scispace - formally typeset
Search or ask a question
Patent

System and method for securely identifying and authenticating devices in a symmetric encryption system

TL;DR: In this article, a rotor-based encryption scheme was proposed for a low-cost key search while providing resilience against cloning, tracking, tampering and replay attacks, and the result is then compared with the received tag indicators to determine if the tag has been identified.
Abstract: The present invention describes a system and method for securely identifying and authenticating devices in a symmetric encryption system. An RFID tag can generate indicators using encryption state variables and a symmetric key. An RFID reader, after receiving the encryption state variables from the tag, may identify the tag by performing an exhaustive key search in a key database. Each key in the database may be tested by using the key and encryption state variables to perform an encryption operation similar to that performed by the tag. The result is then compared with the received tag indicators to determine if the tag has been identified. A rotor-based encryption scheme provides for a low cost key search while providing resilience against cloning, tracking, tampering and replay attacks.
Citations
More filters
Patent
30 Sep 2013
TL;DR: A remote device secure data file storage system and method of securely storing data files at a remote device, includes a host system having a database and a plurality of remote devices, each connected with the host system by a communication network as discussed by the authors.
Abstract: A remote device secure data file storage system and method of securely storing data files at a remote device, includes a host system having a database and a plurality of remote devices, each connected with the host system by a communication network Each remote device and the host system is programmed with a time-based cryptography system that generates an encryption key (RVK) and initialization vector (IV) for encrypting and decrypting data on the remote device The time-based cryptography system generates the encryption key (RVK) as a function of a parameter (PDPT) that is a function of a personal date (PD) and personal time (PT) of the user The personal date and personal time of the user being a function of personal data entered by the user on the remote device The personal date (PD) is a function of the date of birth (DOB) of the user and the personal time (PT) is a function of the time of birth (TOB) of the user

33 citations

Patent
26 Apr 2011
TL;DR: In this paper, a secure module includes a generating unit that executes generation processing of generating a scanning program that causes scan processing, which generates unique code for a program under test, to be executed at a connected device and further executes update processing of randomly updating contents of the scanning program.
Abstract: A secure module includes a generating unit that executes generation processing of generating a scanning program that causes scan processing, which generates unique code for a program under test, to be executed at a connected device and further executes update processing of randomly updating contents of the scanning program; a storage device storing therein the unique code for the program under test; and an authenticating unit that if the scanning program is executed by the connected device and executed with respect to the program under test stored at a designated storage area in the connected device, authenticates validity of the program under test stored at the designated storage area, based on the unique code stored in the storage device and execution results of the scanning program executed at the connected device.

10 citations

Patent
13 Dec 2013
TL;DR: In this paper, a tag sends a tag identifier and a reader challenge to a reader in response to one or more commands from the reader, and the reader then either derives a response to the reader challenge itself or has a verification authority derive the response.
Abstract: An authentication method includes RFID tags authenticating RFID readers. A tag sends a tag identifier and a reader challenge to a reader in response to one or more commands from the reader. The reader then either derives a response to the reader challenge itself or has a verification authority derive the response. The response may be derived from parameter(s) in the reader challenge, and may be derived using a cryptographic key. The reader then sends the response to the tag along with another command. The tag verifies the response before executing instruction(s) included in the command.

6 citations

Patent
21 Jan 2015
TL;DR: In this paper, a tag determines a handle and a first parameter, both of which may be random numbers, and sends the handle to a reader, and then the tag executes the tag instruction upon verifying that the second parameter derives from the first parameter and the tag handle.
Abstract: An RFID tag may execute instructions from an authenticated RFID reader. A tag determines a handle and a first parameter, both of which may be random numbers, and sends the handle to a reader. Upon receiving a challenge from the reader, the tag determines and sends a cryptographic response to the challenge based on an algorithm, a tag key, the first parameter, and the challenge. Upon receiving a message with a second parameter and a tag instruction, the tag executes the tag instruction upon verifying that the second parameter derives from the first parameter and the tag handle.

6 citations

Patent
16 May 2011
TL;DR: In this paper, a Radio Frequency Identification (RFID) tag and an interrogator that support a normal mode and a secure mode, and operating methods thereof are provided, where the RFID tag may notify the interrogator of whether a current operating mode of the tag is the normal mode or the secure mode.
Abstract: A Radio Frequency Identification (RFID) tag and an interrogator that support a normal mode and a secure mode, and operating methods thereof are provided. The RFID tag may notify the interrogator of whether a current operating mode of the RFID tag is the normal mode or the secure mode, may perform different inventory processes based on the current operating mode, and may perform an authentication of the interrogator. Here, the RFID tag and the interrogator may also perform a mutual authentication.

5 citations

References
More filters
Patent
05 Aug 2005
TL;DR: In this article, a technique that binds encryption and decryption keys using a UID, a UDID, and a Pswd to a client mobile device in an enterprise is presented.
Abstract: A technique that binds encryption and decryption keys using a UID, a UDID, and a Pswd to a client mobile device in an enterprise. In one example embodiment, this is achieved by creating a new user account using the UID and the DPswd in an inactive state and communicating the UID and the DPswd to an intended user using a secure communication medium by an administrator. The intended user then logs into a cryptography key management system using the UID and the DPswd via a client mobile device. The UDID associated with the client mobile device is then hashed to create a H(UDID). The H(UDID) is then sent to the cryptography key management system by a local key management application module. The H(UDID) is then authenticated by the cryptography key management system. An encryption/decryption key is then assigned for the client mobile device.

54 citations

Patent
17 Aug 1995
TL;DR: In this paper, a rotational state vector is used to encrypt plain text to yield cipher text using an autokeyed state vector to generate the cipher text, the plain text, and a key.
Abstract: A method an apparatus for block or stream encrypting text uses an autokeyed rotational state vector to encrypt plain text to yield cipher text The text is stored as a block in a buffer of an arbitrary number of bytes Each byte of plain text in the buffer encrypted to yield a byte of cipher text by using a rotational state vector, and the rotational state vector is updated or changed as a function of one or more of: the cipher text, the plain text and a key The encryption operation is advantageously a series of alternating non-linear and linear transformations The method of encryption is advantageously involutory in that the encryption method and apparatus for a given key is identical to the decryption method and apparatus with the same key

33 citations

Patent
10 Mar 2011
TL;DR: In this paper, a decryption key for decrypting data from an access node is distributed to an access terminal intending to receive the data, and an authentication unit receives a message for terminal authentication including a terminal identifier from the terminal and authenticates the terminal.
Abstract: A decryption key for decrypting data from an access node is distributed to an access terminal intending to receive the data. An authentication unit receives a message for terminal authentication including a terminal identifier from the terminal and authenticates the terminal. The authentication unit refers to a content registration table having stored in advance the content type of a content which the terminal can receive, in association with the terminal identifier, according to the received terminal identifier to obtain a corresponding content type. The authentication unit refers to a decryption data base having stored in advance a decryption key and its valid period in association with a content type, according to the obtained content type to obtain a corresponding decryption key and valid period. The authentication unit sends an authentication result and the decryption key and valid period to the terminal or to a packet control unit.

27 citations

Patent
02 Aug 2004
TL;DR: In this article, the authors proposed a trusted authentication chip for use in authenticating an untrusted authentication chip, in which the data message is encrypted using a second secret key, and the test function operates to compare the two versions of the random number encrypted together with data message using the second key.
Abstract: A trusted authentication chip for use in authenticating an untrusted authentication chip; the trusted authentication chip including a random number generator, a symmetric encryption function and two secret keys for the function, a signature function and a test function; wherein the trusted authentication chip generates test data including a random number and its signature, encrypted using a first of said secret keys and transmits the test data to the untrusted authentication chip, wherein the trusted authentication chip receives a data message and an encrypted version of the data message in combination with the random number from the untrusted authentication chip, the data message being encrypted using a second of said secret keys, wherein the test function operates to encrypt the random number together with the data message by the symmetric encryption function using the second secret key, compare the two versions of the random number encrypted together with the data message using the second key, and in the event that the two versions match, considers the untrusted authentication chip and the data message to be valid, otherwise, it considers the untrusted authentication chip and the data message to be invalid.

27 citations

Patent
Sameer Yami1, Amir Shahindoust1
05 Jun 2006
TL;DR: In this paper, a system and method for secure inter-process data communication is provided, where identification data corresponding to a user is received and used to generate a symmetric encryption key.
Abstract: A system and method for secure inter-process data communication is provided. Identification data corresponding to a user is received and used to generate a symmetric encryption key. The symmetric encryption key is then used to encrypt job data. A token associated with the encrypted job data is then generated. Expiration data corresponding to the validity period of the token is then associated with the token, whereupon the token is stored. The generated symmetric key is then encrypted using a static symmetric encryption key, whereupon the encrypted symmetric key is also stored in association with the token. When a process receives the encrypted job data, the process retrieves the token and determines, based on the expiration data whether the token is still valid. When the token is valid, the static key is retrieved and used to decrypt the encrypted encryption key. The decrypted encryption key is then used to decrypt the job data, whereupon the process performs the function associated therewith upon the decrypted job data.

24 citations