may be
stored in a database (not shown) or sent as a message, for example.
In an inventory management scenario, the processing entity 810 may
consult an inventory list and "check off" the inventory item as
having been located, or may signal that the presence of a spurious
inventory item (i.e., one that is not on the inventory list) has
been detected.
[0098] In another example of an action related to identification,
the processing entity 810 may consult another database (not shown)
in order to ascertain whether the identifier is on a list of
identifiers associated with individuals/objects permitted to
access, or prohibited from accessing, certain property. Examples of
property include, without limitation: computing equipment, a
computer network, a building, a building, a portion of a building,
an entrance, an exit and a vehicle.
[0099] In yet another example of an action related to
identification, the processing entity 810 may consult another
database (not shown) in order to ascertain whether the identifier
is on a list of identifiers associated with individuals permitted
to effect, or prohibited from effecting, a transaction, which could
be a financial transaction or a login to controlled online content,
for example.
[0100] It should be appreciated that the processing entity 810 may
also perform an action related to validation of the identifier
I.sub.Y in conjunction with the above action related to
identification. Specifically, in accordance with one embodiment of
the present invention, the processing entity may consult a variant
of the aforementioned database 602, where each of the records 604
now includes a field indicative of zero or more signatures which
were previously received and which encoded the respective
identifier for that record. Thus, receipt of a particular signature
that encodes the identifier in a given one of the records 604 as
well as one of the signature(s) stored in the corresponding field
will indicate that the particular signature has been previously
received and therefore its instant receipt may be indicative that a
cloning attempt has been made.
[0101] In the above example with reference to FIGS. 8 and 9,
although a single reader was described and illustrated, it should
be appreciated that it is within the scope of the present invention
to provide a multi-reader architecture, as in FIG. 6B.
[0102] It should also be understood that the foregoing detailed
description focused on a non-limiting example wherein the device
1000 bore the tag 14, wherein the interrogation portion 1010 of the
network entity 1002 consisted of the reader 12 and the
communication pathway 1014 was a wireless medium. However, it
should be apparent to persons of skill in the art that there exist
many other embodiments of the present invention with application to
a wide variety of other scenarios, as has been mentioned
earlier.
[0103] Also, those skilled in the art will appreciate that in some
embodiments, the functionality of any or all of the processing
entity 610, the processing entity 810, the reader 12, the readers
662, the network entity 1002 (including the interrogation portion
1010 and the processing portion 1012) and the processing entity
1020 may be implemented using pre-programmed hardware or firmware
elements (e.g., application specific integrated circuits (ASICs),
electrically erasable programmable read-only memories (EEPROMs),
etc.), or other related components. In other embodiments, the
functionality of the entity in question may be achieved using a
computing apparatus that has access to a code memory (not shown)
which stores computer-readable program code for operation of the
computing apparatus, in which case the computer-readable program
code could be stored on a medium which is fixed, tangible and
readable directly by the entity in question (e.g., removable
diskette, CD-ROM, ROM, fixed disk, USB drive), or the
computer-readable program code could be stored remotely but
transmittable to the entity in question via a modem or other
interface device (e.g., a communications adapter) connected to a
network (including, without limitation, the Internet) over a
transmission medium, which may be either a non-wireless medium
(e.g., optical or analog communications lines) or a wireless medium
(e.g., microwave, infrared or other transmission schemes) or a
combination thereof.
[0104] While specific embodiments of the present invention have
been described and illustrated, it will be apparent to those
skilled in the art that numerous modifications and variations can
be made without departing from the scope of the invention as
defined in the appended claims.
* * * * *