Making individual articles of manufacture distinguishable by means of a unique serial number is a generally accepted practice in quality control and product lifecycle management. For certain types of articles, individualization of the article plays a more fundamental role. Authentication tokens, for example, are used to authenticate the individual to whom they have been issued, and they rely for this purpose on a unique secret embedded within the token's memory, typically consisting of cryptographic key material. In order for successful authentication to take place, a credential generated by the processing unit inside the authentication token and passed on to the user must pass a cryptographic verification by an authentication server which has access to the same secret as the authentication token, or, in the case of asymmetric keys, to data that can mathematically ascertain that the credential was indeed based on the correct token secret. This entire scheme can only work if it is known throughout the deployment of the fleet of authentication tokens, which particular authentication token, and hence which secret, has been issued to which individual. A well-known example of an authentication token can be found in [U.S. Pat. No. 4,599,489 B (CARGILE, WILLIAM P.) 1986 Jul. 8].
Several types of electronic devices that are completely embedded in a non-conductive (e.g., plastic) enclosure are known in the art. Such enclosures are used for a variety of reasons, including making the device waterproof, tamperproof, more robust, or more aesthetically pleasing. The property of being tamperproof makes such enclosures an attractive option for authentication tokens.
Devices of this type preferably have no electrical or ohmic contacts on the outside of the enclosure, because such contacts complicate the manufacturing process and because their presence would be detrimental to the desired properties described above. Hence, a drawback of this type of enclosure is that it is not possible to communicate with the device through traditional electrical or ohmic contacts, after the manufacturing of the enclosure. The same applies if the enclosure does in fact have electrical contacts, where these contacts provide access to a different function, and are separated from the rest of the device (e.g., the surface contacts of the chip of a combined contact-type smart card and strong authentication token, which in some implementations provide access to the smart card functions but not to the strong authentication device). Any electronic data personalization in the form of identification, programming, or initialization of the device must therefore take place before the manufacturing of the enclosure. This poses a problem if the devices are individualized, and an additional visual identification, linked with the electronic data personalization of the devices, is to be placed on the outside of the device after the manufacturing of the enclosure.
This post-manufacturing communication problem applies, inter alia, to authentication tokens, which are internally programmed with a serial number and a secret key, and which also need to carry an externally visible indication of said serial number. This problem does not, however, apply to contactless smart cards such as those according to standard ISO/IEC 14443, which rely for their normal operation on their embedded wireless near-field communication engine, and which can therefore be questioned (and often even reprogrammed) at any time after manufacturing. These contactless smart cards do not offer the functionality of an authentication token, because they are not equipped to communicate a credential to the end user.
The traditional way to resolve the problem of matching an electronic data personalization with a visual device identifier, is to maintain a highly synchronized manufacturing process, wherein the devices are provided with their visual device identifiers in the same order in which they are electrically individualized. This system is prone to desynchronization. Furthermore, once desynchronization occurs, it may be difficult, inefficient, or even impossible to retrieve the correct identity of a batch of devices that have been labelled incorrectly.
It thus appears that it would be advantageous to separate the electronic data personalization from the visual device personalization. Such separation may be obtained either by performing the electronic data personalization of the device during or after attaching the visual device identifier (allowing the entity that performs the electronic data personalization to ascertain the identity of the device), or by reading out the electrical identity of the device at the time of attaching the visual device identifier. For both of these scenarios, a problem that needs to be addressed is that of communicating with the device through the non-conductive moulding.
Several approaches to this problem are known in the art. These include the use of inductive coupling, capacitive coupling, and enclosed RFID transponders for communicating with the device.
White et al. [U.S. Pat. No. 7,392,059 B (WHITE ET AL.) 2008 Jun. 24] disclose a fascia, moulded from a plastics material, and a passive data storage device, embedded in the fascia during the moulding process. The main body of a mobile phone according to White et al. carries a reader unit, positioned in such a way that, when the fascia is fitted to the main body, the passive data storage device will be in range of the reader unit so that couplers of the passive data storage device and reader unit couple to enable the passive data storage device to derive a power supply from a signal supplied by the reader unit and to transmit control data contained in its memory. White et al. further disclose a circuit to achieve inductive coupling between the reader unit and the fascia.
Calhoon et al. [U.S. Pat. No. 7,378,817 B (CALHOON ET AL.) 2008 May 27] disclose using the power transmission coil of a power source and the power pickup coil of a power adapter of a host device to provide inductive data communications over an inductive pathway.
In both references cited above, the inductive or capacitive coupling is used to separate controlling data contained in a unit with a passive storage device, from the execution logic, contained in a separate unit adapted to read the controlling data from the first unit, both units being intended to be used together by the end user. The references do not address the use of inductive or capacitive coupling for post-manufacturing identification of individualized articles.
RFID transponders or “tags” are active or passive components that can store information and interact with a reader (interrogator) via a radio-frequency field. They are used for automatic identification of inventory, merchandise, animals and people. In the domain of authentication, RFID tags are commonly used operationally to control access to buildings or transportation facilities, or to pay at toll booths or fuel stations. Certain advantages of using RFID in a manufacturing environment are known in the art [Rockwell Automation. RFID in Manufacturing. Edited by BAPAT, Vivek, et al. Milwaukee: Rockwell Automation, 2004.], particularly in the context of using RFID to individualize functionally identical articles, in order to track them throughout their lifecycle.