Generating and using ephemeral identifiers and message integrity codes

摘要

Systems and methods for generating and using ephemeral identifiers are provided. One example method includes determining, by one or more computing devices, a current time-count. The method includes determining, by the one or more computing devices, a time-modified identifier based at least in part on a static identifier and the current time-count. The method includes determining, by the one or more computing devices, an ephemeral identifier based at least in part on the time-modified identifier and a rotation key. One example system includes a plurality of beacon devices, at least one observing entity, and at least one verifying entity.

主权项

1. A computer-implemented method for authenticating beacon devices, the method comprising:
receiving, by one or more computing devices, a static identifier and a message integrity code from an observing entity, the observing entity having previously received the static identifier and the message integrity code from a beacon device, wherein the message integrity code comprises a time-varied obscuration of the static identifier associated with the beacon device; determining, by the one or more computing devices, a validity of the message integrity code by matching the message integrity code versus a plurality of expected message integrity codes, generating the plurality of expected message integrity codes associated with the static identifier, and determining whether the received message integrity code matches any of the expected message integrity codes, wherein the message integrity code is valid if it matches any of the expected message integrity codes, and wherein generating the plurality of expected message integrity codes associated with the static identifier comprises generating a plurality of expected time-modified identifiers based at least in part on a time-count list, generating a plurality of expected message integrity code precursors based at least in part on a rotation key associated with the static identifier and the plurality of expected time-modified identifiers, and generating the plurality of expected message integrity codes based at least in part on the plurality of expected message integrity code precursors; and when the message integrity code is determined to be valid, providing, by the one or more computing devices, the observing entity with an authentication of the beacon device.