US20090240946A1 - Dynamic identifier for use in identification of a device - Google Patents

Dynamic identifier for use in identification of a device Download PDF

Info

Publication number
US20090240946A1
US20090240946A1 US12/343,187 US34318708A US2009240946A1 US 20090240946 A1 US20090240946 A1 US 20090240946A1 US 34318708 A US34318708 A US 34318708A US 2009240946 A1 US2009240946 A1 US 2009240946A1
Authority
US
United States
Prior art keywords
signature
identifier
additional data
method defined
signatures
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/343,187
Inventor
Tet Hin Yeap
William G. O'Brien
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BCE Inc
Original Assignee
BCE Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BCE Inc filed Critical BCE Inc
Publication of US20090240946A1 publication Critical patent/US20090240946A1/en
Assigned to BCE INC. reassignment BCE INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: YEAP, TET HIN, O'BRIEN, WILLIAM G.
Priority to EP09180219A priority Critical patent/EP2200218A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • G06Q10/087Inventory or stock management, e.g. order filling, procurement or balancing against orders
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • G06F21/43User authentication using separate channels for security data wireless channels
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0846Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/47Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules

Definitions

  • the present invention relates generally to communication over a network and, more specifically, to a method for identification of a device when communicating with a network entity over the network.
  • devices involved in those applications need to be identified.
  • Devices are typically assigned an identifier for such purposes.
  • the device transmits its assigned identifier to a network entity, which takes a decision as to whether the device (or a user thereof) is authorized to access a physical resource, view online content, utilize funds, etc.
  • At least a portion of the pathway between a given device and the network entity might not be secure.
  • RFID, Bluetooth, WiFi, WiMax, Internet all present potential security risks whereby a malicious individual could detect and copy identifiers transmitted by the given device. Once the malicious individual gains knowledge of the given device's identifier, it is possible that he or she can simulate the given device and potentially gain access to a secured resource facility or vehicle, conduct unauthorized payments, impersonate the given device, etc.
  • a method for execution by a device which comprises: generating a first signature by encrypting an identifier of the device together with first additional data; generating a second signature by encrypting the identifier of the device together with second additional data that is different from the first additional data; releasing the first signature to identify the device on a first occasion; and releasing the second signature to identify the device on a second occasion.
  • a computer-readable storage medium comprising a set of computer-readable instructions for execution by a device, wherein execution of the set of instructions by the device causes the device to execute a method that includes: generating a first signature by encrypting an identifier of the device together with first additional data; generating a second signature by encrypting the identifier of the device together with second additional data that is different from the first additional data; releasing the first signature to identify the device on a first occasion; and releasing the second signature to identify the device on a second occasion.
  • a device which comprises: a memory storing an identifier of the device; a processing entity configured to generate a plurality of different signatures encoding the identifier and to store the signatures in the memory; and a transmit/receive entity configured to identify the device on respective occasions by releasing individual ones of the signatures.
  • FIG. 1 is a block diagram of a system comprising a reader and a tag, in accordance with a non-limiting embodiment of the present invention.
  • FIG. 2 is a block diagram showing details of the tag, in accordance with a non-limiting embodiment of the present invention.
  • FIG. 3 illustrates a decoding function implemented by a controller in the tag, for generation of a signature at two points in time.
  • FIGS. 4A and 4B depict two possible functional architectures for generation of a signature.
  • FIG. 5 is a block diagram of a system comprising a device in communication with a network entity.
  • FIG. 6A shows application of a non-limiting embodiment of the present invention in a validation context.
  • FIG. 6B is a block diagram of a multi-reader architecture, in accordance with a non-limiting embodiment of the present invention.
  • FIG. 7A is a flowchart showing operation of a processing entity of FIG. 6 when considering tags whose signatures encode a variable scrambling code and that are encrypted using a common key that is known to the reader or can be determined from an index supplied with the signature.
  • FIG. 7B is a flowchart similar to that of FIG. 7A , but where the common key is unknown to the reader.
  • FIG. 8 shows application of a non-limiting embodiment of the present invention in an identification context when considering tags whose signatures are encrypted using a variable key.
  • FIG. 9 is a flowchart showing operation of a processing entity of FIG. 8 when considering tags whose signatures are encrypted using a variable key.
  • the resource 1004 can be any desired resource to which the device 1000 (or a user thereof) may wish to gain access.
  • Non-limiting examples of the resource 1004 include real property (e.g., computing equipment, a computer network, a building, a portion of a building, an entrance, an exit, a vehicle, etc.), online property (e.g., access to a network such as the Internet or a virtual private network, a user account on a website, etc.) and financial property (e.g., a credit card account, bank account, utility company account, etc.).
  • real property e.g., computing equipment, a computer network, a building, a portion of a building, an entrance, an exit, a vehicle, etc.
  • online property e.g., access to a network such as the Internet or a virtual private network, a user account on a website, etc.
  • financial property e.g., a credit card account, bank account, utility company account, etc.
  • the network entity 1002 may in some embodiments comprise an interrogation portion 1010 and a processing portion 1012 .
  • the interrogation portion 1010 may take the form of an RFID reader, a server, a modem, a WiFi node, a WiMax node, a base station, an infrared/Bluetooth receiver, etc.
  • the interrogation portion 1010 communicates with the network device 1002 over a communication pathway 1014 .
  • the communication pathway 1014 may traverse the Internet.
  • the communication pathway 1014 may traverse the public switched telephone network (PSTN).
  • PSTN public switched telephone network
  • the communication pathway 1014 may include one or more portions, any one or more of which may physically consist of one or more of a wireless, guided optical or wired link.
  • Non-limiting examples of a wireless link include a radio frequency link and a free-space optical link, which may be established using any suitable protocol, including but not limited to RFID, Bluetooth, WiFi, WiMax, etc. Furthermore, the wireless link may be fixed wireless or mobile wireless, to name but two non-limiting possibilities.
  • the processing portion 1012 of the network entity 1002 is in communication with the interrogation portion 1010 and obtains therefrom data obtained as a result of interaction with the device 1000 .
  • the processing portion 1012 has the ability to process the data obtained by the interrogation portion 1010 and to determine whether or not to grant access to the resource 1004 .
  • the device 1000 can be any suitable device that is susceptible of being used to access the resource 1004 .
  • the device may take the form of a contactlessly readable tag (e.g., an RFID tag) that can be affixed to or integrated with: an item for sale, transported merchandise, a person's clothing, an animal (including livestock), a piece of equipment (including communications equipment such as wireless communications equipment), a vehicle, an access card and a credit card, to name jut a few non-limiting examples.
  • a contactlessly readable tag e.g., an RFID tag
  • the device 1000 may take the form of a communication device (e.g., a mobile telephone (including smart phones and networked personal digital assistants), a computer (e.g., desktop or laptop), a modem, a network adapter, a network interface card (NIC), etc.).
  • a communication device e.g., a mobile telephone (including smart phones and networked personal digital assistants), a computer (e.g., desktop or laptop), a modem, a network adapter, a network interface card (NIC), etc.
  • a communication device e.g., a mobile telephone (including smart phones and networked personal digital assistants), a computer (e.g., desktop or laptop), a modem, a network adapter, a network interface card (NIC), etc.).
  • NIC network interface card
  • the device 1000 comprises a memory 1016 and a processing entity 1020 (e.g., a microcontroller) that is coupled to the memory 1020 .
  • the processing entity 1020 has the ability to execute computer-readable instructions stored in the memory 1016 which, upon execution, result in the device 1000 implementing a desired process or application.
  • the application is a software application, such as a telephony or banking application, to give but two non-limiting examples.
  • the memory 1016 includes a memory element 1018 that stores an identifier I D of the device 1000 .
  • the identifier may be configured differently.
  • the identifier I D may be an identifier specifically used in RFID tags and may encode information such as, without limitation, a serial number, a universal product code (UPC), a vehicle registration number (VIN), an account number and a customized identifier.
  • UPC universal product code
  • VIN vehicle registration number
  • a customized identifier such as, without limitation, a serial number, a universal product code (UPC), a vehicle registration number (VIN), an account number and a customized identifier.
  • the identifier I D may be an electronic serial number of the mobile telephone.
  • the identifier I D may be a manufacturer-assigned identifier associated with the communication device.
  • a suitable identifier is a Media Access Control address (MAC address), Ethernet Hardware Address (EHA), hardware address, adapter address or physical address, which can be assigned to network adapter or NIC by the manufacturer for identification and can encode a registered identification number of the manufacturer.
  • the device 1000 identifies itself to the network entity 1002 at certain instants hereinafter referred to as “identification occasions”.
  • the identification occasions can arise under control of the device 1000 (i.e., autonomously), under control of the network entity 1002 (e.g., in response to receipt of a request issued by the network entity 1002 ) or under control of a user (not shown) of the device 1000 .
  • an identification occasion may arise whenever the device 1000 is queried by an external reader, which may occur when the device 1000 is sensed by the reader to be within the vicinity thereof.
  • the device 1000 may autonomously identify itself to a remote modem on a regular or irregular basis (e.g., in the context of keeping a session alive).
  • an identification occasion may arise at the discretion of the user of the device 1000 , e.g., when deciding to make a purchase.
  • the device 1000 may comprise an interface with the user that senses user input and can detect or decode when a transaction is taking place or is about to take place.
  • the device 1000 when identifying itself, the device 1000 releases a “signature”. Over the course of time, it is assumed that the device 1000 will identify itself to the network entity on at least two identification occasions, which will result in the release of a “signature” each time. As will be described in greater detail herein below, the signatures released on different identification occasions will be different, but all encode the same identifier I D of the device 1000 . Changes to the signature can be effected by the processing entity 1020 which interacts with the memory 1016 .
  • the interrogation portion 1010 of the network entity 1002 is implemented as a reader 12 and where the device 1000 is implemented as a contactlessly readable tag 14 , a non-limiting example of which is an RFID tag.
  • Communication between the reader 12 and the tag 14 occurs over a contact-less medium 16 .
  • the contact-less medium 16 is a wireless medium that may include a spectrum of radio frequencies.
  • the tag 14 could be affixed to or integrated with: an item for sale, transported merchandise, a person's clothing, an animal (including livestock), a piece of equipment (including communications equipment such as wireless communications equipment), a vehicle, an access card and a credit card, to name jut a few non-limiting examples.
  • the reader 12 can be fixed or mobile. In the fixed scenario, the reader 12 could be located at any desired position within a building, vehicle, warehouse, campus, etc. In the mobile scenario, the reader 12 could be implemented in a handheld or portable unit, for example.
  • FIG. 2 shows details of the tag 14 , in accordance with a specific non-limiting embodiment of the present invention.
  • the tag 14 comprises a memory 202 (which can be a possible implementation of the memory 1016 ), transmit/receive circuitry 204 (including an antenna), a controller 206 and a power source 208 .
  • the memory 202 includes a memory element 203 (which can be a possible implementation of the memory element 1018 ) that stores the identifier I D .
  • the memory 202 stores a current signature 212 .
  • the memory 202 may store a program for execution by the controller 206 , including computer-readable program code for causing the controller 206 to execute various steps and achieve wide-ranging functionality.
  • the current signature 212 can take the form of a bit pattern having a certain number of bits.
  • the bit pattern exhibited by the current signature 212 is dynamic, that is to say the current signature 212 changes over time.
  • the controller 206 executes various functions that allow communication to take place via the transmit/receive circuitry 204 between the tag 14 and an external reader such as the reader 12 .
  • communications will hereinafter be referred to as occurring with the reader 12 although it will be appreciated that the tag 14 may communicate similarly with other external readers that it encounters.
  • the controller 206 is operative to retrieve the current signature 212 from the memory 202 and to release the current signature 212 via the transmit/receive circuitry 204 .
  • the controller 206 can be operative to compute the current signature 212 on demand and to release via the transmit/receive circuitry 204 the current signature 212 so computed.
  • the current signature 212 is dynamic. Accordingly, the controller 206 is operative to communicate with the memory 202 in order to change the bit pattern of the current signature 212 stored in the memory 202 . This can be achieved by executing diverse functionality that will be described in greater detail later on, and which may include implementing functional elements such as an encryption engine 222 , a counter 230 , a pseudo-random number generator 240 , a geo-location module 250 and a clock module 260 , among others.
  • the configuration of the power source 208 and its inter-relationship with the controller 206 depend on whether the tag 14 is categorized as “passive”, “active” or somewhere in between.
  • the tag 14 may be designed as “passive”, whereby transmissions of the current signature 212 via the transmit/receive circuitry 204 are effected in response to detection of a burst of energy via the transmit/receive circuitry 204 , such burst of energy typically coming from the reader 12 issuing a “read request”.
  • the controller 206 only needs to be powered during the short time period following the detection of the burst.
  • the burst itself can charge the power source 208 for a brief period, enough to allow the controller 206 to cause transmission of the current signature 212 via the transmit/receive circuitry 204 in response to the read request.
  • the current signature 212 may be extracted from the memory 202 or it may be generated on demand, upon receipt of the read request.
  • transmissions of the current signature 212 via the transmit/receive circuitry 204 are similarly effected in response to detection of a read request via the transmit/receive circuitry 204 .
  • the availability of the power source 208 allows the controller 206 to transmit the current signature 212 at a longer range than for passive devices.
  • Certain active tags also have the capability to switch into a passive mode of operation upon depletion of the power source 208 .
  • transmissions of the current signature 212 are effected via the transmit/receive circuitry 204 at instances or intervals that are controlled by the controller 206 . This can be referred to as autonomous (or unsolicited) issuance of the current signature 212 .
  • the controller 206 needs to be continuously powered from the power source 208 .
  • Active and passive tags may have other features that will be known to those of skill in the art.
  • the power source 208 can be connected to the controller 206 via a switch 210 , which is optional.
  • the switch 210 can be toggled between a first state during which an electrical connection is established between the power source 208 and the controller 206 , and a second state during which this electrical connection is broken.
  • the switch 210 is biased in the second state, and can be placed into the first state. Toggling into the first state can be achieved by a burst of energy that is sensed at a sensor (not shown) or by use of an activation element.
  • the activation element may be a touch-sensitive pad on a surface of the tag 14 , or a mechanical component (e.g., a button). Placing the switch 210 into the first state may also trigger the controller 260 to change the current signature 212 in the memory 202 .
  • FIG. 3 there is shown conceptually how the current signature 212 stored in the memory 202 may change over time.
  • different versions of the current signature 212 (denoted S A and S B ) are generated by an encoding function 302 implemented by the controller 206 .
  • the current signature 212 is used to denote which of the two signatures S A , S B is currently stored in the memory 202 .
  • the encoding function 302 generates the signatures S A and S B by encoding the aforementioned identifier I D (which, as will be recalled, is the identifier of the device 1000 , to which is affixed the tag 14 in this example embodiment) with a respective “additional data set” (denoted D A and D B ) at respective time instants (denoted T A and T B ).
  • the signature S A is generated by encoding the identifier I D with the additional data set D A
  • T B the signature S B is generated by encoding the identifier I D with the additional data set D B . While in this example, two time instants are shown and described, this is solely for simplicity, and it should be understood that in actuality, the current signature 212 may change many times.
  • the additional data sets D A and D B are different, which makes both signatures S A , S B different.
  • the two signatures S A , S B will appear scrambled relative to one another due to use of the encryption engine 222 within the encoding function 302 .
  • the signatures S A and S B can be generated from the additional data sets D A and D B in a variety of ways, two of which will be described herein below.
  • the identifier I D is encrypted by the encryption engine 222 with a dynamic key—represented by the additional data sets D A , D B themselves, resulting in the two signatures S A , S B .
  • the two signatures S A , S B will be different because the additional data sets D A , D B are different. In fact, they will appear scrambled relative to one another when observed by someone who has not applied a decryption process using a counterpart to the keys used by the encryption engine 222 .
  • the reader 12 needs to have knowledge of which key (i.e., which of the additional data sets D A , D B ) was used for encryption of a received one of the signatures S A , S B , in order to effect proper decryption and recover the identifier I D .
  • the current signature 212 may be accompanied by an index 214 also stored in the memory 202 .
  • the index 214 may point the reader 12 to the correct key to be used.
  • the reader 12 may have access to a key database (not shown) for this purpose.
  • the keys correspond to outputs of the pseudo-random number generator 240 having a seed known a priori to the tag 14 and to the reader 12 .
  • the index 214 may indicate the sequential position in the output of the pseudo-random number generator 240 that corresponds to the additional data set D A
  • the index 214 may indicate the sequential position in the output of the pseudo-random number generator 240 that corresponds to the additional data set D B .
  • the reader 12 can then easily find the value occupying the correct sequential position in the output of an identical local pseudo-random number generator and effect successful decryption of the received signature (S A or S B ).
  • the keys are provided by the reader 12 .
  • the reader 12 decides that a change in the current signature 212 is required.
  • the reader 12 may issue a trigger which, when received by the controller 206 , causes the controller 206 to effect a change in the current signature 212 .
  • changes to the key are effected by the controller 206 in response to triggers received from the reader 12 .
  • the approach of FIG. 4B may be useful.
  • the identifier I D is augmented with differing scrambling codes (denoted C A and C B ), and then encrypted by the encryption engine 222 with a common key (denoted K), thus producing the two signatures S A , S B .
  • the “additional data set” D A used for encryption at T A is therefore composed of the key K and the scrambling code C A
  • the “additional data set” D B used for encryption at T B is composed of the same key K and the scrambling code C B .
  • the encryption process can be designed so that small differences (in terms of the number of bits where there is a difference) between the scrambling codes C A and C B will cause large differences (in terms of the number of bits where there is a difference) in the resultant signatures S A and S B .
  • the scrambling codes C A , C B have the effect of scrambling (i.e., randomizing) the resultant signatures S A , S B .
  • the controller 206 is responsible for determining which scrambling code is to be used to generate a particular signature at a particular time instant.
  • the current version of the scrambling code can be stored in the memory 202 and is denoted 220 for convenience. It will be appreciated based on the above description that the scrambling code C A corresponds to the current scrambling code 220 at T A and that the scrambling code C B corresponds to the current scrambling code 220 at T B .
  • the current scrambling code 220 is changed in a way that can be predicted by the reader 12 , that is to say, where the reader 12 (or an entity associated therewith) has knowledge of how each successive scrambling code is generated.
  • the current scrambling code 220 can be changed each time (or, generally, each N th time where N ⁇ 1) that the controller 206 receives a read request or releases the current signature 212 in response to a read request. This can ensure that the current signature 212 is different each N th time that the controller 206 receives a read request.
  • the current scrambling code 220 is changed every the current scrambling code 220 can be changed every set period of time (ex. every N seconds, minutes, hours, days, etc.).
  • the variations in the current scrambling code 220 may governed in a variety of ways that are predictable to the reader 12 .
  • the controller 206 may implement a counter 230 , whose output is incremented (by a step size that can equal unity or can be negative, for example) after each N th time that the controller 206 responds to a read request received from a nearby reader (or each N seconds, etc.). If the current scrambling code 220 is set to correspond to the current output of the counter 230 , then the scrambling codes C A , C B used to generate the two signatures S A , S B will differ by the step size.
  • the controller 206 may implement the aforesaid pseudo-random number generator 240 , which produces an output that depends on one or more previous values of the output and on a seed. If the current scrambling code 220 is set to correspond to the current output of the pseudo-random number generator 240 , then the scrambling codes C A , C B used to generate the two signatures S A , S B will differ in accordance with the characteristics of the pseudo-random number generator 240 .
  • the additional data sets D A , D B are not only predicted by the reader 12 but are actually controlled by the reader 12 . This can be useful where the reader 12 (or an entity associated therewith) decides that a change in the current signature 212 is required. Alternatively, and recognizing that the key K is common to both of the additional data sets D A , D B , the reader 12 could supply the unique portions of the additional data sets D A , D B , namely the scrambling codes C A , C B .
  • the reader 12 may simply issue a trigger which, when received by the controller 206 , causes the controller 206 to effect a change in the current signature 212 .
  • changes to the current signature 212 are effected by the controller 206 in response to triggers received from the reader 12 .
  • the controller 206 may implement the aforementioned geo-location module 250 , which is configured to output a current spatial position of the tag 14 or of an item, person, vehicle, etc., to which it is affixed. If the current scrambling code 220 is set to correspond to the current output of the geo-location module 250 , then the scrambling codes C A , C B used to generate the two signatures S A , S B will differ in a stochastic fashion.
  • the controller 206 may implement a clock module 260 , which is configured to determine a current time. If the current scrambling code 220 is set to correspond to a value measured by the clock module 260 (e.g., number of milliseconds elapsed since midnight of the day before), then the scrambling codes C A , C B used to generate the two signatures S A , S B will differ in a stochastic fashion.
  • a clock module 260 is configured to determine a current time. If the current scrambling code 220 is set to correspond to a value measured by the clock module 260 (e.g., number of milliseconds elapsed since midnight of the day before), then the scrambling codes C A , C B used to generate the two signatures S A , S B will differ in a stochastic fashion.
  • a common identifier of the device 1000 is encoded within a plurality of signatures that vary over time for the same device 1000 .
  • This identifier can be extracted by the network entity 1002 (either the interrogation portion 1010 or the processing portion 1012 , as applicable) by utilizing the appropriate key for decryption.
  • This allows the network entity 1002 to perform a variety of functions, including but not limited to validation of the identifier based on the signature and/or the scrambling code (hereinafter “scenario (I)”) and/or an action related to identification, based on the identifier (hereinafter, “scenario (II)”). Both of these scenarios, which are not mutually exclusive, are now described in some detail, again in the specific non-limiting example embodiment of an RFID environment.
  • a dynamic scrambling code is used in the generation of a signature that continually encodes the same identifier, and it is of interest to recover the current scrambling code to detect a potential instance of tag cloning.
  • the system of FIG. 6A comprises a processing entity 610 that implements a validation operation, as will be described herein below.
  • the processing entity 610 referred to above may be connected to the reader 12 , or it may be a remote entity. Such a remote entity may be reachable over a network, or it may be integrated with the reader 12 .
  • the processing entity 610 may be part of the network entity 1002 or, more specifically, part of the processing portion 1012 .
  • the system of FIG. 6A also includes a storage entity, such as a database 602 , that is accessible to the processing entity 610 and stores a plurality of records 604 , each associated with a respective identifier.
  • a storage entity such as a database 602
  • each identifier for which there exists a record in the database 602 is indicative of a privilege to access certain property or make certain transactions, although other scenarios are possible without departing from the scope of the present invention.
  • each of the records 604 also comprises a field 606 indicative of zero or more scrambling codes 608 that were encoded in signatures which were previously received and which encoded the respective identifier for that record.
  • a particular signature that encodes the identifier in a given one of the records 604 as well as one of the scrambling code(s) 608 stored in the corresponding field 606 will indicate that the particular signature has been previously received and therefore its instant receipt may be indicative that a cloning attempt has been made.
  • step 710 consider what happens following step 710 when a signature S X is received at a particular time instant by the reader 12 .
  • whether the signature S X encodes any particular identifier or scrambling code is unknown to the reader 12 .
  • an attempt to decrypt the signature S X is made by the processing entity 610 using a decryption key K X .
  • the decryption key K X may be known in advance to the processing entity 610 .
  • the signature S X may be accompanied by an index that allows the processing entity 610 to determine the appropriate decryption key K X .
  • the result of the decryption attempt at step 730 is a candidate identifier I X and a candidate scrambling code, denoted C X .
  • the processing entity 610 consults the database 602 based on the candidate identifier I X in an attempt to identify a corresponding record and extract therefrom a list of scrambling code(s) that have been received in the past in association with the candidate identifier I X .
  • the processing entity 610 compares the candidate scrambling code C X to the scrambling code(s) 608 in the field 606 of the record identified at step 740 and corresponding to identifier I X .
  • the processing entity 610 may lead the processing entity 610 to conclude that the validation operation was unsuccessful.
  • the processing entity 610 may look at how many of the scrambling code(s) 608 stored in the field 606 of the record corresponding to identifier I X correspond to the scrambling code C X , and if this number is greater than or equal to N, this may lead the processing entity 610 to conclude that the validation operation was unsuccessful.
  • the processing entity 610 may look at how long ago it has been since a matching one of the scrambling code(s) 608 was first stored in the field 606 of the record corresponding to identifier I X , and if this time interval is greater than or equal to a pre-determined number of seconds, minutes, hours, days, etc., this may lead the processing entity 610 to conclude that the validation operation was unsuccessful.
  • the privilege to access the property or make transactions may be revoked or at least questioned on the basis of suspected tag cloning.
  • the processing entity 610 may conclude that the validation operation was potentially successful.
  • the default privilege to access the property or make transactions may be granted (or at least not revoked on the basis of suspected tag cloning).
  • the field 606 in the record associated with each particular identifier may be indicative of an “expected” scrambling code, i.e., the scrambling code that should (under valid circumstances) be encoded in a signature received from a tag that encodes the particular identifier.
  • the field 606 in the record associated with each particular identifier may be indicative of an “expected” signature, i.e., the signature that should (under valid circumstances) be received from a tag that encodes the particular identifier.
  • the processing entity 610 upon receipt of the signature S X , if it is found to correspond to the expected signature (or if the scrambling code C X is found to correspond to the expected scrambling code), this may lead the processing entity 610 to conclude that the validation operation was potentially successful. On the other hand, if there is no match between the signature S X and the expected signature stored in the database 602 (or between the scrambling code C X and the expected scrambling code), this may lead the processing entity 610 to conclude that the validation operation was unsuccessful.
  • the processing entity 610 may obtain knowledge of the expected scrambling code or the expected signature by implementing plural pseudo-random number generators for each of the identifiers, analogous to the pseudo-random number generator 240 implemented by the controller 206 in a given tag 14 , which produces an output that depends on one or more previous values of the output and on a seed.
  • the next output of the pseudo-random number generator implemented by the processing entity 610 for a given identifier allows the processing entity 610 to predict the scrambling code (or the signature) that should be received from a tag legitimately encoding the given identifier.
  • the processing entity 610 may know what is the expected scrambling code/signature because it has instructed the reader 12 to cause this expected scrambling code/signature to be stored in the memory of the tag.
  • the database 602 simply comprises a running list of all signatures that have been received in the past.
  • the processing entity 610 upon receipt of the signature S X , if it is found to correspond to one of the signatures on the list, this may lead the processing entity 610 to conclude that the validation operation was unsuccessful.
  • the processing entity 610 if there is no match between the signature S X and any of the signatures stored in the database 602 , this may lead the processing entity 610 to conclude that the validation operation was potentially successful (or at least not unsuccessful).
  • the processing entity 610 may also perform an action related to identification of an item, vehicle, person, etc., associated with the particular tag that encoded the identifier I X .
  • the processing entity 610 may simply note the fact that the item, vehicle, person, etc. (bearing the identifier I X ) was encountered in a vicinity of the reader 12 . This information may be stored in a database (not shown) or sent as a message, for example. In an inventory management scenario, the processing entity 610 may consult an inventory list and “check off” the inventory item as having been located, or may signal that the presence of a spurious inventory item (i.e., one that is not on the inventory list) has been detected.
  • a spurious inventory item i.e., one that is not on the inventory list
  • the processing entity 610 may consult another database (not shown) in order to ascertain whether the identifier is on a list of identifiers associated with individuals/objects permitted to access, or prohibited from accessing, certain property.
  • properties include, without limitation: computing equipment, a computer network, a building, a portion of a building, an entrance, an exit and a vehicle.
  • the processing entity 610 may consult another database (not shown) in order to ascertain whether the identifier is on a list of identifiers associated with individuals permitted to effect, or prohibited from effecting, a transaction, which could be a financial transaction or a login to controlled online content, for example.
  • FIG. 7B shows a variant where multiple keys are possible but no index (or one that does not permit identification of the appropriate decryption key) is provided along with the signature S X .
  • taking the “NO” branch after step 750 does not conclude the validation operation. Rather, the validation operation goes through step 770 where a next key is selected and then the validation operation returns to step 730 , whereby steps 730 through 770 are re-executed until the earlier occurrence of (i) taking the “YES” branch at step 750 and (ii) exhaustion of all keys, which can result in the equivalent of taking the “NO” branch out of 740 (i.e., this may indicate that there is a high-level failure requiring further action).
  • encryption and decryption can be effected using various techniques known in the art, including encryption using a symmetric key, an asymmetric key pair, a public/private key pair, etc., as well as in accordance with a variety of algorithms and protocols
  • RSA and ECC are suitable examples of asymmetric encryption algorithms
  • AES, DES, and Blowfish are suitable examples of symmetric algorithms. Still other possibilities exist and are within the scope of the present invention.
  • a plurality of readers 662 are connected to each other and to a centralized control entity 660 by a network 680 , which can be a public packet-switched network, a VLAN, a set of point-to-point links, etc.
  • the centralized control entity 660 e.g., a network controller
  • the centralized control entity 660 can implement the combined functionality of each individual processing entity 610 , including decryption and validation.
  • the centralized control entity 660 maintains a master database 670 , which includes the equivalent of a consolidated version of various instances of the database 602 previously described as being associated with the reader 12 in the single-reader scenario.
  • decryption and validation can be performed entirely in the centralized control entity 660 .
  • certain functionality such as decryption
  • other functionality such as validation
  • the processing entities 610 can inter-operate amongst themselves in the absence of the centralized entity 660 , thereby to implement decryption on a local basis, and the validation operation in a joint fashion.
  • the master database 670 can still be used, or the processing entities 610 can communicate with one another to share information in their respective databases 602 .
  • a dynamic key is used in the generation of a signature that encodes a constant identifier, and it is of interest to recover the underlying identifier despite the time-varying key.
  • FIG. 8 there is shown a system that is similar to the system of FIG. 1 .
  • the system of FIG. 8 comprises a processing entity 810 that implements an identification operation, as will be described herein below.
  • the processing entity 810 may be connected to the reader 12 , or it may be a remote entity. Such a remote entity may be reachable over a network, or it may be integrated with the reader 12 .
  • the processing entity 810 may be part of the network entity 1002 or, more specifically, part of the processing portion 1012 . It should be understood that the system in FIG. 8 is being shown separately from the system in FIG. 6 ; however, it is within the scope of the present invention to combine the functionality of both systems.
  • step 910 consider what happens following step 910 when a signature S Y is received from a particular tag at a particular time instant by the reader 12 .
  • the signature S Y is assumed to have been generated by encrypting an identifier I Y using an encryption key that varies in a dynamic fashion.
  • the particular tag may have generated the dynamic encryption key based on, for example:
  • the decryption key can then be determined based on the above quantity.
  • the decryption key could be the above-mentioned output of the clock module or the geo-location module.
  • the encryption key could be the output of a table or a pseudo-random number generator (both known to the processing entity 810 ) based on the above-mentioned seed, or at a position that corresponds to the above-mentioned index. In the latter case, the index or seed can be supplied along with the signature S Y .
  • the processing entity 810 is expected to determine the appropriate decryption key, denoted K Y . Accordingly, at step 930 , the processing entity 810 first determines a dynamic parameter that will allow the decryption key K Y to be determined. Examples of the dynamic parameter include:
  • the processing entity 810 obtains the decryption key K Y based on the dynamic parameter determined at step 930 .
  • the decryption key K Y could be the dynamic parameter itself.
  • the decryption key K Y could be the output of the aforementioned table or pseudo-random number generator known to the processing entity 810 , at a position that corresponds to the received index, or using the received seed.
  • the signature S Y is decrypted at step 950 using the decryption key. This leads to extraction of the identifier I Y . It is noted that a scrambling code was not required in this embodiment, although its use is not disallowed.
  • the processing entity 810 proceeds to step 960 , where it performs an action related to identification of an item, vehicle, person, etc., associated with the particular tag that encoded the identifier I Y .
  • the processing entity 810 may simply note the fact that the item, vehicle, person, etc. (bearing the identifier I Y ) was encountered in a vicinity of the reader 12 . This information may be stored in a database (not shown) or sent as a message, for example. In an inventory management scenario, the processing entity 810 may consult an inventory list and “check off” the inventory item as having been located, or may signal that the presence of a spurious inventory item (i.e., one that is not on the inventory list) has been detected.
  • a spurious inventory item i.e., one that is not on the inventory list
  • the processing entity 810 may consult another database (not shown) in order to ascertain whether the identifier is on a list of identifiers associated with individuals/objects permitted to access, or prohibited from accessing, certain property.
  • properties include, without limitation: computing equipment, a computer network, a building, a building, a portion of a building, an entrance, an exit and a vehicle.
  • the processing entity 810 may consult another database (not shown) in order to ascertain whether the identifier is on a list of identifiers associated with individuals permitted to effect, or prohibited from effecting, a transaction, which could be a financial transaction or a login to controlled online content, for example.
  • the processing entity 810 may also perform an action related to validation of the identifier I Y in conjunction with the above action related to identification. Specifically, in accordance with one embodiment of the present invention, the processing entity may consult a variant of the aforementioned database 602 , where each of the records 604 now includes a field indicative of zero or more signatures which were previously received and which encoded the respective identifier for that record. Thus, receipt of a particular signature that encodes the identifier in a given one of the records 604 as well as one of the signature(s) stored in the corresponding field will indicate that the particular signature has been previously received and therefore its instant receipt may be indicative that a cloning attempt has been made.
  • processing entity 610 may be implemented using pre-programmed hardware or firmware elements (e.g., application specific integrated circuits (ASICs), electrically erasable programmable read-only memories (EEPROMs), etc.), or other related components.
  • ASICs application specific integrated circuits
  • EEPROMs electrically erasable programmable read-only memories
  • the functionality of the entity in question may be achieved using a computing apparatus that has access to a code memory (not shown) which stores computer-readable program code for operation of the computing apparatus, in which case the computer-readable program code could be stored on a medium which is fixed, tangible and readable directly by the entity in question (e.g., removable diskette, CD-ROM, ROM, fixed disk, USB drive), or the computer-readable program code could be stored remotely but transmittable to the entity in question via a modem or other interface device (e.g., a communications adapter) connected to a network (including, without limitation, the Internet) over a transmission medium, which may be either a non-wireless medium (e.g., optical or analog communications lines) or a wireless medium (e.g., microwave, infrared or other transmission schemes) or a combination thereof.
  • a non-wireless medium e.g., optical or analog communications lines
  • a wireless medium e.g., microwave, infrared or other transmission schemes

Abstract

A method for execution by a device, which comprises: generating a first signature by encrypting an identifier of the device together with first additional data; generating a second signature by encrypting the identifier of the device together with second additional data that is different from the first additional data; releasing the first signature to identify the device on a first occasion; and releasing the second signature to identify the device on a second occasion. Also, a device, which comprises: a memory storing an identifier of the device; a processing entity configured to generate a plurality of different signatures encoding the identifier and to store the signatures in the memory; and a transmit/receive entity configured to identify the device on respective occasions by releasing individual ones of the signatures.

Description

    CROSS-REFERENCE TO RELATED APPLICATION
  • The present application is a continuation-in-part, and claims the benefit under 35 USC 120, of PCT International Application PCT/CA2007/002343, filed on Dec. 20, 2007 and hereby incorporated by reference herein.
    • FIELD OF THE INVENTION
  • The present invention relates generally to communication over a network and, more specifically, to a method for identification of a device when communicating with a network entity over the network.
    • BACKGROUND
  • In many everyday applications, such as access control, payment and tracking, devices involved in those applications need to be identified. Devices are typically assigned an identifier for such purposes. Thus, when the time comes for a device to be identified, the device transmits its assigned identifier to a network entity, which takes a decision as to whether the device (or a user thereof) is authorized to access a physical resource, view online content, utilize funds, etc.
  • In many situations, at least a portion of the pathway between a given device and the network entity might not be secure. For example, RFID, Bluetooth, WiFi, WiMax, Internet all present potential security risks whereby a malicious individual could detect and copy identifiers transmitted by the given device. Once the malicious individual gains knowledge of the given device's identifier, it is possible that he or she can simulate the given device and potentially gain access to a secured resource facility or vehicle, conduct unauthorized payments, impersonate the given device, etc.
  • Thus, an improved approach to the identification of devices would be welcome in the industry.
    • SUMMARY OF THE INVENTION
  • According to a broad aspect, there is provided a method for execution by a device, which comprises: generating a first signature by encrypting an identifier of the device together with first additional data; generating a second signature by encrypting the identifier of the device together with second additional data that is different from the first additional data; releasing the first signature to identify the device on a first occasion; and releasing the second signature to identify the device on a second occasion.
  • According to another broad aspect, there is provided a computer-readable storage medium comprising a set of computer-readable instructions for execution by a device, wherein execution of the set of instructions by the device causes the device to execute a method that includes: generating a first signature by encrypting an identifier of the device together with first additional data; generating a second signature by encrypting the identifier of the device together with second additional data that is different from the first additional data; releasing the first signature to identify the device on a first occasion; and releasing the second signature to identify the device on a second occasion.
  • According to yet another broad aspect, there is provided a device, which comprises: a memory storing an identifier of the device; a processing entity configured to generate a plurality of different signatures encoding the identifier and to store the signatures in the memory; and a transmit/receive entity configured to identify the device on respective occasions by releasing individual ones of the signatures.
  • These and other aspects and features of the present invention will now become apparent to those of ordinary skill in the art upon review of the following description of specific embodiments of the invention in conjunction with the accompanying drawings.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • In the accompanying drawings:
  • FIG. 1 is a block diagram of a system comprising a reader and a tag, in accordance with a non-limiting embodiment of the present invention.
  • FIG. 2 is a block diagram showing details of the tag, in accordance with a non-limiting embodiment of the present invention.
  • FIG. 3 illustrates a decoding function implemented by a controller in the tag, for generation of a signature at two points in time.
  • FIGS. 4A and 4B depict two possible functional architectures for generation of a signature.
  • FIG. 5 is a block diagram of a system comprising a device in communication with a network entity.
  • FIG. 6A shows application of a non-limiting embodiment of the present invention in a validation context.
  • FIG. 6B is a block diagram of a multi-reader architecture, in accordance with a non-limiting embodiment of the present invention.
  • FIG. 7A is a flowchart showing operation of a processing entity of FIG. 6 when considering tags whose signatures encode a variable scrambling code and that are encrypted using a common key that is known to the reader or can be determined from an index supplied with the signature.
  • FIG. 7B is a flowchart similar to that of FIG. 7A, but where the common key is unknown to the reader.
  • FIG. 8 shows application of a non-limiting embodiment of the present invention in an identification context when considering tags whose signatures are encrypted using a variable key.
  • FIG. 9 is a flowchart showing operation of a processing entity of FIG. 8 when considering tags whose signatures are encrypted using a variable key.
    •
  • It is to be expressly understood that the description and drawings are only for the purpose of illustration of certain embodiments of the invention and are an aid for understanding. They are not intended to be a definition of the limits of the invention.
    • DETAILED DESCRIPTION
  • With reference to FIG. 5, there is shown a system comprising a device 1000 in communication with a network entity 1002. The network entity 1002 controls access to a resource 1004. The resource 1004 can be any desired resource to which the device 1000 (or a user thereof) may wish to gain access. Non-limiting examples of the resource 1004 include real property (e.g., computing equipment, a computer network, a building, a portion of a building, an entrance, an exit, a vehicle, etc.), online property (e.g., access to a network such as the Internet or a virtual private network, a user account on a website, etc.) and financial property (e.g., a credit card account, bank account, utility company account, etc.).
  • The network entity 1002 may in some embodiments comprise an interrogation portion 1010 and a processing portion 1012. Depending on the embodiment, the interrogation portion 1010 may take the form of an RFID reader, a server, a modem, a WiFi node, a WiMax node, a base station, an infrared/Bluetooth receiver, etc. The interrogation portion 1010 communicates with the network device 1002 over a communication pathway 1014. In a non-limiting example, the communication pathway 1014 may traverse the Internet. Alternatively or in addition, the communication pathway 1014 may traverse the public switched telephone network (PSTN). The communication pathway 1014 may include one or more portions, any one or more of which may physically consist of one or more of a wireless, guided optical or wired link. Non-limiting examples of a wireless link include a radio frequency link and a free-space optical link, which may be established using any suitable protocol, including but not limited to RFID, Bluetooth, WiFi, WiMax, etc. Furthermore, the wireless link may be fixed wireless or mobile wireless, to name but two non-limiting possibilities.
  • The processing portion 1012 of the network entity 1002 is in communication with the interrogation portion 1010 and obtains therefrom data obtained as a result of interaction with the device 1000. The processing portion 1012 has the ability to process the data obtained by the interrogation portion 1010 and to determine whether or not to grant access to the resource 1004.
  • The device 1000 can be any suitable device that is susceptible of being used to access the resource 1004. In one non-limiting example, the device may take the form of a contactlessly readable tag (e.g., an RFID tag) that can be affixed to or integrated with: an item for sale, transported merchandise, a person's clothing, an animal (including livestock), a piece of equipment (including communications equipment such as wireless communications equipment), a vehicle, an access card and a credit card, to name jut a few non-limiting examples. In another non-limiting example, the device 1000 may take the form of a communication device (e.g., a mobile telephone (including smart phones and networked personal digital assistants), a computer (e.g., desktop or laptop), a modem, a network adapter, a network interface card (NIC), etc.).
  • The device 1000 comprises a memory 1016 and a processing entity 1020 (e.g., a microcontroller) that is coupled to the memory 1020. The processing entity 1020 has the ability to execute computer-readable instructions stored in the memory 1016 which, upon execution, result in the device 1000 implementing a desired process or application. In a non-limiting example, the application is a software application, such as a telephony or banking application, to give but two non-limiting examples.
  • The memory 1016 includes a memory element 1018 that stores an identifier ID of the device 1000. Depending on the type of device, the identifier may be configured differently.
  • For example, in the case where the device 1000 takes the form of an RFID tag, the identifier ID may be an identifier specifically used in RFID tags and may encode information such as, without limitation, a serial number, a universal product code (UPC), a vehicle registration number (VIN), an account number and a customized identifier.
  • In the case where the device 1000 takes the form of a communication device that is a mobile telephone, the identifier ID may be an electronic serial number of the mobile telephone.
  • In the case where the device 1000 takes the form of a network adapter or NIC, the identifier ID may be a manufacturer-assigned identifier associated with the communication device. A non-limiting example of a suitable identifier is a Media Access Control address (MAC address), Ethernet Hardware Address (EHA), hardware address, adapter address or physical address, which can be assigned to network adapter or NIC by the manufacturer for identification and can encode a registered identification number of the manufacturer.
  • In order to gain access to the resource, the device 1000 identifies itself to the network entity 1002 at certain instants hereinafter referred to as “identification occasions”. Depending on the application at hand, the identification occasions can arise under control of the device 1000 (i.e., autonomously), under control of the network entity 1002 (e.g., in response to receipt of a request issued by the network entity 1002) or under control of a user (not shown) of the device 1000. For example, in the case of an application involving control of access to real property, an identification occasion may arise whenever the device 1000 is queried by an external reader, which may occur when the device 1000 is sensed by the reader to be within the vicinity thereof. In the case of an application involving control of access to online property, the device 1000 may autonomously identify itself to a remote modem on a regular or irregular basis (e.g., in the context of keeping a session alive). In the case of an application involving control of financial property, an identification occasion may arise at the discretion of the user of the device 1000, e.g., when deciding to make a purchase. In such a case, the device 1000 may comprise an interface with the user that senses user input and can detect or decode when a transaction is taking place or is about to take place.
  • In accordance with non-limiting embodiments of the present invention, when identifying itself, the device 1000 releases a “signature”. Over the course of time, it is assumed that the device 1000 will identify itself to the network entity on at least two identification occasions, which will result in the release of a “signature” each time. As will be described in greater detail herein below, the signatures released on different identification occasions will be different, but all encode the same identifier ID of the device 1000. Changes to the signature can be effected by the processing entity 1020 which interacts with the memory 1016.
  • To take the specific non-limiting example embodiment of an RFID environment, reference is now made to FIG. 1, where the interrogation portion 1010 of the network entity 1002 is implemented as a reader 12 and where the device 1000 is implemented as a contactlessly readable tag 14, a non-limiting example of which is an RFID tag. Communication between the reader 12 and the tag 14 occurs over a contact-less medium 16. In a specific non-limiting embodiment, the contact-less medium 16 is a wireless medium that may include a spectrum of radio frequencies. As described earlier, the tag 14 could be affixed to or integrated with: an item for sale, transported merchandise, a person's clothing, an animal (including livestock), a piece of equipment (including communications equipment such as wireless communications equipment), a vehicle, an access card and a credit card, to name jut a few non-limiting examples. For its part, the reader 12 can be fixed or mobile. In the fixed scenario, the reader 12 could be located at any desired position within a building, vehicle, warehouse, campus, etc. In the mobile scenario, the reader 12 could be implemented in a handheld or portable unit, for example.
  • FIG. 2 shows details of the tag 14, in accordance with a specific non-limiting embodiment of the present invention. The tag 14 comprises a memory 202 (which can be a possible implementation of the memory 1016), transmit/receive circuitry 204 (including an antenna), a controller 206 and a power source 208.
  • The memory 202 includes a memory element 203 (which can be a possible implementation of the memory element 1018) that stores the identifier ID. In addition, the memory 202 stores a current signature 212. In addition, the memory 202 may store a program for execution by the controller 206, including computer-readable program code for causing the controller 206 to execute various steps and achieve wide-ranging functionality. In a non-limiting embodiment, the current signature 212 can take the form of a bit pattern having a certain number of bits. In accordance with an embodiment of the present invention, the bit pattern exhibited by the current signature 212 is dynamic, that is to say the current signature 212 changes over time.
  • The controller 206 executes various functions that allow communication to take place via the transmit/receive circuitry 204 between the tag 14 and an external reader such as the reader 12. In what follows, communications will hereinafter be referred to as occurring with the reader 12 although it will be appreciated that the tag 14 may communicate similarly with other external readers that it encounters.
  • As part of its functionality, the controller 206 is operative to retrieve the current signature 212 from the memory 202 and to release the current signature 212 via the transmit/receive circuitry 204. Alternatively, depending on the computational capabilities of the controller 206, the controller 206 can be operative to compute the current signature 212 on demand and to release via the transmit/receive circuitry 204 the current signature 212 so computed.
  • It is recalled that in this embodiment, the current signature 212 is dynamic. Accordingly, the controller 206 is operative to communicate with the memory 202 in order to change the bit pattern of the current signature 212 stored in the memory 202. This can be achieved by executing diverse functionality that will be described in greater detail later on, and which may include implementing functional elements such as an encryption engine 222, a counter 230, a pseudo-random number generator 240, a geo-location module 250 and a clock module 260, among others.
  • The configuration of the power source 208 and its inter-relationship with the controller 206 depend on whether the tag 14 is categorized as “passive”, “active” or somewhere in between. Specifically, the tag 14 may be designed as “passive”, whereby transmissions of the current signature 212 via the transmit/receive circuitry 204 are effected in response to detection of a burst of energy via the transmit/receive circuitry 204, such burst of energy typically coming from the reader 12 issuing a “read request”. In this case, the controller 206 only needs to be powered during the short time period following the detection of the burst. In fact, the burst itself can charge the power source 208 for a brief period, enough to allow the controller 206 to cause transmission of the current signature 212 via the transmit/receive circuitry 204 in response to the read request. The current signature 212 may be extracted from the memory 202 or it may be generated on demand, upon receipt of the read request.
  • Alternatively, in some embodiments of an “active” tag, transmissions of the current signature 212 via the transmit/receive circuitry 204 are similarly effected in response to detection of a read request via the transmit/receive circuitry 204. In this case, the availability of the power source 208 allows the controller 206 to transmit the current signature 212 at a longer range than for passive devices. Certain active tags also have the capability to switch into a passive mode of operation upon depletion of the power source 208. In other embodiments of an active tag, transmissions of the current signature 212 are effected via the transmit/receive circuitry 204 at instances or intervals that are controlled by the controller 206. This can be referred to as autonomous (or unsolicited) issuance of the current signature 212. To this end, the controller 206 needs to be continuously powered from the power source 208.
  • Active and passive tags may have other features that will be known to those of skill in the art.
  • In still other cases, the power source 208 (either continually storing a charge or accumulating a sensed charge) can be connected to the controller 206 via a switch 210, which is optional. The switch 210 can be toggled between a first state during which an electrical connection is established between the power source 208 and the controller 206, and a second state during which this electrical connection is broken. The switch 210 is biased in the second state, and can be placed into the first state. Toggling into the first state can be achieved by a burst of energy that is sensed at a sensor (not shown) or by use of an activation element. In various non-limiting embodiments, the activation element may be a touch-sensitive pad on a surface of the tag 14, or a mechanical component (e.g., a button). Placing the switch 210 into the first state may also trigger the controller 260 to change the current signature 212 in the memory 202.
  • With reference now to FIG. 3, there is shown conceptually how the current signature 212 stored in the memory 202 may change over time. Specifically, different versions of the current signature 212 (denoted SA and SB) are generated by an encoding function 302 implemented by the controller 206. For notational convenience, the current signature 212 is used to denote which of the two signatures SA, SB is currently stored in the memory 202. The encoding function 302 generates the signatures SA and SB by encoding the aforementioned identifier ID (which, as will be recalled, is the identifier of the device 1000, to which is affixed the tag 14 in this example embodiment) with a respective “additional data set” (denoted DA and DB) at respective time instants (denoted TA and TB). Thus, at TA, the signature SA is generated by encoding the identifier ID with the additional data set DA, whereas at TB, the signature SB is generated by encoding the identifier ID with the additional data set DB. While in this example, two time instants are shown and described, this is solely for simplicity, and it should be understood that in actuality, the current signature 212 may change many times.
  • In accordance with a non-limiting embodiment of the present invention, the additional data sets DA and DB are different, which makes both signatures SA, SB different. In fact, the two signatures SA, SB will appear scrambled relative to one another due to use of the encryption engine 222 within the encoding function 302. More specifically, the signatures SA and SB can be generated from the additional data sets DA and DB in a variety of ways, two of which will be described herein below.
    • First Approach
  • In a first approach, described with reference to FIG. 4A, the identifier ID is encrypted by the encryption engine 222 with a dynamic key—represented by the additional data sets DA, DB themselves, resulting in the two signatures SA, SB. The two signatures SA, SB will be different because the additional data sets DA, DB are different. In fact, they will appear scrambled relative to one another when observed by someone who has not applied a decryption process using a counterpart to the keys used by the encryption engine 222.
  • It will be noted that in order to make the first approach practical, the reader 12 needs to have knowledge of which key (i.e., which of the additional data sets DA, DB) was used for encryption of a received one of the signatures SA, SB, in order to effect proper decryption and recover the identifier ID. For this purpose, in order to assist the reader 12 in identifying the correct key to be used for decryption, and with reference again to FIG. 2, the current signature 212 may be accompanied by an index 214 also stored in the memory 202. The index 214 may point the reader 12 to the correct key to be used. The reader 12 may have access to a key database (not shown) for this purpose.
  • For example, consider the case where the keys (in this case, the additional data sets DA, DB) correspond to outputs of the pseudo-random number generator 240 having a seed known a priori to the tag 14 and to the reader 12. Here, at TA, the index 214 may indicate the sequential position in the output of the pseudo-random number generator 240 that corresponds to the additional data set DA, while at TB, the index 214 may indicate the sequential position in the output of the pseudo-random number generator 240 that corresponds to the additional data set DB. The reader 12 can then easily find the value occupying the correct sequential position in the output of an identical local pseudo-random number generator and effect successful decryption of the received signature (SA or SB).
  • Alternatively, the keys (in this case, the additional data sets DA, DB) are provided by the reader 12. This can be done where the reader 12 (or an entity associated therewith) decides that a change in the current signature 212 is required. As a variant, the reader 12 may issue a trigger which, when received by the controller 206, causes the controller 206 to effect a change in the current signature 212. In such cases, changes to the key (and thus to the current signature 212) are effected by the controller 206 in response to triggers received from the reader 12.
    • Second Approach
  • For other applications, the approach of FIG. 4B may be useful. Here, the identifier ID is augmented with differing scrambling codes (denoted CA and CB), and then encrypted by the encryption engine 222 with a common key (denoted K), thus producing the two signatures SA, SB. The “additional data set” DA used for encryption at TA is therefore composed of the key K and the scrambling code CA, while the “additional data set” DB used for encryption at TB is composed of the same key K and the scrambling code CB. The encryption process can be designed so that small differences (in terms of the number of bits where there is a difference) between the scrambling codes CA and CB will cause large differences (in terms of the number of bits where there is a difference) in the resultant signatures SA and SB. Thus, the scrambling codes CA, CB have the effect of scrambling (i.e., randomizing) the resultant signatures SA, SB.
  • The controller 206 is responsible for determining which scrambling code is to be used to generate a particular signature at a particular time instant. The current version of the scrambling code can be stored in the memory 202 and is denoted 220 for convenience. It will be appreciated based on the above description that the scrambling code CA corresponds to the current scrambling code 220 at TA and that the scrambling code CB corresponds to the current scrambling code 220 at TB.
  • Continuing with the second approach, several classes of embodiments are contemplated for changing the current scrambling code 220. In a first class of embodiments relevant to the approach of FIG. 4B, the current scrambling code 220 is changed in a way that can be predicted by the reader 12, that is to say, where the reader 12 (or an entity associated therewith) has knowledge of how each successive scrambling code is generated.
  • For example, the current scrambling code 220 can be changed each time (or, generally, each Nth time where N≧1) that the controller 206 receives a read request or releases the current signature 212 in response to a read request. This can ensure that the current signature 212 is different each Nth time that the controller 206 receives a read request. Alternatively, the current scrambling code 220 is changed every the current scrambling code 220 can be changed every set period of time (ex. every N seconds, minutes, hours, days, etc.). The variations in the current scrambling code 220 may governed in a variety of ways that are predictable to the reader 12. For example, the controller 206 may implement a counter 230, whose output is incremented (by a step size that can equal unity or can be negative, for example) after each Nth time that the controller 206 responds to a read request received from a nearby reader (or each N seconds, etc.). If the current scrambling code 220 is set to correspond to the current output of the counter 230, then the scrambling codes CA, CB used to generate the two signatures SA, SB will differ by the step size.
  • Alternatively, the controller 206 may implement the aforesaid pseudo-random number generator 240, which produces an output that depends on one or more previous values of the output and on a seed. If the current scrambling code 220 is set to correspond to the current output of the pseudo-random number generator 240, then the scrambling codes CA, CB used to generate the two signatures SA, SB will differ in accordance with the characteristics of the pseudo-random number generator 240.
  • Other variants will become apparent to those of skill in the art without departing from the scope of the present invention.
  • In a second class of embodiments relevant to the approach of FIG. 4B, the additional data sets DA, DB are not only predicted by the reader 12 but are actually controlled by the reader 12. This can be useful where the reader 12 (or an entity associated therewith) decides that a change in the current signature 212 is required. Alternatively, and recognizing that the key K is common to both of the additional data sets DA, DB, the reader 12 could supply the unique portions of the additional data sets DA, DB, namely the scrambling codes CA, CB.
  • As a variant, the reader 12 may simply issue a trigger which, when received by the controller 206, causes the controller 206 to effect a change in the current signature 212. In such cases, changes to the current signature 212 are effected by the controller 206 in response to triggers received from the reader 12.
  • In a third class of embodiments relevant to the approach of FIG. 4B, it may be desired to change the signatures SA, SB in a stochastic way, that is to say, without the need to follow an underlying pattern that could be predicted by the reader 12.
  • For example, the controller 206 may implement the aforementioned geo-location module 250, which is configured to output a current spatial position of the tag 14 or of an item, person, vehicle, etc., to which it is affixed. If the current scrambling code 220 is set to correspond to the current output of the geo-location module 250, then the scrambling codes CA, CB used to generate the two signatures SA, SB will differ in a stochastic fashion.
  • Alternatively, the controller 206 may implement a clock module 260, which is configured to determine a current time. If the current scrambling code 220 is set to correspond to a value measured by the clock module 260 (e.g., number of milliseconds elapsed since midnight of the day before), then the scrambling codes CA, CB used to generate the two signatures SA, SB will differ in a stochastic fashion.
  • Although the foregoing description has focused on a non-limiting example wherein the device 1000 bore the tag 14, wherein the interrogation portion 1010 of the network entity 1002 consisted of the reader 12 and the communication pathway 1014 was a wireless medium, it should be apparent to persons of skill in the art that there exist many other embodiments of the present invention with application to a wide variety of other scenarios, as has been mentioned earlier.
  • In view of the above, it should thus be appreciated that a common identifier of the device 1000 is encoded within a plurality of signatures that vary over time for the same device 1000. This identifier can be extracted by the network entity 1002 (either the interrogation portion 1010 or the processing portion 1012, as applicable) by utilizing the appropriate key for decryption. This allows the network entity 1002 to perform a variety of functions, including but not limited to validation of the identifier based on the signature and/or the scrambling code (hereinafter “scenario (I)”) and/or an action related to identification, based on the identifier (hereinafter, “scenario (II)”). Both of these scenarios, which are not mutually exclusive, are now described in some detail, again in the specific non-limiting example embodiment of an RFID environment.
  • In scenario (I), a dynamic scrambling code is used in the generation of a signature that continually encodes the same identifier, and it is of interest to recover the current scrambling code to detect a potential instance of tag cloning. Accordingly, with reference to FIG. 6A, there is shown a system that is similar to the system of FIG. 1. In addition, the system of FIG. 6A comprises a processing entity 610 that implements a validation operation, as will be described herein below. In various embodiments, the processing entity 610 referred to above may be connected to the reader 12, or it may be a remote entity. Such a remote entity may be reachable over a network, or it may be integrated with the reader 12. Thus, the processing entity 610 may be part of the network entity 1002 or, more specifically, part of the processing portion 1012.
  • The system of FIG. 6A also includes a storage entity, such as a database 602, that is accessible to the processing entity 610 and stores a plurality of records 604, each associated with a respective identifier. For the purposes of the present example, one can consider that each identifier for which there exists a record in the database 602 is indicative of a privilege to access certain property or make certain transactions, although other scenarios are possible without departing from the scope of the present invention.
  • In accordance with one embodiment of the present invention, each of the records 604 also comprises a field 606 indicative of zero or more scrambling codes 608 that were encoded in signatures which were previously received and which encoded the respective identifier for that record. Thus, receipt of a particular signature that encodes the identifier in a given one of the records 604 as well as one of the scrambling code(s) 608 stored in the corresponding field 606 will indicate that the particular signature has been previously received and therefore its instant receipt may be indicative that a cloning attempt has been made.
  • More specifically, with reference to the flowchart in FIG. 7A, consider what happens following step 710 when a signature SX is received at a particular time instant by the reader 12. At the time of receipt, whether the signature SX encodes any particular identifier or scrambling code is unknown to the reader 12. At step 730, an attempt to decrypt the signature SX is made by the processing entity 610 using a decryption key KX. The decryption key KX may be known in advance to the processing entity 610. Alternatively, as shown in step 720, the signature SX may be accompanied by an index that allows the processing entity 610 to determine the appropriate decryption key KX. The result of the decryption attempt at step 730 is a candidate identifier IX and a candidate scrambling code, denoted CX.
  • At step 740, the processing entity 610 consults the database 602 based on the candidate identifier IX in an attempt to identify a corresponding record and extract therefrom a list of scrambling code(s) that have been received in the past in association with the candidate identifier IX. For the purposes of the present example, it is useful to assume that such a record exists (i.e., the “YES” branch is taken out of step 740), but if there is no such record, this may indicate that there is a high-level failure requiring further action. At step 750, the processing entity 610 compares the candidate scrambling code CX to the scrambling code(s) 608 in the field 606 of the record identified at step 740 and corresponding to identifier IX.
  • If there is a match, this indicates that the scrambling code CX has been used in the past in association with the identifier IX. Under certain conditions, this may lead the processing entity 610 to conclude that the validation operation was unsuccessful.
  • For example, if the signature SX was expected to change at least as often as every time that the tag on which it is stored was read, then the fact that the scrambling code CX matches one of the scrambling code(s) 608 stored in the field 606 of the record corresponding to identifier IX may lead the processing entity 610 to conclude that the validation operation was unsuccessful. Alternatively, if the signature SX was expected to change every Nth time that the tag on which it is stored was read, then the processing entity 610 may look at how many of the scrambling code(s) 608 stored in the field 606 of the record corresponding to identifier IX correspond to the scrambling code CX, and if this number is greater than or equal to N, this may lead the processing entity 610 to conclude that the validation operation was unsuccessful. Alternatively still, if the signature SX was expected to change at least as often as every N seconds etc., then the processing entity 610 may look at how long ago it has been since a matching one of the scrambling code(s) 608 was first stored in the field 606 of the record corresponding to identifier IX, and if this time interval is greater than or equal to a pre-determined number of seconds, minutes, hours, days, etc., this may lead the processing entity 610 to conclude that the validation operation was unsuccessful.
  • Where a conclusion is reached that the validation operation was unsuccessful, the privilege to access the property or make transactions may be revoked or at least questioned on the basis of suspected tag cloning.
  • On the other hand, if there is no match between the scrambling code CX and any of the scrambling code(s) 608 stored in the field 606 of the record corresponding to identifier IX, this may lead the processing entity 610 to conclude that the validation operation was potentially successful. In such a case, the default privilege to access the property or make transactions may be granted (or at least not revoked on the basis of suspected tag cloning).
  • In accordance with an alternative embodiment of the present invention, the field 606 in the record associated with each particular identifier may be indicative of an “expected” scrambling code, i.e., the scrambling code that should (under valid circumstances) be encoded in a signature received from a tag that encodes the particular identifier. Alternatively, the field 606 in the record associated with each particular identifier may be indicative of an “expected” signature, i.e., the signature that should (under valid circumstances) be received from a tag that encodes the particular identifier. Thus, upon receipt of the signature SX, if it is found to correspond to the expected signature (or if the scrambling code CX is found to correspond to the expected scrambling code), this may lead the processing entity 610 to conclude that the validation operation was potentially successful. On the other hand, if there is no match between the signature SX and the expected signature stored in the database 602 (or between the scrambling code CX and the expected scrambling code), this may lead the processing entity 610 to conclude that the validation operation was unsuccessful.
  • It should be appreciated that in the above alternative embodiments, the processing entity 610 may obtain knowledge of the expected scrambling code or the expected signature by implementing plural pseudo-random number generators for each of the identifiers, analogous to the pseudo-random number generator 240 implemented by the controller 206 in a given tag 14, which produces an output that depends on one or more previous values of the output and on a seed. Thus, the next output of the pseudo-random number generator implemented by the processing entity 610 for a given identifier allows the processing entity 610 to predict the scrambling code (or the signature) that should be received from a tag legitimately encoding the given identifier. In another embodiment, the processing entity 610 may know what is the expected scrambling code/signature because it has instructed the reader 12 to cause this expected scrambling code/signature to be stored in the memory of the tag.
  • In accordance with an alternative embodiment of the present invention, the database 602 simply comprises a running list of all signatures that have been received in the past. Thus, upon receipt of the signature SX, if it is found to correspond to one of the signatures on the list, this may lead the processing entity 610 to conclude that the validation operation was unsuccessful. On the other hand, if there is no match between the signature SX and any of the signatures stored in the database 602, this may lead the processing entity 610 to conclude that the validation operation was potentially successful (or at least not unsuccessful).
  • It should also be appreciated that having obtained the identifier IX, the processing entity 610 may also perform an action related to identification of an item, vehicle, person, etc., associated with the particular tag that encoded the identifier IX.
  • In a first example of an action related to identification, the processing entity 610 may simply note the fact that the item, vehicle, person, etc. (bearing the identifier IX) was encountered in a vicinity of the reader 12. This information may be stored in a database (not shown) or sent as a message, for example. In an inventory management scenario, the processing entity 610 may consult an inventory list and “check off” the inventory item as having been located, or may signal that the presence of a spurious inventory item (i.e., one that is not on the inventory list) has been detected.
  • In another example of an action related to identification, the processing entity 610 may consult another database (not shown) in order to ascertain whether the identifier is on a list of identifiers associated with individuals/objects permitted to access, or prohibited from accessing, certain property. Examples of property include, without limitation: computing equipment, a computer network, a building, a portion of a building, an entrance, an exit and a vehicle.
  • In another example of an action related to identification, the processing entity 610 may consult another database (not shown) in order to ascertain whether the identifier is on a list of identifiers associated with individuals permitted to effect, or prohibited from effecting, a transaction, which could be a financial transaction or a login to controlled online content, for example.
  • FIG. 7B shows a variant where multiple keys are possible but no index (or one that does not permit identification of the appropriate decryption key) is provided along with the signature SX. Specifically, taking the “NO” branch after step 750 does not conclude the validation operation. Rather, the validation operation goes through step 770 where a next key is selected and then the validation operation returns to step 730, whereby steps 730 through 770 are re-executed until the earlier occurrence of (i) taking the “YES” branch at step 750 and (ii) exhaustion of all keys, which can result in the equivalent of taking the “NO” branch out of 740 (i.e., this may indicate that there is a high-level failure requiring further action).
  • It should be appreciated that in the above embodiments, encryption and decryption can be effected using various techniques known in the art, including encryption using a symmetric key, an asymmetric key pair, a public/private key pair, etc., as well as in accordance with a variety of algorithms and protocols For example, RSA and ECC are suitable examples of asymmetric encryption algorithms, while AES, DES, and Blowfish are suitable examples of symmetric algorithms. Still other possibilities exist and are within the scope of the present invention.
  • In the above example with reference to FIGS. 6A, 7A and 7B, although a single reader was described and illustrated, it should be appreciated that it is within the scope of the present invention to provide a multi-reader architecture, as shown in FIG. 6B. A plurality of readers 662 are connected to each other and to a centralized control entity 660 by a network 680, which can be a public packet-switched network, a VLAN, a set of point-to-point links, etc. In such a case, the centralized control entity 660 (e.g., a network controller) can implement the combined functionality of each individual processing entity 610, including decryption and validation. To this end, the centralized control entity 660 maintains a master database 670, which includes the equivalent of a consolidated version of various instances of the database 602 previously described as being associated with the reader 12 in the single-reader scenario.
  • Thus, decryption and validation can be performed entirely in the centralized control entity 660. Alternatively, certain functionality (such as decryption) can be performed by the readers 662 while other functionality (such as validation) can be performed by the centralized control entity 660. Still alternatively, the processing entities 610 can inter-operate amongst themselves in the absence of the centralized entity 660, thereby to implement decryption on a local basis, and the validation operation in a joint fashion. In such a distributed scenario, the master database 670 can still be used, or the processing entities 610 can communicate with one another to share information in their respective databases 602.
  • In scenario (II), a dynamic key is used in the generation of a signature that encodes a constant identifier, and it is of interest to recover the underlying identifier despite the time-varying key. Accordingly, with reference now to FIG. 8, there is shown a system that is similar to the system of FIG. 1. In addition, the system of FIG. 8 comprises a processing entity 810 that implements an identification operation, as will be described herein below. The processing entity 810 may be connected to the reader 12, or it may be a remote entity. Such a remote entity may be reachable over a network, or it may be integrated with the reader 12. Thus, the processing entity 810 may be part of the network entity 1002 or, more specifically, part of the processing portion 1012. It should be understood that the system in FIG. 8 is being shown separately from the system in FIG. 6; however, it is within the scope of the present invention to combine the functionality of both systems.
  • With reference to the flowchart in FIG. 9, consider what happens following step 910 when a signature SY is received from a particular tag at a particular time instant by the reader 12. The signature SY is assumed to have been generated by encrypting an identifier IY using an encryption key that varies in a dynamic fashion. To this end, the particular tag may have generated the dynamic encryption key based on, for example:
      • the output of the aforementioned clock module 260 (e.g., in terms of seconds, minutes or hours of elapsed time since an event known also to the processing entity 810);
      • the output of the aforementioned geo-location module 250;
      • an index;
      • a seed for use by a pseudo-random number generator.
  • Still other possibilities are within the scope of the present invention. The decryption key can then be determined based on the above quantity. For example, the decryption key could be the above-mentioned output of the clock module or the geo-location module. Alternatively, the encryption key could be the output of a table or a pseudo-random number generator (both known to the processing entity 810) based on the above-mentioned seed, or at a position that corresponds to the above-mentioned index. In the latter case, the index or seed can be supplied along with the signature SY.
  • In accordance with the present embodiment, once the signature SY is read by the reader 12, the processing entity 810 is expected to determine the appropriate decryption key, denoted KY. Accordingly, at step 930, the processing entity 810 first determines a dynamic parameter that will allow the decryption key KY to be determined. Examples of the dynamic parameter include:
      • the output of a clock module (which attempts to emulate the aforementioned clock module 260) at the time of receipt of the signature SY (e.g., in terms of seconds, minutes or hours of elapsed time since a known event);
      • the output of a geo-location module (which can be similar to the aforementioned geo-location module 250);
      • the index or seed provided along with the signature SY.
  • Next, at step 940, the processing entity 810 obtains the decryption key KY based on the dynamic parameter determined at step 930. For example, where the dynamic parameter corresponds to the output of a clock module or a geo-location module, the decryption key KY could be the dynamic parameter itself. Alternatively, where the dynamic parameter is an index or a seed, the decryption key KY could be the output of the aforementioned table or pseudo-random number generator known to the processing entity 810, at a position that corresponds to the received index, or using the received seed.
  • Once the decryption key has been obtained, the signature SY is decrypted at step 950 using the decryption key. This leads to extraction of the identifier IY. It is noted that a scrambling code was not required in this embodiment, although its use is not disallowed.
  • Having obtained the identifier IY, the processing entity 810 proceeds to step 960, where it performs an action related to identification of an item, vehicle, person, etc., associated with the particular tag that encoded the identifier IY.
  • In a first example of an action related to identification, the processing entity 810 may simply note the fact that the item, vehicle, person, etc. (bearing the identifier IY) was encountered in a vicinity of the reader 12. This information may be stored in a database (not shown) or sent as a message, for example. In an inventory management scenario, the processing entity 810 may consult an inventory list and “check off” the inventory item as having been located, or may signal that the presence of a spurious inventory item (i.e., one that is not on the inventory list) has been detected.
  • In another example of an action related to identification, the processing entity 810 may consult another database (not shown) in order to ascertain whether the identifier is on a list of identifiers associated with individuals/objects permitted to access, or prohibited from accessing, certain property. Examples of property include, without limitation: computing equipment, a computer network, a building, a building, a portion of a building, an entrance, an exit and a vehicle.
  • In yet another example of an action related to identification, the processing entity 810 may consult another database (not shown) in order to ascertain whether the identifier is on a list of identifiers associated with individuals permitted to effect, or prohibited from effecting, a transaction, which could be a financial transaction or a login to controlled online content, for example.
  • It should be appreciated that the processing entity 810 may also perform an action related to validation of the identifier IY in conjunction with the above action related to identification. Specifically, in accordance with one embodiment of the present invention, the processing entity may consult a variant of the aforementioned database 602, where each of the records 604 now includes a field indicative of zero or more signatures which were previously received and which encoded the respective identifier for that record. Thus, receipt of a particular signature that encodes the identifier in a given one of the records 604 as well as one of the signature(s) stored in the corresponding field will indicate that the particular signature has been previously received and therefore its instant receipt may be indicative that a cloning attempt has been made.
  • In the above example with reference to FIGS. 8 and 9, although a single reader was described and illustrated, it should be appreciated that it is within the scope of the present invention to provide a multi-reader architecture, as in FIG. 6B.
  • It should also be understood that the foregoing detailed description focused on a non-limiting example wherein the device 1000 bore the tag 14, wherein the interrogation portion 1010 of the network entity 1002 consisted of the reader 12 and the communication pathway 1014 was a wireless medium. However, it should be apparent to persons of skill in the art that there exist many other embodiments of the present invention with application to a wide variety of other scenarios, as has been mentioned earlier.
  • Also, those skilled in the art will appreciate that in some embodiments, the functionality of any or all of the processing entity 610, the processing entity 810, the reader 12, the readers 662, the network entity 1002 (including the interrogation portion 1010 and the processing portion 1012) and the processing entity 1020 may be implemented using pre-programmed hardware or firmware elements (e.g., application specific integrated circuits (ASICs), electrically erasable programmable read-only memories (EEPROMs), etc.), or other related components. In other embodiments, the functionality of the entity in question may be achieved using a computing apparatus that has access to a code memory (not shown) which stores computer-readable program code for operation of the computing apparatus, in which case the computer-readable program code could be stored on a medium which is fixed, tangible and readable directly by the entity in question (e.g., removable diskette, CD-ROM, ROM, fixed disk, USB drive), or the computer-readable program code could be stored remotely but transmittable to the entity in question via a modem or other interface device (e.g., a communications adapter) connected to a network (including, without limitation, the Internet) over a transmission medium, which may be either a non-wireless medium (e.g., optical or analog communications lines) or a wireless medium (e.g., microwave, infrared or other transmission schemes) or a combination thereof.
  • While specific embodiments of the present invention have been described and illustrated, it will be apparent to those skilled in the art that numerous modifications and variations can be made without departing from the scope of the invention as defined in the appended claims.

Claims (27)

1. A method for execution by a device, comprising:
generating a first signature by encrypting an identifier of the device together with first additional data;
generating a second signature by encrypting the identifier of the device together with second additional data that is different from the first additional data;
releasing the first signature to identify the device on a first occasion; and
releasing the second signature to identify the device on a second occasion.
2. The method defined in claim 1, wherein generating the second signature is performed after generating the first signature.
3. The method defined in claim 1, further comprising receiving a request from a network entity, wherein releasing the first signature is performed no earlier than when the request is received.
4. The method defined in claim 3, further comprising receiving a second request from the network entity, wherein releasing the second signature is performed no earlier than when the second request is received.
5. The method defined in claim 4, wherein the first and second requests are received wirelessly.
6. The method defined in claim 4, wherein the first and second requests are received non-wirelessly.
7. The method defined in claim 1, further comprising receiving a request, wherein generating the first signature is performed no earlier than when the request is received.
8. The method defined in claim 7, further comprising receiving a second request, wherein generating the second signature is performed no earlier than when the second request is received.
9. The method defined in claim 1, wherein releasing the first signature and releasing the second signature are performed by the device autonomously.
10. The method defined in claim 1, wherein releasing the first signature and releasing the second signature are performed by the device on a basis of a command sensed to be received from a user of the device.
11. The method defined in claim 1, wherein the device comprises at least one of a modem and a computer.
12. The method defined in claim 1, wherein the identifier of the device is a MAC address of the device stored in a memory of the device.
13. The method defined in claim 12, wherein the device comprises at least one of a network adapter and a network interface card identifiable using said MAC address.
14. The method defined in claim 1, wherein the device comprises a mobile telephone and wherein the identifier of the device is an electronic serial number of the mobile telephone stored in a memory of the mobile telephone.
15. The method defined in claim 1, wherein the device comprises an RFID tag and wherein the identifier of the device is an identifier of the RFID tag stored in a memory of the RFID tag.
16. The method defined in claim 1, wherein the identifier of the device is an account number stored in a memory of the device.
17. The method defined in claim 1, wherein the first and second signatures are released over a non-secure pathway.
18. The method defined in claim 17, wherein the non-secure pathway traverses the Internet.
19. The method defined in claim 1, wherein the first and second signatures are generated at respective times, and wherein the first and second additional data are related, respectively, to the times at which the first and second signatures are generated.
20. The method defined in claim 1, wherein the second additional data differs from the first additional data by an amount reflective of an output of a function to which has been input the first additional data.
21. The method defined in claim 1, wherein the first and second additional data differ by an incremental amount.
22. The method defined in claim 1, wherein encrypting the identifier of the device together with the first additional data comprises combining the identifier of the device and the first additional data into a result and encrypting the result using an encryption key.
23. The method defined in claim 22, wherein encrypting the identifier of the device together with the second additional data comprises combining the identifier of the device and the second additional data into a second result and encrypting the second result using the encryption key.
24. The method defined in claim 23, wherein the encryption key is a private key of the device and is complementary to a public key that is available to a recipient of the first and second signatures.
25. A computer-readable storage medium comprising a set of computer-readable instructions for execution by a device, wherein execution of the set of instructions by the device causes the device to execute a method that includes:
generating a first signature by encrypting an identifier of the device together with first additional data;
generating a second signature by encrypting the identifier of the device together with second additional data that is different from the first additional data;
releasing the first signature to identify the device on a first occasion; and
releasing the second signature to identify the device on a second occasion.
26. A device, comprising:
a memory storing an identifier of the device;
a processing entity configured to generate a plurality of different signatures encoding the identifier and to store the signatures in the memory; and
transmit/receive circuitry configured to identify the device on respective occasions by releasing individual ones of the signatures.
27. The device defined in claim 26, wherein to generate a first one of the signatures, the processing entity is configured to encrypt the identifier together with first additional data and wherein to generate a second one of the signatures, the processing entity is configured to encrypt the identifier together with second additional data that is different from the first additional data.
US12/343,187 2007-12-20 2008-12-23 Dynamic identifier for use in identification of a device Abandoned US20090240946A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP09180219A EP2200218A1 (en) 2008-12-19 2009-12-21 Dynamic identifier for use in identification of a device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CA2007/002343 WO2009079734A1 (en) 2007-12-20 2007-12-20 Contact-less tag with signature, and applications thereof

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2007/002343 Continuation-In-Part WO2009079734A1 (en) 2007-12-20 2007-12-20 Contact-less tag with signature, and applications thereof

Publications (1)

Publication Number Publication Date
US20090240946A1 true US20090240946A1 (en) 2009-09-24

Family

ID=40787423

Family Applications (10)

Application Number Title Priority Date Filing Date
US12/314,455 Active 2033-12-23 US9305282B2 (en) 2007-12-20 2008-12-11 Contact-less tag with signature, and applications thereof
US12/314,458 Active US7806325B2 (en) 2007-12-20 2008-12-11 Contact-less tag with signature, and applications thereof
US12/314,456 Abandoned US20090160615A1 (en) 2007-12-20 2008-12-11 Contact-less tag with signature, and applications thereof
US12/314,457 Active 2029-03-26 US8103872B2 (en) 2007-12-20 2008-12-11 Contact-less tag with signature, and applications thereof
US12/343,268 Active 2030-11-22 US8412638B2 (en) 2007-12-20 2008-12-23 Method and system for validating a device that uses a dynamic identifier
US12/343,187 Abandoned US20090240946A1 (en) 2007-12-20 2008-12-23 Dynamic identifier for use in identification of a device
US12/643,225 Active 2030-01-30 US8553888B2 (en) 2007-12-20 2009-12-21 Generation of communication device signatures for use in securing nomadic electronic transactions
US12/873,623 Abandoned US20100320269A1 (en) 2007-12-20 2010-09-01 Contact-less tag with signature, and applications thereof
US13/852,352 Active 2030-05-30 US9971986B2 (en) 2007-12-20 2013-03-28 Method and system for validating a device that uses a dynamic identifier
US14/539,401 Active US10726385B2 (en) 2007-12-20 2014-11-12 Contact-less tag with signature, and applications thereof

Family Applications Before (5)

Application Number Title Priority Date Filing Date
US12/314,455 Active 2033-12-23 US9305282B2 (en) 2007-12-20 2008-12-11 Contact-less tag with signature, and applications thereof
US12/314,458 Active US7806325B2 (en) 2007-12-20 2008-12-11 Contact-less tag with signature, and applications thereof
US12/314,456 Abandoned US20090160615A1 (en) 2007-12-20 2008-12-11 Contact-less tag with signature, and applications thereof
US12/314,457 Active 2029-03-26 US8103872B2 (en) 2007-12-20 2008-12-11 Contact-less tag with signature, and applications thereof
US12/343,268 Active 2030-11-22 US8412638B2 (en) 2007-12-20 2008-12-23 Method and system for validating a device that uses a dynamic identifier

Family Applications After (4)

Application Number Title Priority Date Filing Date
US12/643,225 Active 2030-01-30 US8553888B2 (en) 2007-12-20 2009-12-21 Generation of communication device signatures for use in securing nomadic electronic transactions
US12/873,623 Abandoned US20100320269A1 (en) 2007-12-20 2010-09-01 Contact-less tag with signature, and applications thereof
US13/852,352 Active 2030-05-30 US9971986B2 (en) 2007-12-20 2013-03-28 Method and system for validating a device that uses a dynamic identifier
US14/539,401 Active US10726385B2 (en) 2007-12-20 2014-11-12 Contact-less tag with signature, and applications thereof

Country Status (4)

Country Link
US (10) US9305282B2 (en)
EP (2) EP2223460A4 (en)
CA (5) CA2645990C (en)
WO (2) WO2009079734A1 (en)

Cited By (99)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090159666A1 (en) * 2007-12-20 2009-06-25 Bce Inc. Contact-less tag with signature, and applications thereof
US20100023535A1 (en) * 2008-07-23 2010-01-28 Institute For Information Industry Apparatus, method, and computer program product thereof for storing a data and data storage system comprising the same
US20100281161A1 (en) * 2009-04-30 2010-11-04 Ucontrol, Inc. Method, system and apparatus for automated inventory reporting of security, monitoring and automation hardware and software at customer premises
US9037859B2 (en) 2008-12-18 2015-05-19 Bce Inc. Processing of communication device signatures for use in securing nomadic electronic transactions
US9231928B2 (en) 2008-12-18 2016-01-05 Bce Inc. Validation method and system for use in securing nomadic electronic transactions
US20160012696A1 (en) * 2013-03-15 2016-01-14 Assa Abloy Ab Chain of custody with release process
US9287727B1 (en) 2013-03-15 2016-03-15 Icontrol Networks, Inc. Temporal voltage adaptive lithium battery charger
US9306809B2 (en) 2007-06-12 2016-04-05 Icontrol Networks, Inc. Security system with networked touchscreen
US9349276B2 (en) 2010-09-28 2016-05-24 Icontrol Networks, Inc. Automated reporting of account and sensor information
US9450776B2 (en) 2005-03-16 2016-09-20 Icontrol Networks, Inc. Forming a security network including integrated security system components
US20160274759A1 (en) 2008-08-25 2016-09-22 Paul J. Dawes Security system with networked touchscreen and gateway
US9510065B2 (en) 2007-04-23 2016-11-29 Icontrol Networks, Inc. Method and system for automatically providing alternate network access for telecommunications
US9531593B2 (en) 2007-06-12 2016-12-27 Icontrol Networks, Inc. Takeover processes in security network integrated with premise security system
US9609003B1 (en) 2007-06-12 2017-03-28 Icontrol Networks, Inc. Generating risk profile using data of home monitoring and security system
US9621408B2 (en) 2006-06-12 2017-04-11 Icontrol Networks, Inc. Gateway registry methods and systems
US9628440B2 (en) 2008-11-12 2017-04-18 Icontrol Networks, Inc. Takeover processes in security network integrated with premise security system
US20170193502A1 (en) * 2013-03-15 2017-07-06 Zonar Systems, Inc. Method and apparatus for fuel island authorization for trucking industry using proximity sensors
US9729342B2 (en) 2010-12-20 2017-08-08 Icontrol Networks, Inc. Defining and implementing sensor triggered response rules
US9825941B2 (en) 2013-03-15 2017-11-21 Assa Abloy Ab Method, system, and device for generating, storing, using, and validating tags and data
US9867143B1 (en) 2013-03-15 2018-01-09 Icontrol Networks, Inc. Adaptive Power Modulation
US9928975B1 (en) 2013-03-14 2018-03-27 Icontrol Networks, Inc. Three-way switch
US10051078B2 (en) 2007-06-12 2018-08-14 Icontrol Networks, Inc. WiFi-to-serial encapsulation in systems
US10062273B2 (en) 2010-09-28 2018-08-28 Icontrol Networks, Inc. Integrated security system with parallel processing architecture
US10062245B2 (en) 2005-03-16 2018-08-28 Icontrol Networks, Inc. Cross-client sensor user interface in an integrated security network
US10079839B1 (en) 2007-06-12 2018-09-18 Icontrol Networks, Inc. Activation of gateway device
US10078958B2 (en) 2010-12-17 2018-09-18 Icontrol Networks, Inc. Method and system for logging security event data
US10091014B2 (en) 2005-03-16 2018-10-02 Icontrol Networks, Inc. Integrated security network with security alarm signaling system
US10127801B2 (en) 2005-03-16 2018-11-13 Icontrol Networks, Inc. Integrated security system with parallel processing architecture
US10142392B2 (en) 2007-01-24 2018-11-27 Icontrol Networks, Inc. Methods and systems for improved system performance
US10156831B2 (en) 2004-03-16 2018-12-18 Icontrol Networks, Inc. Automation system with mobile interface
US10156959B2 (en) 2005-03-16 2018-12-18 Icontrol Networks, Inc. Cross-client sensor user interface in an integrated security network
US10200504B2 (en) 2007-06-12 2019-02-05 Icontrol Networks, Inc. Communication protocols over internet protocol (IP) networks
US10237072B2 (en) 2013-07-01 2019-03-19 Assa Abloy Ab Signatures for near field communications
US10237237B2 (en) 2007-06-12 2019-03-19 Icontrol Networks, Inc. Communication protocols in integrated systems
US10313303B2 (en) 2007-06-12 2019-06-04 Icontrol Networks, Inc. Forming a security network including integrated security system components and network devices
US10339791B2 (en) 2007-06-12 2019-07-02 Icontrol Networks, Inc. Security network integrated with premise security system
US10348575B2 (en) 2013-06-27 2019-07-09 Icontrol Networks, Inc. Control system user interface
US10360593B2 (en) * 2012-04-24 2019-07-23 Qualcomm Incorporated Retail proximity marketing
US10365810B2 (en) 2007-06-12 2019-07-30 Icontrol Networks, Inc. Control system user interface
US10380871B2 (en) 2005-03-16 2019-08-13 Icontrol Networks, Inc. Control system user interface
US10382452B1 (en) 2007-06-12 2019-08-13 Icontrol Networks, Inc. Communication protocols in integrated systems
US10389736B2 (en) 2007-06-12 2019-08-20 Icontrol Networks, Inc. Communication protocols in integrated systems
US10419907B2 (en) 2012-02-22 2019-09-17 Qualcomm Incorporated Proximity application discovery and provisioning
US10423309B2 (en) 2007-06-12 2019-09-24 Icontrol Networks, Inc. Device integration framework
US10440012B2 (en) 2014-07-15 2019-10-08 Assa Abloy Ab Cloud card application platform
US10498830B2 (en) 2007-06-12 2019-12-03 Icontrol Networks, Inc. Wi-Fi-to-serial encapsulation in systems
US10522026B2 (en) 2008-08-11 2019-12-31 Icontrol Networks, Inc. Automation system user interface with three-dimensional display
US10523689B2 (en) 2007-06-12 2019-12-31 Icontrol Networks, Inc. Communication protocols over internet protocol (IP) networks
US10530839B2 (en) 2008-08-11 2020-01-07 Icontrol Networks, Inc. Integrated cloud system with lightweight gateway for premises automation
US10559193B2 (en) 2002-02-01 2020-02-11 Comcast Cable Communications, Llc Premises management systems
US10616075B2 (en) 2007-06-12 2020-04-07 Icontrol Networks, Inc. Communication protocols in integrated systems
US10645347B2 (en) 2013-08-09 2020-05-05 Icn Acquisition, Llc System, method and apparatus for remote monitoring
US10666523B2 (en) 2007-06-12 2020-05-26 Icontrol Networks, Inc. Communication protocols in integrated systems
US10721087B2 (en) 2005-03-16 2020-07-21 Icontrol Networks, Inc. Method for networked touchscreen with integrated interfaces
US10747216B2 (en) 2007-02-28 2020-08-18 Icontrol Networks, Inc. Method and system for communicating with and controlling an alarm system from a remote server
US10785319B2 (en) 2006-06-12 2020-09-22 Icontrol Networks, Inc. IP device discovery systems and methods
US10979389B2 (en) 2004-03-16 2021-04-13 Icontrol Networks, Inc. Premises management configuration and control
US10999254B2 (en) 2005-03-16 2021-05-04 Icontrol Networks, Inc. System for data routing in networks
US11089122B2 (en) 2007-06-12 2021-08-10 Icontrol Networks, Inc. Controlling data routing among networks
US11113950B2 (en) 2005-03-16 2021-09-07 Icontrol Networks, Inc. Gateway integrated with premises security system
US11146637B2 (en) 2014-03-03 2021-10-12 Icontrol Networks, Inc. Media content management
US11182060B2 (en) 2004-03-16 2021-11-23 Icontrol Networks, Inc. Networked touchscreen with integrated interfaces
US11201755B2 (en) 2004-03-16 2021-12-14 Icontrol Networks, Inc. Premises system management using status signal
US11212192B2 (en) 2007-06-12 2021-12-28 Icontrol Networks, Inc. Communication protocols in integrated systems
US11218878B2 (en) 2007-06-12 2022-01-04 Icontrol Networks, Inc. Communication protocols in integrated systems
US11237714B2 (en) 2007-06-12 2022-02-01 Control Networks, Inc. Control system user interface
US11244545B2 (en) 2004-03-16 2022-02-08 Icontrol Networks, Inc. Cross-client sensor user interface in an integrated security network
US11258625B2 (en) 2008-08-11 2022-02-22 Icontrol Networks, Inc. Mobile premises automation platform
US11277465B2 (en) 2004-03-16 2022-03-15 Icontrol Networks, Inc. Generating risk profile using data of home monitoring and security system
US11310199B2 (en) 2004-03-16 2022-04-19 Icontrol Networks, Inc. Premises management configuration and control
US11316753B2 (en) 2007-06-12 2022-04-26 Icontrol Networks, Inc. Communication protocols in integrated systems
US11316958B2 (en) 2008-08-11 2022-04-26 Icontrol Networks, Inc. Virtual device systems and methods
US11343380B2 (en) 2004-03-16 2022-05-24 Icontrol Networks, Inc. Premises system automation
US11368327B2 (en) 2008-08-11 2022-06-21 Icontrol Networks, Inc. Integrated cloud system for premises automation
US11405463B2 (en) 2014-03-03 2022-08-02 Icontrol Networks, Inc. Media content management
US11424980B2 (en) 2005-03-16 2022-08-23 Icontrol Networks, Inc. Forming a security network including integrated security system components
US11423756B2 (en) 2007-06-12 2022-08-23 Icontrol Networks, Inc. Communication protocols in integrated systems
US11451409B2 (en) 2005-03-16 2022-09-20 Icontrol Networks, Inc. Security network integrating security system and network devices
US11489812B2 (en) 2004-03-16 2022-11-01 Icontrol Networks, Inc. Forming a security network including integrated security system components and network devices
US11496568B2 (en) 2005-03-16 2022-11-08 Icontrol Networks, Inc. Security system with networked touchscreen
US11582065B2 (en) 2007-06-12 2023-02-14 Icontrol Networks, Inc. Systems and methods for device communication
US11601810B2 (en) 2007-06-12 2023-03-07 Icontrol Networks, Inc. Communication protocols in integrated systems
US11615697B2 (en) 2005-03-16 2023-03-28 Icontrol Networks, Inc. Premise management systems and methods
US11646907B2 (en) 2007-06-12 2023-05-09 Icontrol Networks, Inc. Communication protocols in integrated systems
US11677577B2 (en) 2004-03-16 2023-06-13 Icontrol Networks, Inc. Premises system management using status signal
US11700142B2 (en) 2005-03-16 2023-07-11 Icontrol Networks, Inc. Security network integrating security system and network devices
US11706279B2 (en) 2007-01-24 2023-07-18 Icontrol Networks, Inc. Methods and systems for data communication
US11706045B2 (en) 2005-03-16 2023-07-18 Icontrol Networks, Inc. Modular electronic display platform
US11729255B2 (en) 2008-08-11 2023-08-15 Icontrol Networks, Inc. Integrated cloud system with lightweight gateway for premises automation
US11750414B2 (en) 2010-12-16 2023-09-05 Icontrol Networks, Inc. Bidirectional security sensor communication for a premises security system
US11758026B2 (en) 2008-08-11 2023-09-12 Icontrol Networks, Inc. Virtual device systems and methods
US11792036B2 (en) 2008-08-11 2023-10-17 Icontrol Networks, Inc. Mobile premises automation platform
US11792330B2 (en) 2005-03-16 2023-10-17 Icontrol Networks, Inc. Communication and automation in a premises management system
US11811845B2 (en) 2004-03-16 2023-11-07 Icontrol Networks, Inc. Communication protocols over internet protocol (IP) networks
US11816323B2 (en) 2008-06-25 2023-11-14 Icontrol Networks, Inc. Automation system user interface
US11831462B2 (en) 2007-08-24 2023-11-28 Icontrol Networks, Inc. Controlling data routing in premises management systems
US11916870B2 (en) 2004-03-16 2024-02-27 Icontrol Networks, Inc. Gateway registry methods and systems
US11916928B2 (en) 2008-01-24 2024-02-27 Icontrol Networks, Inc. Communication protocols over internet protocol (IP) networks
US11962672B2 (en) 2023-05-12 2024-04-16 Icontrol Networks, Inc. Virtual device systems and methods

Families Citing this family (57)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4760101B2 (en) * 2005-04-07 2011-08-31 ソニー株式会社 Content providing system, content reproducing apparatus, program, and content reproducing method
US8452981B1 (en) * 2006-03-01 2013-05-28 Nvidia Corporation Method for author verification and software authorization
US8384525B2 (en) * 2006-05-15 2013-02-26 Nokia Corporation Contactless programming and testing of memory elements
JP5033447B2 (en) * 2007-03-08 2012-09-26 富士通株式会社 RFID system and RFID tag
JP5122001B2 (en) * 2008-06-25 2013-01-16 ノキア コーポレイション Power saving method and apparatus
US8607333B2 (en) * 2008-07-21 2013-12-10 Electronics And Telecommunications Research Institute Radio frequency identification (RFID) security apparatus having security function and method thereof
US20100214080A1 (en) * 2009-02-24 2010-08-26 Sensormatic Electronics Corporation Radio frequency identification hardtag encode and feed system
JP4612729B1 (en) * 2009-07-03 2011-01-12 パナソニック株式会社 Wireless terminal, information generation method, and information recording method
US9306750B2 (en) * 2009-07-16 2016-04-05 Oracle International Corporation Techniques for securing supply chain electronic transactions
US8811615B2 (en) * 2009-08-05 2014-08-19 Verayo, Inc. Index-based coding with a pseudo-random source
WO2011025843A1 (en) * 2009-08-25 2011-03-03 Maria Estela Seitz Trans-security components system and methods
JP5423280B2 (en) * 2009-09-25 2014-02-19 ソニー株式会社 COMMUNICATION DEVICE, COMMUNICATION METHOD, INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, PROGRAM, AND COMMUNICATION SYSTEM
EP2348465A1 (en) 2009-12-22 2011-07-27 Philip Morris Products S.A. Method and apparatus for storage of data for manufactured items
US8416697B2 (en) 2010-02-05 2013-04-09 Comcast Cable Communications, Llc Identification of a fault
US8971394B2 (en) 2010-02-05 2015-03-03 Comcast Cable Communications, Llc Inducing response signatures in a communication network
US9189904B1 (en) 2013-08-21 2015-11-17 Impinj, Inc. Exit-code-based RFID loss-prevention system
US8866596B1 (en) * 2010-09-25 2014-10-21 Impinj, Inc. Code-based RFID loss-prevention system
US8593257B1 (en) * 2010-06-14 2013-11-26 Impinj, Inc. RFID-based loss-prevention system
US8745370B2 (en) * 2010-06-28 2014-06-03 Sap Ag Secure sharing of data along supply chains
US8866595B1 (en) * 2010-09-25 2014-10-21 Impinj, Inc. Ticket-based RFID loss-prevention system
US8872636B1 (en) * 2010-09-25 2014-10-28 Impinj, Inc. Algorithm-based RFID loss-prevention system
US20130057392A1 (en) * 2011-03-14 2013-03-07 Roddy M. Bullock Method and System for Disabling an Electronic Device
US8235285B1 (en) * 2011-06-24 2012-08-07 American Express Travel Related Services Company, Inc. Systems and methods for gesture-based interaction with computer systems
JP5912330B2 (en) * 2011-08-05 2016-04-27 任天堂株式会社 System, transmitter and management method
CN102446319A (en) * 2011-09-09 2012-05-09 李建堂 Multi-function through-transport common pallet Internet-of-things circulation and sharing management system
US9496925B2 (en) 2011-09-30 2016-11-15 Nokia Technologies Oy Method, apparatus, and computer program product for remote wireless powering and control of an electronic device
US9672519B2 (en) 2012-06-08 2017-06-06 Fmr Llc Mobile device software radio for securely passing financial information between a customer and a financial services firm
US11507952B1 (en) * 2012-09-27 2022-11-22 Amazon Technologies, Inc. Mobile payment signature processing
TWI610253B (en) 2012-12-17 2018-01-01 印奈克斯托股份有限公司 Method and apparatus for storage of data for tracking manufactured items
GB201300939D0 (en) * 2013-01-18 2013-03-06 Corethree Ltd Offline voucher generation and redemption
US9380475B2 (en) 2013-03-05 2016-06-28 Comcast Cable Communications, Llc Network implementation of spectrum analysis
US9444719B2 (en) 2013-03-05 2016-09-13 Comcast Cable Communications, Llc Remote detection and measurement of data signal leakage
US9414348B2 (en) * 2013-04-22 2016-08-09 Nokia Technologies Oy Method and apparatus for determining dynamic access tokens for location-based services
BR112015027883B1 (en) 2013-05-06 2022-08-02 Huru Systems Inc ASSET TRACKING AND MANAGEMENT
US9208032B1 (en) * 2013-05-15 2015-12-08 Amazon Technologies, Inc. Managing contingency capacity of pooled resources in multiple availability zones
CN103279852B (en) * 2013-06-06 2016-06-08 四川航天系统工程研究所 Become more meticulous real-time monitoring and managing system and method based on the storehouse raw material of RFID
US9565022B1 (en) * 2013-07-02 2017-02-07 Impinj, Inc. RFID tags with dynamic key replacement
CN103812854B (en) * 2013-08-19 2015-03-18 深圳光启创新技术有限公司 Identity authentication system, device and method and identity authentication requesting device
US10192198B2 (en) 2014-11-05 2019-01-29 HURU Systems Ltd. Tracking code generation, application, and verification using blockchain technology
US9741012B2 (en) * 2014-11-05 2017-08-22 HURU Systems Ltd. Systems for secure tracking code generation, application, and verification
EP3051469A1 (en) 2015-01-28 2016-08-03 Philip Morris Products S.A. Method and apparatus for unit and container identification and tracking
ES2728680T3 (en) 2015-01-31 2019-10-28 Inexto Sa Secure product identification and verification
US20180205543A1 (en) 2015-08-13 2018-07-19 Inexto Sa Enhanced obfuscation or randomization for secure product identification and verification
WO2017032860A1 (en) 2015-08-25 2017-03-02 Inexto Sa Multiple authorization modules for secure production and verification
CN108140076B (en) 2015-08-25 2022-04-05 英艾克斯图股份有限公司 Authentication with fault tolerance for secure product identifiers
EP3185202A1 (en) * 2015-12-22 2017-06-28 Orange Processing of status data in an electronic device
KR102419505B1 (en) * 2016-03-09 2022-07-08 삼성전자주식회사 Method and system for authentication of a storage device
US20180150731A1 (en) * 2016-11-30 2018-05-31 Wal-Mart Stores, Inc. Systems and methods for labeling related consumer products with unique identifiers
US20180232971A1 (en) * 2017-02-10 2018-08-16 Microchip Technology Incorporated Systems And Methods For Managing Access To A Vehicle Or Other Object Using Environmental Data
US20180255076A1 (en) * 2017-03-02 2018-09-06 ResponSight Pty Ltd System and Method for Cyber Security Threat Detection
US10742413B2 (en) * 2017-04-25 2020-08-11 International Business Machines Corporation Flexible verifiable encryption from lattices
CN107634833A (en) * 2017-08-01 2018-01-26 上海飞聚微电子有限公司 A kind of identity identifying method of RFID chip
EP3501916B1 (en) * 2017-12-21 2021-05-05 Volkswagen Aktiengesellschaft Method for operating a radio monitoring system of a motor vehicle and monitoring system and tag unit for monitoring system
CN109308200A (en) * 2018-09-10 2019-02-05 麒麟合盛网络技术股份有限公司 A kind of internal storage data loading method, device and its equipment
CN110047181B (en) * 2019-04-20 2022-05-20 广东珠江智联信息科技股份有限公司 Intelligent door lock safety control method based on Zigbee
US11553054B2 (en) * 2020-04-30 2023-01-10 The Nielsen Company (Us), Llc Measurement of internet media consumption
CN113556233B (en) * 2021-07-08 2022-12-06 福建师范大学 SM9 digital signature method supporting batch verification

Citations (66)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4771458A (en) * 1987-03-12 1988-09-13 Zenith Electronics Corporation Secure data packet transmission system and method
US5222137A (en) * 1991-04-03 1993-06-22 Motorola, Inc. Dynamic encryption key selection for encrypted radio transmissions
US5491750A (en) * 1993-12-30 1996-02-13 International Business Machines Corporation Method and apparatus for three-party entity authentication and key distribution using message authentication codes
US5694471A (en) * 1994-08-03 1997-12-02 V-One Corporation Counterfeit-proof identification card
US5778069A (en) * 1996-04-10 1998-07-07 Microsoft Corporation Non-biased pseudo random number generator
US5805702A (en) * 1995-09-29 1998-09-08 Dallas Semiconductor Corporation Method, apparatus, and system for transferring units of value
US5822430A (en) * 1996-11-20 1998-10-13 Technical Communications Corporation System for encoding encryption/decryption information into IFF challenges
US5832090A (en) * 1995-08-10 1998-11-03 Hid Corporation Radio frequency transponder stored value system employing a secure encryption protocol
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5966082A (en) * 1997-05-23 1999-10-12 Intemec Ip Corp. Method of flagging partial write in RF tags
US6141695A (en) * 1996-12-04 2000-10-31 Canon Kabushiki Kaisha Email system converts email data to a different format according to processing mode information set in memory in correspondence with post office information
US20020041683A1 (en) * 2000-09-29 2002-04-11 Hopkins Dale W. Method for selecting optimal number of prime factors of a modulus for use in a cryptographic system
US6393564B1 (en) * 1997-09-30 2002-05-21 Matsushita Electric Industrial Co., Ltd. Decrypting device
US20020087867A1 (en) * 2000-11-28 2002-07-04 Oberle Robert R. RF ID card
US20020095507A1 (en) * 2001-01-17 2002-07-18 Jerdonek Robert A. Methods for pre-authentication of users using one-time passwords
US20020112174A1 (en) * 2000-12-18 2002-08-15 Yager David Frank Security code activated access control system
US20020147917A1 (en) * 2001-04-05 2002-10-10 Brickell Ernie F. Distribution of secured information
US20020184509A1 (en) * 1998-02-13 2002-12-05 Scheidt Edward M. Multiple factor-based user identification and authentication
US20030120925A1 (en) * 2001-12-21 2003-06-26 Rose Gregory G. Method and apparatus for simplified audio authentication
US20030169885A1 (en) * 2000-06-21 2003-09-11 Paolo Rinaldi On-line system for conditional access and audience control for communication services of the broadcast and multicast kind
US20030182565A1 (en) * 2001-03-29 2003-09-25 Toshihisa Nakano Data protection system that protects data by encrypting the data
US20040066278A1 (en) * 2002-10-04 2004-04-08 Hughes Michael A. Challenged-based tag authentication medel
US6778096B1 (en) * 1997-11-17 2004-08-17 International Business Machines Corporation Method and apparatus for deploying and tracking computers
US20040181681A1 (en) * 2003-03-11 2004-09-16 Rimage Corporation Cartridge validation with radio frequency identification
US20040252025A1 (en) * 2003-04-07 2004-12-16 Silverbrook Research Pty Ltd. Shopping receptacle with in-built scanner
US20050123133A1 (en) * 2003-12-09 2005-06-09 Intelleflex Corporation Security system and method
US20050154896A1 (en) * 2003-09-22 2005-07-14 Mathias Widman Data communication security arrangement and method
US20050190892A1 (en) * 2004-02-27 2005-09-01 Dawson Martin C. Determining the geographical location from which an emergency call originates in a packet-based communications network
US6950522B1 (en) * 2000-06-15 2005-09-27 Microsoft Corporation Encryption key updating for multiple site automated login
US6981151B1 (en) * 1999-04-08 2005-12-27 Battelle Energy Alliance, Llc Digital data storage systems, computers, and data verification methods
US7000114B1 (en) * 1999-05-31 2006-02-14 Fujitsu Limited Apparatus to create and/or verify digital signatures having a secure time element and an identifier of the apparatus
US20060049256A1 (en) * 2004-09-07 2006-03-09 Clay Von Mueller Transparently securing data for transmission on financial networks
US20060116899A1 (en) * 2003-02-10 2006-06-01 R Lax Michael Apparatus and methods for processing items
US20060124756A1 (en) * 2004-12-10 2006-06-15 Brown Kerry D Payment card with internally generated virtual account numbers for its magnetic stripe encoder and user display
US20060235805A1 (en) * 2005-04-13 2006-10-19 Mr. Feng Peng Universal anti-counterfeit method and system
US20060271386A1 (en) * 2005-05-31 2006-11-30 Bhella Kenneth S Methods and apparatus for locating devices
US20070008135A1 (en) * 2003-06-17 2007-01-11 United Security Applications Id, Inc. Electronic security system for monitoring and recording activity and data relating to persons or cargo
US20070022045A1 (en) * 2005-07-25 2007-01-25 Silverbrook Research Pty Ltd. Method of transacting objects
US20070023508A1 (en) * 2005-01-31 2007-02-01 George Brookner Proximity validation system and method
US7178169B1 (en) * 2000-09-01 2007-02-13 Zoran Corporation Method and apparatus for securing transfer of and access to digital content
US20070057768A1 (en) * 2005-09-13 2007-03-15 Nec (China) Co., Ltd. Radio frequency identification system and method
US20070085689A1 (en) * 2005-10-13 2007-04-19 Bae Systems Information And Electronic Systems Integration Inc. RFID tag incorporating at least two integrated circuits
US20070095928A1 (en) * 2003-01-15 2007-05-03 Hewlett-Packard Development Company, L.P. Physical items for holding data securely, and methods and apparatus for publishing and reading them
US20070103274A1 (en) * 2005-04-13 2007-05-10 Oliver Berthold Radio frequency identification (RFID) system that meets data protection requirements through owner-controlled RFID tag functionality
US7246744B2 (en) * 2004-12-22 2007-07-24 Bce Inc. User authentication for contact-less systems
US20070194882A1 (en) * 2004-03-10 2007-08-23 Koninklijke Philips Electonics N.V. Authentication system and authentication apparatus
US20070214474A1 (en) * 2006-03-09 2007-09-13 Sbc Knowledge Ventures, L.P. Methods and systems to operate a set-top box
US20070234058A1 (en) * 2005-11-04 2007-10-04 White Charles A System and method for authenticating products
US20070277044A1 (en) * 2004-04-07 2007-11-29 Hans Graf Data Support With Tan-Generator And Display
US20080011835A1 (en) * 2004-07-12 2008-01-17 Samsung Electronics Co., Ltd. Method and apparatus for searching rights objects stored in portable storage device using object location data
US20080013807A1 (en) * 2004-07-01 2008-01-17 American Express Travel Related Services Company, Inc. Method and system for keystroke scan recognition biometrics on a smartcard
US20080061935A1 (en) * 2006-08-15 2008-03-13 Melendez Peter A Methods and systems for positioning data fields of a radio-frequency identification (rfid) tag
US7365636B2 (en) * 2004-08-25 2008-04-29 Kabushiki Kaisha Toshiba RFID tag device, tag identification device and radio communication system
US20080244271A1 (en) * 2007-03-28 2008-10-02 Legend Holdings Ltd Method and system for authentication based on wireless identification, wireless identification and server
US20080266055A1 (en) * 2004-02-06 2008-10-30 Christopher Gordon Gervase Turner Method and System for Controlling RFID Transponder Response Waiting Periods
US20090048971A1 (en) * 2007-08-17 2009-02-19 Matthew Hathaway Payment Card with Dynamic Account Number
US20090160615A1 (en) * 2007-12-20 2009-06-25 Bce Inc. Contact-less tag with signature, and applications thereof
US20100073147A1 (en) * 2006-12-06 2010-03-25 Koninklijke Philips Electronics N.V. Controlling data access to and from an rfid device
US20100150342A1 (en) * 2008-12-16 2010-06-17 Richards Ronald W Encryption and decryption of records in accordance with group access vectors
US20100205047A1 (en) * 2009-02-12 2010-08-12 Denis Khoo Promotional Electronic Recipe Distribution
US7876220B2 (en) * 2006-11-22 2011-01-25 Cintas Corporation Garment tracking and processing system
US7937583B2 (en) * 2003-08-15 2011-05-03 Venafi, Inc. Method of aggregating multiple certificate authority services
US7941663B2 (en) * 2007-10-23 2011-05-10 Futurewei Technologies, Inc. Authentication of 6LoWPAN nodes using EAP-GPSK
US7953974B2 (en) * 2005-02-17 2011-05-31 Fujitsu Limited Authentication method, authentication system, and tag device thereof, data reference client, authentication server, and data server
US20110185180A1 (en) * 2008-09-17 2011-07-28 Peter Gullberg Method and device for creating digital signature
US20110264907A1 (en) * 2010-04-27 2011-10-27 International Business Machines Corporation Securing information within a cloud computing environment

Family Cites Families (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE4308235A1 (en) * 1993-03-10 1994-09-15 Thomson Brandt Gmbh Methods of storing or playing back data packets
US8131007B2 (en) * 1996-08-30 2012-03-06 Regents Of The University Of Minnesota Watermarking using multiple watermarks and keys, including keys dependent on the host signal
US6222440B1 (en) 1998-02-23 2001-04-24 Freshloc Technologies, Inc. Location, identification and telemetry system using strobed signals at predetermined intervals
US6484182B1 (en) * 1998-06-12 2002-11-19 International Business Machines Corporation Method and apparatus for publishing part datasheets
JP3252282B2 (en) * 1998-12-17 2002-02-04 松下電器産業株式会社 Method and apparatus for searching scene
CA2290170C (en) 1999-01-29 2005-06-14 International Business Machines Corporation Improved digital signature
US6961858B2 (en) * 2000-06-16 2005-11-01 Entriq, Inc. Method and system to secure content for distribution via a network
US7107462B2 (en) * 2000-06-16 2006-09-12 Irdeto Access B.V. Method and system to store and distribute encryption keys
US20010054025A1 (en) * 2000-06-19 2001-12-20 Adams William M. Method of securely delivering a package
US6914062B2 (en) 2000-06-30 2005-07-05 Banyu Pharmaceutical Co., Ltd. Pyrazinone derivatives
US6985588B1 (en) * 2000-10-30 2006-01-10 Geocodex Llc System and method for using location identity to control access to digital information
US6983289B2 (en) * 2000-12-05 2006-01-03 Digital Networks North America, Inc. Automatic identification of DVD title using internet technologies and fuzzy matching techniques
US7150045B2 (en) * 2000-12-14 2006-12-12 Widevine Technologies, Inc. Method and apparatus for protection of electronic media
US20030069786A1 (en) * 2001-03-23 2003-04-10 Restaurant Services, Inc. System, method and computer program product for calendar dissemination in a supply chain management framework
US7303120B2 (en) 2001-07-10 2007-12-04 American Express Travel Related Services Company, Inc. System for biometric security using a FOB
US7735725B1 (en) 2001-07-10 2010-06-15 Fred Bishop Processing an RF transaction using a routing number
US7080049B2 (en) * 2001-09-21 2006-07-18 Paymentone Corporation Method and system for processing a transaction
US7020635B2 (en) * 2001-11-21 2006-03-28 Line 6, Inc System and method of secure electronic commerce transactions including tracking and recording the distribution and usage of assets
US7146009B2 (en) 2002-02-05 2006-12-05 Surety, Llc Secure electronic messaging system requiring key retrieval for deriving decryption keys
US7840803B2 (en) 2002-04-16 2010-11-23 Massachusetts Institute Of Technology Authentication of integrated circuits
US7941149B2 (en) * 2002-05-13 2011-05-10 Misonimo Chi Acquistion L.L.C. Multi-hop ultra wide band wireless network communication
US7005965B2 (en) * 2003-02-14 2006-02-28 Winbond Electronics Corporation Radio frequency identification device
US6970518B2 (en) 2003-03-11 2005-11-29 Motorola, Inc. Method and apparatus for electronic item identification in a communication system using known source parameters
JP2005064239A (en) * 2003-08-12 2005-03-10 Lintec Corp Manufacturing method of semiconductor device
US20050049979A1 (en) 2003-08-26 2005-03-03 Collins Timothy J. Method, apparatus, and system for determining a fraudulent item
US7090128B2 (en) * 2003-09-08 2006-08-15 Systems And Software Enterprises, Inc. Mobile electronic newsstand
CA2471055A1 (en) * 2004-06-16 2005-12-16 Qualtech Technical Sales Inc. A network security enforcement system
US20050285732A1 (en) 2004-06-25 2005-12-29 Sengupta Uttam K Radio frequency identification based system to track consumption of medication
CN1716953B (en) * 2004-06-28 2010-09-15 华为技术有限公司 Method for identifying conversation initial protocol
JP2006053800A (en) 2004-08-12 2006-02-23 Ntt Docomo Inc Information supply method, information supply system and repeating apparatus
GB0419479D0 (en) 2004-09-02 2004-10-06 Cryptomathic Ltd Data certification methods and apparatus
WO2006039771A1 (en) 2004-10-12 2006-04-20 Bce Inc. System and method for access control
US7711586B2 (en) * 2005-02-24 2010-05-04 Rearden Corporation Method and system for unused ticket management
US8576832B2 (en) 2005-03-29 2013-11-05 At&T Intellectual Property Ii Method and apparatus for enabling global telephony capabilities in communication networks
US7587502B2 (en) * 2005-05-13 2009-09-08 Yahoo! Inc. Enabling rent/buy redirection in invitation to an online service
WO2006130615A2 (en) * 2005-05-31 2006-12-07 Tricipher, Inc. Secure login using single factor split key asymmetric cryptography and an augmenting factor
KR20080059617A (en) 2005-10-05 2008-06-30 프리바스피어 아게 Method and devices for user authentication
WO2007145687A1 (en) * 2006-02-21 2007-12-21 Weiss Kenneth P Method and apparatus for secure access payment and identification
US7492258B1 (en) 2006-03-21 2009-02-17 Radiofy Llc Systems and methods for RFID security
US8151327B2 (en) * 2006-03-31 2012-04-03 The 41St Parameter, Inc. Systems and methods for detection of session tampering and fraud prevention
WO2008094470A1 (en) * 2007-01-26 2008-08-07 Magtek, Inc. Card reader for use with web based transactions
EP1976322A1 (en) 2007-03-27 2008-10-01 British Telecommunications Public Limited Company An authentication method
KR20100016579A (en) 2007-04-05 2010-02-12 인터내셔널 비지네스 머신즈 코포레이션 System and method for distribution of credentials
US7800499B2 (en) 2007-06-05 2010-09-21 Oracle International Corporation RFID and sensor signing algorithm
US8183982B2 (en) 2007-08-14 2012-05-22 Infineon Technologies Ag System including reply signal that at least partially overlaps request
JP5525133B2 (en) 2008-01-17 2014-06-18 株式会社日立製作所 System and method for digital signature and authentication
US8789150B2 (en) * 2011-09-22 2014-07-22 Kinesis Identity Security System Inc. System and method for user authentication
US20130232061A1 (en) * 2012-03-01 2013-09-05 Carmel - Haifa University Economic Corporation Ltd Reducing unsolicited traffic in communication networks
US20150170447A1 (en) * 2013-12-12 2015-06-18 James F Buzhardt Smart door lock
US9716788B2 (en) * 2014-11-13 2017-07-25 Verizon Patent And Licensing Inc. Multiple secondary device call controls and protocols

Patent Citations (71)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4771458A (en) * 1987-03-12 1988-09-13 Zenith Electronics Corporation Secure data packet transmission system and method
US5222137A (en) * 1991-04-03 1993-06-22 Motorola, Inc. Dynamic encryption key selection for encrypted radio transmissions
US5491750A (en) * 1993-12-30 1996-02-13 International Business Machines Corporation Method and apparatus for three-party entity authentication and key distribution using message authentication codes
US5694471A (en) * 1994-08-03 1997-12-02 V-One Corporation Counterfeit-proof identification card
US5832090A (en) * 1995-08-10 1998-11-03 Hid Corporation Radio frequency transponder stored value system employing a secure encryption protocol
US5805702A (en) * 1995-09-29 1998-09-08 Dallas Semiconductor Corporation Method, apparatus, and system for transferring units of value
US5778069A (en) * 1996-04-10 1998-07-07 Microsoft Corporation Non-biased pseudo random number generator
US5892900A (en) * 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5822430A (en) * 1996-11-20 1998-10-13 Technical Communications Corporation System for encoding encryption/decryption information into IFF challenges
US6141695A (en) * 1996-12-04 2000-10-31 Canon Kabushiki Kaisha Email system converts email data to a different format according to processing mode information set in memory in correspondence with post office information
US5966082A (en) * 1997-05-23 1999-10-12 Intemec Ip Corp. Method of flagging partial write in RF tags
US6393564B1 (en) * 1997-09-30 2002-05-21 Matsushita Electric Industrial Co., Ltd. Decrypting device
US6778096B1 (en) * 1997-11-17 2004-08-17 International Business Machines Corporation Method and apparatus for deploying and tracking computers
US20020184509A1 (en) * 1998-02-13 2002-12-05 Scheidt Edward M. Multiple factor-based user identification and authentication
US6981151B1 (en) * 1999-04-08 2005-12-27 Battelle Energy Alliance, Llc Digital data storage systems, computers, and data verification methods
US7000114B1 (en) * 1999-05-31 2006-02-14 Fujitsu Limited Apparatus to create and/or verify digital signatures having a secure time element and an identifier of the apparatus
US6950522B1 (en) * 2000-06-15 2005-09-27 Microsoft Corporation Encryption key updating for multiple site automated login
US20030169885A1 (en) * 2000-06-21 2003-09-11 Paolo Rinaldi On-line system for conditional access and audience control for communication services of the broadcast and multicast kind
US7178169B1 (en) * 2000-09-01 2007-02-13 Zoran Corporation Method and apparatus for securing transfer of and access to digital content
US20020041683A1 (en) * 2000-09-29 2002-04-11 Hopkins Dale W. Method for selecting optimal number of prime factors of a modulus for use in a cryptographic system
US20020087867A1 (en) * 2000-11-28 2002-07-04 Oberle Robert R. RF ID card
US20020112174A1 (en) * 2000-12-18 2002-08-15 Yager David Frank Security code activated access control system
US20020095507A1 (en) * 2001-01-17 2002-07-18 Jerdonek Robert A. Methods for pre-authentication of users using one-time passwords
US20030182565A1 (en) * 2001-03-29 2003-09-25 Toshihisa Nakano Data protection system that protects data by encrypting the data
US20020147917A1 (en) * 2001-04-05 2002-10-10 Brickell Ernie F. Distribution of secured information
US20030120925A1 (en) * 2001-12-21 2003-06-26 Rose Gregory G. Method and apparatus for simplified audio authentication
US6842106B2 (en) * 2002-10-04 2005-01-11 Battelle Memorial Institute Challenged-based tag authentication model
US20040066278A1 (en) * 2002-10-04 2004-04-08 Hughes Michael A. Challenged-based tag authentication medel
US20070095928A1 (en) * 2003-01-15 2007-05-03 Hewlett-Packard Development Company, L.P. Physical items for holding data securely, and methods and apparatus for publishing and reading them
US20060116899A1 (en) * 2003-02-10 2006-06-01 R Lax Michael Apparatus and methods for processing items
US20040181681A1 (en) * 2003-03-11 2004-09-16 Rimage Corporation Cartridge validation with radio frequency identification
US20040252025A1 (en) * 2003-04-07 2004-12-16 Silverbrook Research Pty Ltd. Shopping receptacle with in-built scanner
US20070008135A1 (en) * 2003-06-17 2007-01-11 United Security Applications Id, Inc. Electronic security system for monitoring and recording activity and data relating to persons or cargo
US7937583B2 (en) * 2003-08-15 2011-05-03 Venafi, Inc. Method of aggregating multiple certificate authority services
US20050154896A1 (en) * 2003-09-22 2005-07-14 Mathias Widman Data communication security arrangement and method
US20050123133A1 (en) * 2003-12-09 2005-06-09 Intelleflex Corporation Security system and method
US20080266055A1 (en) * 2004-02-06 2008-10-30 Christopher Gordon Gervase Turner Method and System for Controlling RFID Transponder Response Waiting Periods
US20050190892A1 (en) * 2004-02-27 2005-09-01 Dawson Martin C. Determining the geographical location from which an emergency call originates in a packet-based communications network
US20070194882A1 (en) * 2004-03-10 2007-08-23 Koninklijke Philips Electonics N.V. Authentication system and authentication apparatus
US20070277044A1 (en) * 2004-04-07 2007-11-29 Hans Graf Data Support With Tan-Generator And Display
US20080013807A1 (en) * 2004-07-01 2008-01-17 American Express Travel Related Services Company, Inc. Method and system for keystroke scan recognition biometrics on a smartcard
US20080011835A1 (en) * 2004-07-12 2008-01-17 Samsung Electronics Co., Ltd. Method and apparatus for searching rights objects stored in portable storage device using object location data
US7365636B2 (en) * 2004-08-25 2008-04-29 Kabushiki Kaisha Toshiba RFID tag device, tag identification device and radio communication system
US20060049256A1 (en) * 2004-09-07 2006-03-09 Clay Von Mueller Transparently securing data for transmission on financial networks
US20060124756A1 (en) * 2004-12-10 2006-06-15 Brown Kerry D Payment card with internally generated virtual account numbers for its magnetic stripe encoder and user display
US7246744B2 (en) * 2004-12-22 2007-07-24 Bce Inc. User authentication for contact-less systems
US20070023508A1 (en) * 2005-01-31 2007-02-01 George Brookner Proximity validation system and method
US7953974B2 (en) * 2005-02-17 2011-05-31 Fujitsu Limited Authentication method, authentication system, and tag device thereof, data reference client, authentication server, and data server
US20060235805A1 (en) * 2005-04-13 2006-10-19 Mr. Feng Peng Universal anti-counterfeit method and system
US20070103274A1 (en) * 2005-04-13 2007-05-10 Oliver Berthold Radio frequency identification (RFID) system that meets data protection requirements through owner-controlled RFID tag functionality
US20060271386A1 (en) * 2005-05-31 2006-11-30 Bhella Kenneth S Methods and apparatus for locating devices
US20070022045A1 (en) * 2005-07-25 2007-01-25 Silverbrook Research Pty Ltd. Method of transacting objects
US20070057768A1 (en) * 2005-09-13 2007-03-15 Nec (China) Co., Ltd. Radio frequency identification system and method
US20070085689A1 (en) * 2005-10-13 2007-04-19 Bae Systems Information And Electronic Systems Integration Inc. RFID tag incorporating at least two integrated circuits
US20070234058A1 (en) * 2005-11-04 2007-10-04 White Charles A System and method for authenticating products
US20070214474A1 (en) * 2006-03-09 2007-09-13 Sbc Knowledge Ventures, L.P. Methods and systems to operate a set-top box
US20080061935A1 (en) * 2006-08-15 2008-03-13 Melendez Peter A Methods and systems for positioning data fields of a radio-frequency identification (rfid) tag
US7876220B2 (en) * 2006-11-22 2011-01-25 Cintas Corporation Garment tracking and processing system
US20100073147A1 (en) * 2006-12-06 2010-03-25 Koninklijke Philips Electronics N.V. Controlling data access to and from an rfid device
US20080244271A1 (en) * 2007-03-28 2008-10-02 Legend Holdings Ltd Method and system for authentication based on wireless identification, wireless identification and server
US20090048971A1 (en) * 2007-08-17 2009-02-19 Matthew Hathaway Payment Card with Dynamic Account Number
US7941663B2 (en) * 2007-10-23 2011-05-10 Futurewei Technologies, Inc. Authentication of 6LoWPAN nodes using EAP-GPSK
US20090216679A1 (en) * 2007-12-20 2009-08-27 Tet Hin Yeap Method and system for validating a device that uses a dynamic identifier
US20090159666A1 (en) * 2007-12-20 2009-06-25 Bce Inc. Contact-less tag with signature, and applications thereof
US20090161872A1 (en) * 2007-12-20 2009-06-25 Bce Inc. Contact-less tag with signature, and applications thereof
US20090160649A1 (en) * 2007-12-20 2009-06-25 Bce Inc. Contact-less tag with signature, and applications thereof
US20090160615A1 (en) * 2007-12-20 2009-06-25 Bce Inc. Contact-less tag with signature, and applications thereof
US20110185180A1 (en) * 2008-09-17 2011-07-28 Peter Gullberg Method and device for creating digital signature
US20100150342A1 (en) * 2008-12-16 2010-06-17 Richards Ronald W Encryption and decryption of records in accordance with group access vectors
US20100205047A1 (en) * 2009-02-12 2010-08-12 Denis Khoo Promotional Electronic Recipe Distribution
US20110264907A1 (en) * 2010-04-27 2011-10-27 International Business Machines Corporation Securing information within a cloud computing environment

Cited By (212)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10559193B2 (en) 2002-02-01 2020-02-11 Comcast Cable Communications, Llc Premises management systems
US11489812B2 (en) 2004-03-16 2022-11-01 Icontrol Networks, Inc. Forming a security network including integrated security system components and network devices
US11601397B2 (en) 2004-03-16 2023-03-07 Icontrol Networks, Inc. Premises management configuration and control
US11916870B2 (en) 2004-03-16 2024-02-27 Icontrol Networks, Inc. Gateway registry methods and systems
US11893874B2 (en) 2004-03-16 2024-02-06 Icontrol Networks, Inc. Networked touchscreen with integrated interfaces
US10691295B2 (en) 2004-03-16 2020-06-23 Icontrol Networks, Inc. User interface in a premises network
US11810445B2 (en) 2004-03-16 2023-11-07 Icontrol Networks, Inc. Cross-client sensor user interface in an integrated security network
US11811845B2 (en) 2004-03-16 2023-11-07 Icontrol Networks, Inc. Communication protocols over internet protocol (IP) networks
US10692356B2 (en) 2004-03-16 2020-06-23 Icontrol Networks, Inc. Control system user interface
US10735249B2 (en) 2004-03-16 2020-08-04 Icontrol Networks, Inc. Management of a security system at a premises
US11782394B2 (en) 2004-03-16 2023-10-10 Icontrol Networks, Inc. Automation system with mobile interface
US11757834B2 (en) 2004-03-16 2023-09-12 Icontrol Networks, Inc. Communication protocols in integrated systems
US10447491B2 (en) 2004-03-16 2019-10-15 Icontrol Networks, Inc. Premises system management using status signal
US10754304B2 (en) 2004-03-16 2020-08-25 Icontrol Networks, Inc. Automation system with mobile interface
US10796557B2 (en) 2004-03-16 2020-10-06 Icontrol Networks, Inc. Automation system user interface with three-dimensional display
US10890881B2 (en) 2004-03-16 2021-01-12 Icontrol Networks, Inc. Premises management networking
US11677577B2 (en) 2004-03-16 2023-06-13 Icontrol Networks, Inc. Premises system management using status signal
US11656667B2 (en) 2004-03-16 2023-05-23 Icontrol Networks, Inc. Integrated security system with parallel processing architecture
US11625008B2 (en) 2004-03-16 2023-04-11 Icontrol Networks, Inc. Premises management networking
US11626006B2 (en) 2004-03-16 2023-04-11 Icontrol Networks, Inc. Management of a security system at a premises
US11037433B2 (en) 2004-03-16 2021-06-15 Icontrol Networks, Inc. Management of a security system at a premises
US10979389B2 (en) 2004-03-16 2021-04-13 Icontrol Networks, Inc. Premises management configuration and control
US10992784B2 (en) 2004-03-16 2021-04-27 Control Networks, Inc. Communication protocols over internet protocol (IP) networks
US11043112B2 (en) 2004-03-16 2021-06-22 Icontrol Networks, Inc. Integrated security system with parallel processing architecture
US11082395B2 (en) 2004-03-16 2021-08-03 Icontrol Networks, Inc. Premises management configuration and control
US11153266B2 (en) 2004-03-16 2021-10-19 Icontrol Networks, Inc. Gateway registry methods and systems
US11588787B2 (en) 2004-03-16 2023-02-21 Icontrol Networks, Inc. Premises management configuration and control
US11537186B2 (en) 2004-03-16 2022-12-27 Icontrol Networks, Inc. Integrated security system with parallel processing architecture
US11159484B2 (en) 2004-03-16 2021-10-26 Icontrol Networks, Inc. Forming a security network including integrated security system components and network devices
US11175793B2 (en) 2004-03-16 2021-11-16 Icontrol Networks, Inc. User interface in a premises network
US11449012B2 (en) 2004-03-16 2022-09-20 Icontrol Networks, Inc. Premises management networking
US11182060B2 (en) 2004-03-16 2021-11-23 Icontrol Networks, Inc. Networked touchscreen with integrated interfaces
US11184322B2 (en) 2004-03-16 2021-11-23 Icontrol Networks, Inc. Communication protocols in integrated systems
US11201755B2 (en) 2004-03-16 2021-12-14 Icontrol Networks, Inc. Premises system management using status signal
US10156831B2 (en) 2004-03-16 2018-12-18 Icontrol Networks, Inc. Automation system with mobile interface
US11244545B2 (en) 2004-03-16 2022-02-08 Icontrol Networks, Inc. Cross-client sensor user interface in an integrated security network
US11410531B2 (en) 2004-03-16 2022-08-09 Icontrol Networks, Inc. Automation system user interface with three-dimensional display
US11378922B2 (en) 2004-03-16 2022-07-05 Icontrol Networks, Inc. Automation system with mobile interface
US11368429B2 (en) 2004-03-16 2022-06-21 Icontrol Networks, Inc. Premises management configuration and control
US10142166B2 (en) 2004-03-16 2018-11-27 Icontrol Networks, Inc. Takeover of security network
US11277465B2 (en) 2004-03-16 2022-03-15 Icontrol Networks, Inc. Generating risk profile using data of home monitoring and security system
US11343380B2 (en) 2004-03-16 2022-05-24 Icontrol Networks, Inc. Premises system automation
US11310199B2 (en) 2004-03-16 2022-04-19 Icontrol Networks, Inc. Premises management configuration and control
US9450776B2 (en) 2005-03-16 2016-09-20 Icontrol Networks, Inc. Forming a security network including integrated security system components
US10841381B2 (en) 2005-03-16 2020-11-17 Icontrol Networks, Inc. Security system with networked touchscreen
US10127801B2 (en) 2005-03-16 2018-11-13 Icontrol Networks, Inc. Integrated security system with parallel processing architecture
US10062245B2 (en) 2005-03-16 2018-08-28 Icontrol Networks, Inc. Cross-client sensor user interface in an integrated security network
US11367340B2 (en) 2005-03-16 2022-06-21 Icontrol Networks, Inc. Premise management systems and methods
US11824675B2 (en) 2005-03-16 2023-11-21 Icontrol Networks, Inc. Networked touchscreen with integrated interfaces
US10721087B2 (en) 2005-03-16 2020-07-21 Icontrol Networks, Inc. Method for networked touchscreen with integrated interfaces
US11792330B2 (en) 2005-03-16 2023-10-17 Icontrol Networks, Inc. Communication and automation in a premises management system
US11706045B2 (en) 2005-03-16 2023-07-18 Icontrol Networks, Inc. Modular electronic display platform
US10156959B2 (en) 2005-03-16 2018-12-18 Icontrol Networks, Inc. Cross-client sensor user interface in an integrated security network
US11700142B2 (en) 2005-03-16 2023-07-11 Icontrol Networks, Inc. Security network integrating security system and network devices
US10091014B2 (en) 2005-03-16 2018-10-02 Icontrol Networks, Inc. Integrated security network with security alarm signaling system
US10999254B2 (en) 2005-03-16 2021-05-04 Icontrol Networks, Inc. System for data routing in networks
US11424980B2 (en) 2005-03-16 2022-08-23 Icontrol Networks, Inc. Forming a security network including integrated security system components
US11451409B2 (en) 2005-03-16 2022-09-20 Icontrol Networks, Inc. Security network integrating security system and network devices
US11496568B2 (en) 2005-03-16 2022-11-08 Icontrol Networks, Inc. Security system with networked touchscreen
US10930136B2 (en) 2005-03-16 2021-02-23 Icontrol Networks, Inc. Premise management systems and methods
US10380871B2 (en) 2005-03-16 2019-08-13 Icontrol Networks, Inc. Control system user interface
US11615697B2 (en) 2005-03-16 2023-03-28 Icontrol Networks, Inc. Premise management systems and methods
US11113950B2 (en) 2005-03-16 2021-09-07 Icontrol Networks, Inc. Gateway integrated with premises security system
US11595364B2 (en) 2005-03-16 2023-02-28 Icontrol Networks, Inc. System for data routing in networks
US10785319B2 (en) 2006-06-12 2020-09-22 Icontrol Networks, Inc. IP device discovery systems and methods
US10616244B2 (en) 2006-06-12 2020-04-07 Icontrol Networks, Inc. Activation of gateway device
US11418518B2 (en) 2006-06-12 2022-08-16 Icontrol Networks, Inc. Activation of gateway device
US9621408B2 (en) 2006-06-12 2017-04-11 Icontrol Networks, Inc. Gateway registry methods and systems
US10142392B2 (en) 2007-01-24 2018-11-27 Icontrol Networks, Inc. Methods and systems for improved system performance
US11412027B2 (en) 2007-01-24 2022-08-09 Icontrol Networks, Inc. Methods and systems for data communication
US10225314B2 (en) 2007-01-24 2019-03-05 Icontrol Networks, Inc. Methods and systems for improved system performance
US11706279B2 (en) 2007-01-24 2023-07-18 Icontrol Networks, Inc. Methods and systems for data communication
US11418572B2 (en) 2007-01-24 2022-08-16 Icontrol Networks, Inc. Methods and systems for improved system performance
US10747216B2 (en) 2007-02-28 2020-08-18 Icontrol Networks, Inc. Method and system for communicating with and controlling an alarm system from a remote server
US11194320B2 (en) 2007-02-28 2021-12-07 Icontrol Networks, Inc. Method and system for managing communication connectivity
US10657794B1 (en) 2007-02-28 2020-05-19 Icontrol Networks, Inc. Security, monitoring and automation controller access and use of legacy security control panel information
US11809174B2 (en) 2007-02-28 2023-11-07 Icontrol Networks, Inc. Method and system for managing communication connectivity
US9412248B1 (en) 2007-02-28 2016-08-09 Icontrol Networks, Inc. Security, monitoring and automation controller access and use of legacy security control panel information
US11663902B2 (en) 2007-04-23 2023-05-30 Icontrol Networks, Inc. Method and system for providing alternate network access
US10140840B2 (en) 2007-04-23 2018-11-27 Icontrol Networks, Inc. Method and system for providing alternate network access
US9510065B2 (en) 2007-04-23 2016-11-29 Icontrol Networks, Inc. Method and system for automatically providing alternate network access for telecommunications
US11132888B2 (en) 2007-04-23 2021-09-28 Icontrol Networks, Inc. Method and system for providing alternate network access
US10672254B2 (en) 2007-04-23 2020-06-02 Icontrol Networks, Inc. Method and system for providing alternate network access
US10200504B2 (en) 2007-06-12 2019-02-05 Icontrol Networks, Inc. Communication protocols over internet protocol (IP) networks
US11582065B2 (en) 2007-06-12 2023-02-14 Icontrol Networks, Inc. Systems and methods for device communication
US10079839B1 (en) 2007-06-12 2018-09-18 Icontrol Networks, Inc. Activation of gateway device
US10051078B2 (en) 2007-06-12 2018-08-14 Icontrol Networks, Inc. WiFi-to-serial encapsulation in systems
US10666523B2 (en) 2007-06-12 2020-05-26 Icontrol Networks, Inc. Communication protocols in integrated systems
US10142394B2 (en) 2007-06-12 2018-11-27 Icontrol Networks, Inc. Generating risk profile using data of home monitoring and security system
US10616075B2 (en) 2007-06-12 2020-04-07 Icontrol Networks, Inc. Communication protocols in integrated systems
US11237714B2 (en) 2007-06-12 2022-02-01 Control Networks, Inc. Control system user interface
US11218878B2 (en) 2007-06-12 2022-01-04 Icontrol Networks, Inc. Communication protocols in integrated systems
US10523689B2 (en) 2007-06-12 2019-12-31 Icontrol Networks, Inc. Communication protocols over internet protocol (IP) networks
US11212192B2 (en) 2007-06-12 2021-12-28 Icontrol Networks, Inc. Communication protocols in integrated systems
US11646907B2 (en) 2007-06-12 2023-05-09 Icontrol Networks, Inc. Communication protocols in integrated systems
US11632308B2 (en) 2007-06-12 2023-04-18 Icontrol Networks, Inc. Communication protocols in integrated systems
US10498830B2 (en) 2007-06-12 2019-12-03 Icontrol Networks, Inc. Wi-Fi-to-serial encapsulation in systems
US10444964B2 (en) 2007-06-12 2019-10-15 Icontrol Networks, Inc. Control system user interface
US11625161B2 (en) 2007-06-12 2023-04-11 Icontrol Networks, Inc. Control system user interface
US10423309B2 (en) 2007-06-12 2019-09-24 Icontrol Networks, Inc. Device integration framework
US11423756B2 (en) 2007-06-12 2022-08-23 Icontrol Networks, Inc. Communication protocols in integrated systems
US9306809B2 (en) 2007-06-12 2016-04-05 Icontrol Networks, Inc. Security system with networked touchscreen
US10237237B2 (en) 2007-06-12 2019-03-19 Icontrol Networks, Inc. Communication protocols in integrated systems
US11894986B2 (en) 2007-06-12 2024-02-06 Icontrol Networks, Inc. Communication protocols in integrated systems
US10389736B2 (en) 2007-06-12 2019-08-20 Icontrol Networks, Inc. Communication protocols in integrated systems
US10365810B2 (en) 2007-06-12 2019-07-30 Icontrol Networks, Inc. Control system user interface
US11611568B2 (en) 2007-06-12 2023-03-21 Icontrol Networks, Inc. Communication protocols over internet protocol (IP) networks
US10382452B1 (en) 2007-06-12 2019-08-13 Icontrol Networks, Inc. Communication protocols in integrated systems
US11601810B2 (en) 2007-06-12 2023-03-07 Icontrol Networks, Inc. Communication protocols in integrated systems
US9531593B2 (en) 2007-06-12 2016-12-27 Icontrol Networks, Inc. Takeover processes in security network integrated with premise security system
US11316753B2 (en) 2007-06-12 2022-04-26 Icontrol Networks, Inc. Communication protocols in integrated systems
US11722896B2 (en) 2007-06-12 2023-08-08 Icontrol Networks, Inc. Communication protocols in integrated systems
US11089122B2 (en) 2007-06-12 2021-08-10 Icontrol Networks, Inc. Controlling data routing among networks
US10339791B2 (en) 2007-06-12 2019-07-02 Icontrol Networks, Inc. Security network integrated with premise security system
US9609003B1 (en) 2007-06-12 2017-03-28 Icontrol Networks, Inc. Generating risk profile using data of home monitoring and security system
US10313303B2 (en) 2007-06-12 2019-06-04 Icontrol Networks, Inc. Forming a security network including integrated security system components and network devices
US11815969B2 (en) 2007-08-10 2023-11-14 Icontrol Networks, Inc. Integrated security system with parallel processing architecture
US11831462B2 (en) 2007-08-24 2023-11-28 Icontrol Networks, Inc. Controlling data routing in premises management systems
US10726385B2 (en) 2007-12-20 2020-07-28 Bce Inc. Contact-less tag with signature, and applications thereof
US8553888B2 (en) 2007-12-20 2013-10-08 Bce Inc. Generation of communication device signatures for use in securing nomadic electronic transactions
US20090216679A1 (en) * 2007-12-20 2009-08-27 Tet Hin Yeap Method and system for validating a device that uses a dynamic identifier
US9305282B2 (en) 2007-12-20 2016-04-05 Bce Inc. Contact-less tag with signature, and applications thereof
US7806325B2 (en) 2007-12-20 2010-10-05 Bce Inc. Contact-less tag with signature, and applications thereof
US20090160649A1 (en) * 2007-12-20 2009-06-25 Bce Inc. Contact-less tag with signature, and applications thereof
US8103872B2 (en) 2007-12-20 2012-01-24 Bce Inc. Contact-less tag with signature, and applications thereof
US20090160615A1 (en) * 2007-12-20 2009-06-25 Bce Inc. Contact-less tag with signature, and applications thereof
US20100185865A1 (en) * 2007-12-20 2010-07-22 Bce Inc. Generation of communication device signatures for use in securing nomadic electronic transactions
US8412638B2 (en) 2007-12-20 2013-04-02 Bce Inc. Method and system for validating a device that uses a dynamic identifier
US20100320269A1 (en) * 2007-12-20 2010-12-23 O'brien William G Contact-less tag with signature, and applications thereof
US9971986B2 (en) 2007-12-20 2018-05-15 Bce Inc. Method and system for validating a device that uses a dynamic identifier
US20090161872A1 (en) * 2007-12-20 2009-06-25 Bce Inc. Contact-less tag with signature, and applications thereof
US20090159666A1 (en) * 2007-12-20 2009-06-25 Bce Inc. Contact-less tag with signature, and applications thereof
US11916928B2 (en) 2008-01-24 2024-02-27 Icontrol Networks, Inc. Communication protocols over internet protocol (IP) networks
US11816323B2 (en) 2008-06-25 2023-11-14 Icontrol Networks, Inc. Automation system user interface
US20100023535A1 (en) * 2008-07-23 2010-01-28 Institute For Information Industry Apparatus, method, and computer program product thereof for storing a data and data storage system comprising the same
US8204917B2 (en) * 2008-07-23 2012-06-19 Institute For Information Industry Apparatus, method, and computer program product thereof for storing a data and data storage system comprising the same
US11729255B2 (en) 2008-08-11 2023-08-15 Icontrol Networks, Inc. Integrated cloud system with lightweight gateway for premises automation
US11368327B2 (en) 2008-08-11 2022-06-21 Icontrol Networks, Inc. Integrated cloud system for premises automation
US11190578B2 (en) 2008-08-11 2021-11-30 Icontrol Networks, Inc. Integrated cloud system with lightweight gateway for premises automation
US11316958B2 (en) 2008-08-11 2022-04-26 Icontrol Networks, Inc. Virtual device systems and methods
US10530839B2 (en) 2008-08-11 2020-01-07 Icontrol Networks, Inc. Integrated cloud system with lightweight gateway for premises automation
US10522026B2 (en) 2008-08-11 2019-12-31 Icontrol Networks, Inc. Automation system user interface with three-dimensional display
US11641391B2 (en) 2008-08-11 2023-05-02 Icontrol Networks Inc. Integrated cloud system with lightweight gateway for premises automation
US11616659B2 (en) 2008-08-11 2023-03-28 Icontrol Networks, Inc. Integrated cloud system for premises automation
US11258625B2 (en) 2008-08-11 2022-02-22 Icontrol Networks, Inc. Mobile premises automation platform
US11758026B2 (en) 2008-08-11 2023-09-12 Icontrol Networks, Inc. Virtual device systems and methods
US11792036B2 (en) 2008-08-11 2023-10-17 Icontrol Networks, Inc. Mobile premises automation platform
US11711234B2 (en) 2008-08-11 2023-07-25 Icontrol Networks, Inc. Integrated cloud system for premises automation
US10375253B2 (en) 2008-08-25 2019-08-06 Icontrol Networks, Inc. Security system with networked touchscreen and gateway
US20160274759A1 (en) 2008-08-25 2016-09-22 Paul J. Dawes Security system with networked touchscreen and gateway
US9628440B2 (en) 2008-11-12 2017-04-18 Icontrol Networks, Inc. Takeover processes in security network integrated with premise security system
US9037859B2 (en) 2008-12-18 2015-05-19 Bce Inc. Processing of communication device signatures for use in securing nomadic electronic transactions
US9231928B2 (en) 2008-12-18 2016-01-05 Bce Inc. Validation method and system for use in securing nomadic electronic transactions
US10332363B2 (en) 2009-04-30 2019-06-25 Icontrol Networks, Inc. Controller and interface for home security, monitoring and automation having customizable audio alerts for SMA events
US9426720B2 (en) 2009-04-30 2016-08-23 Icontrol Networks, Inc. Controller and interface for home security, monitoring and automation having customizable audio alerts for SMA events
US20100281161A1 (en) * 2009-04-30 2010-11-04 Ucontrol, Inc. Method, system and apparatus for automated inventory reporting of security, monitoring and automation hardware and software at customer premises
US10674428B2 (en) 2009-04-30 2020-06-02 Icontrol Networks, Inc. Hardware configurable security, monitoring and automation controller having modular communication protocol interfaces
US11778534B2 (en) 2009-04-30 2023-10-03 Icontrol Networks, Inc. Hardware configurable security, monitoring and automation controller having modular communication protocol interfaces
US10275999B2 (en) 2009-04-30 2019-04-30 Icontrol Networks, Inc. Server-based notification of alarm event subsequent to communication failure with armed security system
US11665617B2 (en) 2009-04-30 2023-05-30 Icontrol Networks, Inc. Server-based notification of alarm event subsequent to communication failure with armed security system
US11356926B2 (en) 2009-04-30 2022-06-07 Icontrol Networks, Inc. Hardware configurable security, monitoring and automation controller having modular communication protocol interfaces
US11129084B2 (en) 2009-04-30 2021-09-21 Icontrol Networks, Inc. Notification of event subsequent to communication failure with security system
US11553399B2 (en) 2009-04-30 2023-01-10 Icontrol Networks, Inc. Custom content for premises management
US11223998B2 (en) 2009-04-30 2022-01-11 Icontrol Networks, Inc. Security, monitoring and automation controller access and use of legacy security control panel information
US10813034B2 (en) 2009-04-30 2020-10-20 Icontrol Networks, Inc. Method, system and apparatus for management of applications for an SMA controller
US11284331B2 (en) 2009-04-30 2022-03-22 Icontrol Networks, Inc. Server-based notification of alarm event subsequent to communication failure with armed security system
US11856502B2 (en) * 2009-04-30 2023-12-26 Icontrol Networks, Inc. Method, system and apparatus for automated inventory reporting of security, monitoring and automation hardware and software at customer premises
US11601865B2 (en) 2009-04-30 2023-03-07 Icontrol Networks, Inc. Server-based notification of alarm event subsequent to communication failure with armed security system
US10237806B2 (en) 2009-04-30 2019-03-19 Icontrol Networks, Inc. Activation of a home automation controller
US11900790B2 (en) 2010-09-28 2024-02-13 Icontrol Networks, Inc. Method, system and apparatus for automated reporting of account and sensor zone information to a central station
US10223903B2 (en) 2010-09-28 2019-03-05 Icontrol Networks, Inc. Integrated security system with parallel processing architecture
US9349276B2 (en) 2010-09-28 2016-05-24 Icontrol Networks, Inc. Automated reporting of account and sensor information
US10062273B2 (en) 2010-09-28 2018-08-28 Icontrol Networks, Inc. Integrated security system with parallel processing architecture
US11398147B2 (en) 2010-09-28 2022-07-26 Icontrol Networks, Inc. Method, system and apparatus for automated reporting of account and sensor zone information to a central station
US10127802B2 (en) 2010-09-28 2018-11-13 Icontrol Networks, Inc. Integrated security system with parallel processing architecture
US11750414B2 (en) 2010-12-16 2023-09-05 Icontrol Networks, Inc. Bidirectional security sensor communication for a premises security system
US10078958B2 (en) 2010-12-17 2018-09-18 Icontrol Networks, Inc. Method and system for logging security event data
US10741057B2 (en) 2010-12-17 2020-08-11 Icontrol Networks, Inc. Method and system for processing security event data
US11341840B2 (en) 2010-12-17 2022-05-24 Icontrol Networks, Inc. Method and system for processing security event data
US11240059B2 (en) 2010-12-20 2022-02-01 Icontrol Networks, Inc. Defining and implementing sensor triggered response rules
US9729342B2 (en) 2010-12-20 2017-08-08 Icontrol Networks, Inc. Defining and implementing sensor triggered response rules
US10419907B2 (en) 2012-02-22 2019-09-17 Qualcomm Incorporated Proximity application discovery and provisioning
US10360593B2 (en) * 2012-04-24 2019-07-23 Qualcomm Incorporated Retail proximity marketing
US9928975B1 (en) 2013-03-14 2018-03-27 Icontrol Networks, Inc. Three-way switch
US11553579B2 (en) 2013-03-14 2023-01-10 Icontrol Networks, Inc. Three-way switch
US10404682B2 (en) 2013-03-15 2019-09-03 Assa Abloy Ab Proof of presence via tag interactions
US11026092B2 (en) 2013-03-15 2021-06-01 Assa Abloy Ab Proof of presence via tag interactions
US10117191B2 (en) 2013-03-15 2018-10-30 Icontrol Networks, Inc. Adaptive power modulation
US9685057B2 (en) * 2013-03-15 2017-06-20 Assa Abloy Ab Chain of custody with release process
US20170193502A1 (en) * 2013-03-15 2017-07-06 Zonar Systems, Inc. Method and apparatus for fuel island authorization for trucking industry using proximity sensors
US10659179B2 (en) 2013-03-15 2020-05-19 Icontrol Networks, Inc. Adaptive power modulation
US11252569B2 (en) 2013-03-15 2022-02-15 Assa Abloy Ab Method, system, and device for generating, storing, using, and validating NFC tags and data
US9825941B2 (en) 2013-03-15 2017-11-21 Assa Abloy Ab Method, system, and device for generating, storing, using, and validating tags and data
US9860236B2 (en) 2013-03-15 2018-01-02 Assa Abloy Ab Method, system and device for generating, storing, using, and validating NFC tags and data
US9867143B1 (en) 2013-03-15 2018-01-09 Icontrol Networks, Inc. Adaptive Power Modulation
US10652233B2 (en) 2013-03-15 2020-05-12 Assa Abloy Ab Method, system and device for generating, storing, using, and validating NFC tags and data
US20160012696A1 (en) * 2013-03-15 2016-01-14 Assa Abloy Ab Chain of custody with release process
US9287727B1 (en) 2013-03-15 2016-03-15 Icontrol Networks, Inc. Temporal voltage adaptive lithium battery charger
US11172365B2 (en) 2013-03-15 2021-11-09 Assa Abloy Ab Method, system, and device for generating, storing, using, and validating NFC tags and data
US10348575B2 (en) 2013-06-27 2019-07-09 Icontrol Networks, Inc. Control system user interface
US11296950B2 (en) 2013-06-27 2022-04-05 Icontrol Networks, Inc. Control system user interface
US10237072B2 (en) 2013-07-01 2019-03-19 Assa Abloy Ab Signatures for near field communications
US11432055B2 (en) 2013-08-09 2022-08-30 Icn Acquisition, Llc System, method and apparatus for remote monitoring
US10841668B2 (en) 2013-08-09 2020-11-17 Icn Acquisition, Llc System, method and apparatus for remote monitoring
US11722806B2 (en) 2013-08-09 2023-08-08 Icn Acquisition, Llc System, method and apparatus for remote monitoring
US11438553B1 (en) 2013-08-09 2022-09-06 Icn Acquisition, Llc System, method and apparatus for remote monitoring
US10645347B2 (en) 2013-08-09 2020-05-05 Icn Acquisition, Llc System, method and apparatus for remote monitoring
US11146637B2 (en) 2014-03-03 2021-10-12 Icontrol Networks, Inc. Media content management
US11405463B2 (en) 2014-03-03 2022-08-02 Icontrol Networks, Inc. Media content management
US11943301B2 (en) 2014-03-03 2024-03-26 Icontrol Networks, Inc. Media content management
US10440012B2 (en) 2014-07-15 2019-10-08 Assa Abloy Ab Cloud card application platform
US11962672B2 (en) 2023-05-12 2024-04-16 Icontrol Networks, Inc. Virtual device systems and methods

Also Published As

Publication number Publication date
US20100320269A1 (en) 2010-12-23
CA2689824A1 (en) 2009-07-02
CA2936737A1 (en) 2009-06-20
CA2689824C (en) 2015-03-03
WO2009079734A1 (en) 2009-07-02
US20090160649A1 (en) 2009-06-25
US20090216679A1 (en) 2009-08-27
EP2223460A1 (en) 2010-09-01
EP2235872A1 (en) 2010-10-06
WO2009079766A1 (en) 2009-07-02
US7806325B2 (en) 2010-10-05
US20090161872A1 (en) 2009-06-25
US20100185865A1 (en) 2010-07-22
US8103872B2 (en) 2012-01-24
EP2223460A4 (en) 2011-12-28
CA2645990A1 (en) 2009-06-20
US9305282B2 (en) 2016-04-05
US10726385B2 (en) 2020-07-28
CA2647312A1 (en) 2009-06-20
CA2647318A1 (en) 2009-06-20
US20090159666A1 (en) 2009-06-25
US9971986B2 (en) 2018-05-15
EP2235872A4 (en) 2012-02-22
US20150069137A1 (en) 2015-03-12
US8553888B2 (en) 2013-10-08
US20130212398A1 (en) 2013-08-15
US20090160615A1 (en) 2009-06-25
CA2647318C (en) 2016-09-20
US8412638B2 (en) 2013-04-02
CA2645990C (en) 2014-07-29
CA2647312C (en) 2021-05-25

Similar Documents

Publication Publication Date Title
CA2647312C (en) Dynamic identifier for use in identification of a device
US9930020B2 (en) Validation method and system for use in securing nomadic electronic transactions
EP2200218A1 (en) Dynamic identifier for use in identification of a device
US9037859B2 (en) Processing of communication device signatures for use in securing nomadic electronic transactions
CA3014582C (en) Contact-less tag with signature, and applications thereof

Legal Events

Date Code Title Description
AS Assignment

Owner name: BCE INC., CANADA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:YEAP, TET HIN;O'BRIEN, WILLIAM G.;REEL/FRAME:023530/0816;SIGNING DATES FROM 20090326 TO 20090415

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION