Method for Authenticating and Securing Transactions Using RF Communication

Abstract

A system is provided for authenticating and securing product transactions. An integrated circuit is attached to a target, such as an optical disc or electronic device. The integrated circuit has an RF transceiver that is capable of establishing communication with an associated reading device. The integrated circuit also has a hidden memory, which can not be read externally, and a user memory. The hidden memory stores an authentication message, while the user memory stores readable authentication information. The hidden authentication message and the authentication information are related through a cryptographic process. However, even though the integrated circuit benefits from the cryptographic security, the integrated circuit only operates relatively simple logic operations. In this way, a highly secure transaction is enabled without requiring significant processing power or time at the integrated circuit. When the integrated circuit is placed near the reader, the reader reads the authentication information, and with the cooperation of a network operation center, uses the authentication information to derive an activation code. The reader passes the activation code to the integrated circuit, which compares the activation code to its hidden activation message. If they have a proper relationship, the communication has been authenticated, and the integrated circuit proceeds to perform an action.

Description

RELATED APPLICATIONS [0001] This application claims priority to U.S. patent application No. 60 / 697,108, filed Jul. 6, 2005, and entitled “Method for Securing Actions at a Target”, which is incorporated herein in its entirety.BACKGROUND [0002] 1. Field [0003] The present invention relates to circuits and processes for authenticating and securing a transaction. More particularly, the invention relates to circuits and processes that enable a secure transaction responsive to interrogating an integrated circuit using an RF communication path. [0004] 2. Description of Related Art [0005] The manufacturer or distributor of physical goods faces difficult problems in efficiently managing the distribution chain. The distribution chain, which may include distributors, shippers, warehousers, and retailers, each form an important link in bringing products to consumers. The manufacturer relies on the integrity of its distributors and retailers to assure that products are properly sold or otherwise...

AI Technical Summary

Benefits of technology

[0009] Briefly, the present invention provides a system for authenticating and securing product transactions. An integrated circuit is attached to a target, such as an optical disc or electronic device. The integrated circuit has an RF transceiver that is capable of establishing communication with an associated reading device. The integrated circuit also has a hidden memory, which can not be read externally, and a user memory. The hidden memory stores an authentication message, while the user memory stores readable authentication information. The hidden authentication message and the authentication information are related through a cryptographic process. However, even though the integrated circuit benefits from the cryptographic security, the integrated circuit only operates relatively simple logic operations. In this way, a highly secure transaction is enabled without requiring significant processing power or time at the integrated circuit. When the integrated circuit is placed near the reader, the reader reads the authentication information, and with the cooperation of a network operation center, uses the authentication information to derive an activation code. The reader passes the activation code to the integrated circuit, which compares the activation code to its hidden activation message. If they have a proper relationship, the communication has been authenticated, and the integrated circuit proceeds to perform an action.

[0010] In one example, a random plaintext number is stored as the hidden authentication message, and the user memory has authentication information that includes an identifier, as well as an encrypted version of the plaintext number. When the integrated circuit is placed near a reader, the reader reads the authentication information, which is sent to a network operation center. The network operation center uses the identification information to retrieve a decryption key, and uses the key to decrypt the encrypted message to derive the plaintext number. The plaintext number is sent to the reader, which communicates it to the integrated circuit. The integrated circuit does a simple logical compare between the received number and the hidden number, and if they match, the integrated circuit proceeds to perform an action. The action may be, for example, activating or deactivating the product the circuit is attached to. The hidden authentication message and the authentication information are related through a cryptographic process. In this example, the integrated circuit benefits from the cryptographic security, even though the integrated circuit only operates a relatively simple logic operation. In this way, a highly secure transaction is enabled without requiring significant processing power or time at the integrated circuit.

[0011] In another example, an authentication code is stored as the hidden authentication message, and the user memory has authentication information that includes identifiers, as well as a public key that can be used to recreate the authentication code. When the integrated circuit is placed near a reader, the reader reads the authentication information, which is sent to a network operation center. The network operation center uses the identification information to retrieve a private key, and uses the public key, private key and other authentication information generate the authentication code. The authentication code is sent to the reader, which communicates it to the integrated circuit. The integrated circuit does a simple logical compare between the received code and the hidden code, and if they match, the integrated circuit proceeds to perform an action. The action may be, for example, activating or deactivating the product it is attached to. The hidden authentication message and the authentication information are related through a cryptographic process. In this example, the integrated circuit benefits from the cryptographic security, even though the integrated circuit only operates a relatively simple logic operation. In this way, a highly secure transaction is enabled without requiring significant processing power or time at the integrated circuit.

[0013] Advantageously, the present invention enables a highly secure and authenticated transaction, even when the authorizing circuit is operating in a low-power, low processing capability environment. This means that an RFID tag or other RF-enabled integrated circuit may be used to communicate sensitive information, and become an integral part of a secure transaction process. This enables an RF-enabled circuit to perform secured actions, thereby allowing manufacturers to enforce distribution and use rules

Problems solved by technology

The manufacturer or distributor of physical goods faces difficult problems in efficiently managing the distribution chain.

Unfortunately, the distribution chain is often improperly managed, resulting in an ineffective path to market for the manufacturer's products.

For example, products may be misappropriated by a corrupt distributor, by employees of the retailer, or by consumers.

However, some retailers may try to avoid a manufacturer's distribution rules, and sell outside their designated market, or purchase products from an unauthorized source.

However, the information stored on the RFID tag may be easily retrieved by commercially available readers, so can not be used to convey any sensitive information.

Further, the tag and its circuit operate on the very limited power the circuit is able to derive from the RF signal, and must complete its operation as its being moved across a reader's RF field.

This means that only limited computation can be performed due to power and time limitations, and that only a limited number of values can be communicated during the brief time the tag is energized.

Accordingly, the tag's circuit is incapable of performing any meaningful encryption or decryption processes.

In this way, the advances made in cryptography are not available to assist in securing tag-reader transactions.

Since the tag's information is subject to unauthorized access, no critical or vital information may be stored, thereby limiting the usefulness of the RFID system.

However, even though the integrated circuit benefits from the cryptographic security, the integrated circuit only operates relatively simple logic operations.

The key combinations, when combined with additional meaningful information, produce a limited set of authentication messages.

Images