Abstract: A cryptographically-enabled RFID tag stores a primary secret key and derives secondary keys from the primary key. A secondary key may be derived by combining the primary key with one or more other parameters using one or more algorithms. The tag uses a derived secondary key to encrypt or electronically sign a tag response sent to a verifying entity. The verifying entity does not know the derived secondary key, but knows the tag primary key and the parameters and algorithms used to derive the secondary key and can derive all of the potential secondary keys. The verifying entity can then attempt to authenticate the tag or tag response by trying potential secondary keys.

Abstract: Messages may be passed between Radio Frequency Identification (RFID) tags using RFID readers. A first tag with a message intended for a second tag sends the message to an RFID reader. The reader then determines that the destination of the message is the second tag and sends the message to the second tag. The second tag may confirm receipt of the message by sending a receipt confirmation message to the reader for forwarding to the first tag, and/or the reader may itself confirm that the message was sent to the second tag by sending a transmit confirmation message to the first tag.

Abstract: An authentication method includes RFID tags authenticating RFID readers. A tag sends a tag identifier and a reader challenge to a reader in response to one or more commands from the reader. The reader then either derives a response to the reader challenge itself or has a verification authority derive the response. The response may be derived from parameter(s) in the reader challenge, and may be derived using a cryptographic key. The reader then sends the response to the tag along with another command. The tag verifies the response before executing instruction(s) included in the command.

Abstract: A cryptographically-enabled RFID tag stores a primary secret key and derives secondary keys from the primary key. A secondary key may be derived by combining the primary key with one or more other parameters using one or more algorithms. The tag uses a derived secondary key to encrypt or electronically sign a tag response sent to a verifying entity. The verifying entity does not know the derived secondary key, but knows the tag primary key and the parameters and algorithms used to derive the secondary key and can derive all of the potential secondary keys. The verifying entity can then attempt to authenticate the tag or tag response by trying potential secondary keys.

Abstract: A Radio Frequency Identification (RFID) reader containing a reader key authenticates an RFID tag containing a tag key by receiving a tag identifier from the tag; challenging the tag with a tag challenge; receiving a tag response based at least on the tag challenge and the tag key but not including the tag key; sending a second message including at least the tag identifier and the tag response to a verification authority; and receiving a reply from the verification authority. The reader and the verification authority may mutually authenticate each other before, during, or after the tag authentication process. The verification authority may notify a designated party if a response is incorrect.

Abstract: Messages may be passed between Radio Frequency Identification (RFID) tags using RFID readers. A first tag with a message intended for a second tag sends the message to an RFID reader. The reader then determines that the destination of the message is the second tag and sends the message to the second tag. The second tag may confirm receipt of the message by sending a receipt confirmation message to the reader for forwarding to the first tag, and/or the reader may itself confirm that the message was sent to the second tag by sending a transmit confirmation message to the first tag.

Abstract: Methods and systems are described for authorizing an item with an RFID tag to leave a facility. In one embodiment, a mobile device receives or determines an exit code (EC) to write into the tag in response to providing authorizing information. The EC may be based on information stored in the tag such as the tag's item identifier or other tag information (collectively an item identifier or II), a ticket value, other information such as the OC, a mobile identity or location, or any other suitable information. Upon verification of the EC, the tagged item is allowed to leave the facility. In another embodiment, the mobile device stores an item identifier (II) associated with the tag and provides authorizing information. Upon verifying the authorizing information and confirming that the stored II corresponds to the tagged item's II, the tagged item is allowed to leave the facility.

Abstract: A Radio Frequency Identification (RFID) system including an RFID reader and a reader proxy authenticates itself to a verification authority. The proxy receives a proxy challenge from a verification authority and determines a proxy response based on the proxy challenge and a proxy key known to the proxy. The proxy response is then sent to the verification authority along with an identifier for the reader. The reader then authenticates an RFID tag by sending a tag response to the verification authority, which determines whether the reader is authentic based on the authenticity of the proxy response.

Abstract: A cryptographically-enabled RFID tag stores a primary secret key and derives secondary keys from the primary key. A secondary key may be derived by combining the primary key with one or more other parameters using one or more algorithms. The tag uses a derived secondary key to encrypt or electronically sign a tag response sent to a verifying entity. The verifying entity does not know the derived secondary key, but knows the tag primary key and the parameters and algorithms used to derive the secondary key and can derive all of the potential secondary keys. The verifying entity can then attempt to authenticate the tag or tag response by trying potential secondary keys.

Abstract: A method for authenticating a reader to a radio tag includes the following steps, which are implemented by the tag: receiving a piece of information ciphered by a reversible operation, which is parameterized by an authentication coupon for the reader, and a data item allowing determination of an index for identifying the authentication coupon of the reader; calculating a current authentication coupon for the reader as a function of the index; deciphering the received piece of information ciphered by the reversible operation, which is parameterized by the calculated current authentication coupon; and checking the deciphered piece of information that is intended to verify that the calculated current coupon corresponds to the authentication coupon used by the reader in order to parameterize the reversible operation.

Abstract: A method of mutual authentication between a radio tag and a radio reader. The method includes: authentication of the tag by the reader, implemented on a first communication channel, during which a first authentication coupon and a first authentication response are transmitted from the tag to the reader; toggling from the first communication channel to a second communication channel, different from the first channel, on which there is implemented a phase of authentication of the reader by the tag; and dispatching from the reader to the tag of a second authentication coupon and of a second authentication response which are intended to authenticate the reader. The second authentication coupon is transmitted on the first communication channel.

Abstract: A Radio Frequency Identification (RFID) reader containing a reader key authenticates an RFID tag containing a tag key by receiving a tag identifier from the tag; challenging the tag with a tag challenge; receiving a tag response based at least on the tag challenge and the tag key but not including the tag key; sending a second message including at least the tag identifier and the tag response to a verification authority; and receiving a reply from the verification authority. The reader and the verification authority may mutually authenticate each other before, during, or after the tag authentication process. The verification authority may notify a designated party if a response is incorrect.

Abstract: A method and apparatus are provided for identifying and authenticating a radio tag by a radio reader. The tag forms part of a set of tags in a radio range of the reader and has selected a time slot from a set of available time slots. The method includes: a step of the reader sending a query message during the selected time slot; and a step of the reader receiving a reply message from the tag that selected the time slot. The reply message includes a random value selected by the tag. The tag stores authentication coupons and the reply from the tag received by the reader during the time slot contains, as a random value selected by the tag, a value that is a function of one of the coupons.

Abstract: A method of mutual authentication between a radio tag and a radio reader. The method includes: authentication of the tag by the reader, implemented on a first communication channel, during which a first authentication coupon and a first authentication response are transmitted from the tag to the reader; toggling from the first communication channel to a second communication channel, different from the first channel, on which there is implemented a phase of authentication of the reader by the tag; and dispatching from the reader to the tag of a second authentication coupon and of a second authentication response which are intended to authenticate the reader. The second authentication coupon is transmitted on the first communication channel.

Abstract: A method and apparatus are provided for mutually authenticating a reader and a radio tag. The method includes: a step of the tag sending data to the reader, the data enabling an index to be determined for identifying an authentication coupon of the reader, the index being selected by the tag; a step of the reader obtaining the coupon from the determined index and of the reader sending the coupon to the tag; a step of the tag obtaining an authentication value from the selected index and of the tag verifying that the coupon received from the reader corresponds to the authentication value that is obtained, if the verification is positive, then a step of finalizing the authentication of the tag by the reader; and if the verification is negative, interrupting the mutual authentication method.

Abstract: Methods and systems are described for authorizing an item with an RFID tag to leave a facility. In one embodiment, a mobile device receives or determines an exit code (EC) to write into the tag in response to providing authorizing information. The EC may be based on information stored in the tag such as the tag's item identifier or other tag information (collectively an item identifier or II), a ticket value, other information such as the OC, a mobile identity or location, or any other suitable information. Upon verification of the EC, the tagged item is allowed to leave the facility. In another embodiment, the mobile device stores an item identifier (II) associated with the tag and provides authorizing information. Upon verifying the authorizing information and confirming that the stored II corresponds to the tagged item's II, the tagged item is allowed to leave the facility.

Abstract: A method is provided for authenticating a first entity and a second entity at a third entity. The first and third entities share a first secret key, and the second and third entities share a second secret key. The method includes steps of: dispatching by the third entity to the first entity of a challenge, calculation by the first entity, using the first secret key, of an authentication value; dispatching by the first entity to the second entity the authentication value, calculation by the second entity, using the second secret key, of an authentication response; dispatching by the second entity to the third entity of the authentication response; calculation by the third entity of an expected authentication response; and comparison of the authentication response received with the expected calculated authentication response.

Abstract: A method for authenticating a reader to a radio tag includes the following steps, which are implemented by the tag: receiving a piece of information ciphered by a reversible operation, which is parameterized by an authentication coupon for the reader, and a data item allowing determination of an index for identifying the authentication coupon of the reader; calculating a current authentication coupon for the reader as a function of the index; deciphering the received piece of information ciphered by the reversible operation, which is parameterized by the calculated current authentication coupon; and checking the deciphered piece of information that is intended to verify that the calculated current coupon corresponds to the authentication coupon used by the reader in order to parameterize the reversible operation.

Abstract: A method is provided for authenticating a first entity and a second entity at a third entity. The first and third entities share a first secret key, and the second and third entities share a second secret key. The method includes steps of: dispatching by the third entity to the first entity of a challenge, calculation by the first entity, using the first secret key, of an authentication value; dispatching by the first entity to the second entity the authentication value, calculation by the second entity, using the second secret key, of an authentication response; dispatching by the second entity to the third entity of the authentication response; calculation by the third entity of an expected authentication response; and comparison of the authentication response received with the expected calculated authentication response.

Abstract: An authentication method of a prover device by a verifier device using cryptographic coupons is provided, where a coupon includes a pseudo-random number ri, where i is an index for labeling the coupon, and a reduced-coupon xi such that xi=ƒ(ri), where ƒ is a predetermined one-way function, the method including the following steps: the verifier device sends a challenge consisting of a random value c to the prover device; the prover device sends to the verifier device a response y calculated by using the pseudo-random number ri, the challenge c, and a secret key s belonging to the prover device; and the verifier device checks the validity of the response y based on the challenge c, the reduced-coupon xi corresponding to the pseudo-random number ri, and a public key V corresponding to the secret key s, the reduced-coupon xi being received by the verifier device from a source external to the prover device.