主权项 |
1. A method for managing verification keys for RFID readers, said method comprising:
receiving, from a signer, a request for a new verification key; returning, to said signer, a response associated with the new verification key; updating permissions for RFID readers for using said new verification key; obtaining the new verification key corresponding to a private key of the signer, said private key being used to generate a signature stored in memory on an RFID tag read by at least one of said RFID readers, said signature comprising: (i) a first signature component generated by encrypting sensitive data comprising a product type using an encryption key, said product type identifying a product to which the RFID tag is attached, said first signature component being stored in a first portion of said memory and hiding said product type from RFID readers not having said new verification key, said sensitive data being recoverable from said first signature component using a decryption key generated using said new verification key; (ii) a second signature component generated using said first signature component, said private key of said signer, and visible data, said second signature component being stored in a second portion of said memory and being used to generate said decryption key, and (iii) said visible data stored in plaintext in a third portion of said memory; and distributing said new verification key to an RFID reader using a controlled channel, after determining that said RFID reader has permission to recover said sensitive data from said first signature component when verifying said signature. |