BRPI1001987B1 - SECURE COMMUNICATION SYSTEM BASED ON IDENTIFICATION AND INFORMATION EXCHANGE BY RADIO FREQUENCY - Google Patents

Abstract

secure communication system based on identification and exchange of information through radio frequency. which performs a secure method of communication based on the iso 18000-6c protocol, with application of cryptographic data security mechanisms to provide means for a mutual challenge-response authentication between interrogator and transponder, including the transmission of an identifier with additional identifying data from transponder to interrogator protected by dynamic encryption and authenticity and integrity codes; authenticated secure reading and writing of data from the transponder memory, and in both cases with challenge-response authorization of each request and protection of data transmitted in the physical layer by dynamic encryption and authenticity and integrity codes, covering execution scheme in two phases of commands, and a scheme of the interleaved execution of sequences of commands, reducing the execution time of customized commands that require computationally expensive processing in transponders, compared to sequential execution, and allowing an efficient handling of communication failures .

Description

APPLICATION FIELD

[0001] Treats this descriptive report of the Invention Invention of a SECURE COMMUNICATION SYSTEM BASED ON IDENTIFICATION AND INFORMATION EXCHANGE BY RADIO FREQUENCY, which will be used in the communication between a transmitter and one or multiple receivers/transmitters, in order to provide greater safety and efficiency in communication in systems based on the standardized ISO 18000-6C protocol, which will be used in the platform of the National System for Automatic Vehicle Identification (SINIAV).

DEFINITIONS

[0002] The National System of Automatic Vehicle Identification (SINIAV), approved by resolution of the National Traffic Council, was created with the objective of planning and implementing actions to combat theft and theft of vehicles and cargo, as well as managing the traffic control.

[0003] Defined by Resolution No. 212 of the National Traffic Council, SINIAV is the result of studies developed by the Working Group defined by the Ministry of Cities, composed of representatives of the National Traffic Department, Institutional Security Office of the Presidency of the Republic , São Paulo City Traffic Secretariat and Rio de Janeiro State Traffic Department, which prepared a proposal establishing the requirements for the implementation of the system that will be able to identify the vehicles in the Brazilian fleet.

[0004] Also in accordance with Resolution No. 212 of the National Traffic Council and with possible amendments thereto, SINIAV is composed of electronic boards installed in vehicles, which act as receivers/transmitters; reader antennas, which act as receivers, and computerized processing centers, with the electronic license plate having a unique serial number and containing information relating to the vehicle, such as the license plate number; of the chassis, and the RENAVAM code.

[0005] The electronic board will become an effective inspection tool in projects aimed at increasing urban mobility and environmental control, and the antennas that read vehicle data will be installed in locations to be defined by the State Traffic Departments (DETRANs).

[0006] At the state level, the State Traffic Departments will be responsible for managing the system, as well as for implementing the electronic identification plates of vehicles that will be installed in places that allow its operation.

[0007] The SINIAV aims to comply with the indications provided for in Article 114 of the Brazilian Traffic Code, in relation to the identification of vehicles, as well as Complementary Law No. 121, of 02.09.2006, which created the National System of Prevention and Inspection and Repression of theft and theft of vehicles and cargo.

[0008] After the implementation of SINIAV, the vehicle that does not have the electronic identification plate will be in an irregular condition, subjecting its owner to the commission of a traffic violation classified as serious, being susceptible to the sanctions provided for in Article 237 of the Brazilian Traffic Code , which provides, in addition to a fine, loss of five points on the CNH, and retention of the vehicle for regularization.

[0009] The standard ISO 18000-6/Amd1 - Extension with Type C Transponders, hereinafter simply referred to as ISO 18000-6C, is used in radio frequency identification (RFID) systems in the ultra-high frequency (UHF) range, which can vary between 860-960 MHz, and constitutes the first RFID standard ratified, on a world scale, by the International Organization for Standardization (ISO) [ISO/IEC 18000-6, ISO/IEC 18000-6 /Amd 1].

[00010] The basic RFID system contains interrogators, also called readers, also having receivers/transmitters, also called transponders or electronic boards. As specified in the ISO 18000-6C protocol, an interrogator transmits information to a transponder by modulating an RF signal in the 860-960 MHz frequency range. The transponder returns information to the interrogator by modulating the same RF signal , and thus, by fixing transponders on objects, their presence and identification can be determined by interrogators in the face of transponder signaling, thus providing configurations of remote object identification systems, based on the ISO standard 18000-6C, and which are currently widely used in Brazil and abroad.

TECHNICAL BACKGROUND

[00011] In current techniques, remote object identification systems, based on the ISO 18000-6C standard, present little protection against the possibility of decryption, by unauthorized third parties, of the data that is communicated between the interrogator and the transponder, thus allowing access to recorded and/or generated information, also enabling an attacker to write data on the transponder.

[00012] There is a consensus that, in general, it is relatively easy to emulate a transponder that implements the ISO 18000-6C standard, which becomes extremely problematic when applying this technology in systems where the security of the transmitted data is a priority requirement .

[00013] The current state of the art related to security means in implementations based on the ISO 18000-6C standard include combinations of short passwords (32 bits), in association with a technique called "cover-coding" (XOR with a 16-bit random number). Therefore, these means provide only limited protection for data transmission in the physical layer, associated with wireless communication between the interrogator and the transponder, and access to the functionality of the transponders themselves; thus, these means can be easily broken, and, therefore, are unsuitable for applications that require a high level of data security.

[00014] Transponders, configured in the ISO 180006C standard, are vulnerable to unauthorized manipulations, which include data deletion; clandestine eavesdropping on data during communication; unauthorized reading of data; the alteration of stored data, and the forgery - whether through cloning, imitation or emulation of transponders.

[00015] The solution provided by the object of the present invention presents an alternative and innovative solution, configured in the ISO 18000-6C standard, which provides a level of security to communicated and recorded data, compatible with the application for which they are intended.

[00016] It is already known from the current state of the art the proprietary security system for transponders, configured under the ISO 18000-6C standard, called EAS, which uses 32-bit secret access keys to control access to the transponder memory , which provides a basic level of access control protection without data encryption. The lack of encryption of the data that is transmitted over the air interface makes this system inadequate to protect the confidentiality necessary for high security applications.

[00017] Another relevant mechanism in the market, which can be considered light enough (lightweight) and suitable for low-power operation and commercial use in the scope of passive RFID/UHF transponders, in the ISO 18000-6C standard , is the proprietary Crypto1 cipher, which today is mainly used in passive HF transponders, configured in ISO 14443 and MIFARE (MIFARE Classic) standards, for data encryption with 48-bit secret keys. However, there is a body of literature that reports successful cryptanalytic attacks against this proprietary cipher used for authentication and encryption, which resulted in the determination of secret keys, in the order of magnitude of minutes.

[00018] There are other solutions that provide means of data protection in RFID systems; however, these rely on proprietary or non-ISO 18000-6C compliant protocols.

SUMMARY OF THE INVENTION

[00019] Therefore, it is extremely desirable to develop a remote identification system, based on the international standard ISO 18000-6C, which adds a high level of security for transponder identification data, reading and writing data.

[00020] Non-exhaustive examples of identification systems that require a high level of data and communication security are vehicle identification systems, including electronic vehicle registration and electronic toll systems.

[00021] The present invention aims to overcome deficiencies that are found in the usual identification and communication systems, based on the ISO 18000-6C standard, with the introduction of customized commands to the standard itself, resulting in a system suitable for applications that require a high level protecting the authenticity of interrogators and transponders; authorization of access to transponder functionality, and protection of confidentiality, integrity and timeliness of data communicated between interrogators and transponders, using state-of-the-art standardized security means.

[00022] The present invention defines an efficient execution scheme of customized commands, allowing treatment of communication failures, reducing execution time, compared to sequential execution, maintaining full compliance with the ISO 18000-6C protocol.

OBJECTIVES OF THE INVENTION

[00023] In view of the above, the main objective of the invention is to propose a secure communication system based on the ISO 18000-6C standardized radio frequency identification protocol.

[00024] Another objective of the invention is to propose a secure communication system whose communication protocol will allow the remote identification of transponders with total security.

[00025] Another objective of the invention is to propose a secure communication system that uses a tamper-proof encryption algorithm.

[00026] Another objective of the invention is to propose a secure communication system with dynamic data encryption, resulting in a ciphertext whose binary representation varies according to the encryption time, regardless of the characteristics of the original text.

[00027] Another objective of the invention is to propose a secure communication system that establishes a single communicative session context between an interrogator and a transponder, with the exchange of time-varying parameters (nonces), and, optionally, with the generation of keys session-variable secret cryptograms.

[00028] Another objective of the invention is to propose a secure communication system that guarantees a precise implicit authentication of the interrogator that requests the identification of a transponder.

[00029] Another objective of the invention is to propose a secure communication system that ensures accurate authentication of the transponder identified by the interrogator.

[00030] Another objective of the invention is to propose a secure communication system that guarantees that only interrogators authenticated by the system can identify transponders without ambiguity.

[00031] Another objective of the invention is to propose a secure communication system that guarantees the protection of confidentiality, integrity, and the up-to-date information transmitted via a means of communication, preferably via air, between an interrogator and a transponder.

[00032] Another objective of the invention is to propose a secure communication system that ensures that only an authenticated and authorized interrogator can read information from the transponder.

[00033] Another objective of the invention is to propose a secure communication system that ensures that only an authenticated and authorized interrogator can write information on the transponder.

[00034] Another objective of the invention is to propose a secure communication system that ensures that an interrogator receives a status code, protected by encryption in response to each command executed, with the intention of reliably changing the state of the transponder's persistent memory, ensuring the consistency of the transponder memory.

[00035] Another objective of the invention is to propose a secure communication system that guarantees the encryption of data protected against unauthorized changes, including the replacement of data and/or the alteration of the sequence of transmitted data.

[00036] Another objective of the invention is to propose a secure communication system that ensures that a session hijacking after successful mutual authentication between interrogator and transponder is not feasible.

[00037] Another objective of the invention is to propose a secure communication system that guarantees the prompt response of the transponder, even in the execution of commands whose processing is computationally expensive in transponders.

[00038] Another objective of the invention is to propose a secure communication system that allows the execution of commands by parallelism over the time of operations on multiple transponders, reducing the total execution time and making the interaction between an interrogator and multiple transponders more efficient .

[00039] Another objective of the invention is to propose a secure communication system that can enable the permanent deactivation of native commands and the corresponding states and state machine transitions of the ISO 18000-6C protocol, which compromise the effectiveness of its communication.

[00040] Another objective of the invention is to propose a secure communication system that extends the state machine of the ISO 18000-6C protocol, taking into account new customized commands.

[00041] Another objective of the invention is to propose a secure communication system that maintains full compatibility with the ISO 18000-6C protocol, by taking advantage of the concept of custom commands, allowing the extension of the existing protocol's functionality without however change its fundamental characteristic of being ISO 18000-6C.

[00042] Another objective of the invention is to propose a secure communication system that allows the ISO 18000-6C protocol inventory procedure on the transponder, where a mutual authentication between an interrogator and a transponder can be performed with the exchange of only two, in instead of three, explicit messages.

[00043] Another objective of the invention is to propose a secure communication system that allows the authentication and identification of transponders that pass at high speed.

[00044] Another objective of the invention is to propose a secure communication system that allows the authentication and identification of transponders through a single combined command, with transmission of a set of identifying data of limited size, enabling high efficiency in transmission time, per means of reducing communication overhead, and maximizing the contiguous processing interval in the transponder, reducing the processing overhead in the interrogator.

FUNDAMENTALS OF THE INVENTION

[00045] The above objectives, as well as others, are achieved by the invention through systemic functional improvements introduced in transponders; in interrogators, and in the ISO 18000-6C communication protocol.

[00046] Another characteristic of the secure communication system is the fact that it employs customized commands for the interrogators, which generate corresponding responses for the transponders.

[00047] Another characteristic of the secure communication system is the fact that it employs a symmetric encryption algorithm.

[00048] Another characteristic of the secure communication system is that the transponder has a unique and unique ID denoted UTID (unique transponder identifier).

[00049] Another characteristic of the secure communication system is that each transponder has a group ID denoted GID.

[00050] Another characteristic of the secure communication system is the fact that the symmetric encryption algorithm encrypts the information before transmission via the communication interface.

[00051] Another characteristic of the secure communication system is the fact that the cryptographic code is changed in each communication.

[00052] Another characteristic of the secure communication system is the fact that custom commands perform transponder authentication.

[00053] Another characteristic of the secure communication system is the fact that custom commands perform interrogator authentication, in an implicit and explicit way.

[00054] Another characteristic of the secure communication system is the fact that the customized commands perform the reading of information from the transponder, with the authentication of the request and the protection of the information transmitted by encryption.

[00055] Another characteristic of the secure communication system is the fact that the customized commands execute the writing of information in the transponder, with the authentication of the request and the protection of the information transmitted by encryption.

[00056] Another characteristic of the secure communication system is the fact that it provides a means to return to interrogators a cryptographically protected status code, in response to each command sent and executed by a transponder, with the intention of changing the memory state persistent transponder.

[00057] Another characteristic of the secure communication system is that it provides a means to prevent session hijacking after successful mutual authentication between interrogator and transponder.

[00058] Another characteristic of the secure communication system is the fact that it foresees auxiliary custom commands, which execute in two phases computationally expensive custom commands in the transponders.

[00059] Another characteristic of the secure communication system is the fact that it establishes a temporary context, denoted session, as part of every interaction, of limited duration, between an interrogator and a transponder, which involves the identification of the transponder, the reading of data or writing data to the transponder, and where the establishment of a session covers a coordinated initialization of the cryptographic machines of the interrogator and the transponder.

[00060] Another characteristic of the secure communication system consists in the fact that the customized commands and the corresponding responses of the communication protocol are constituted by parameters that vary in a coordinated way, before each message exchange between an interrogator and a transponder.

[00061] Another characteristic of the secure communication system is the fact that custom commands are executed by parallelism in multiple transponders over the time of operations.

[00062] Another characteristic of the secure communication system is the fact that the transponder can be constituted by a passive, semi-passive/semi-active, or active device.

[00063] Another characteristic of the secure communication system is the fact that the transponder has volatile memories (for example, RAM) and non-volatile ones (for example, EEPROM).

[00064] Another characteristic of the secure communication system is the fact that the transponder has a state machine, which defines its behavior in relation to commands received from interrogators, the internal state and the processing performed.

[00065] Another characteristic of the secure communication system is the fact that the transponder has the implementation of a symmetric key cryptographic algorithm, also called cryptographic machine.

[00066] Another characteristic of the secure communication system is the fact that the cryptographic machine has a pseudo-random number generator (pseudo-random number generator, PRNG).

[00067] Another characteristic of the secure communication system is the fact that the transponder has a mechanism for generating and verifying error-detecting codes on binary data.

[00068] Another characteristic of the secure communication system is the fact that the transponder has a mechanism for the generation and verification of cryptographic codes for authentication and integrity over binary data.

[00069] Another characteristic of the secure communication system is the fact that it has a mechanism to enable or disable the dynamic generation of cryptographic codes for authentication and integrity.

[00070] Another characteristic of the secure communication system is the fact that it has a mechanism to enable or disable the inclusion of a static and pre-recorded authentication cryptographic code and integrity in the transponder memory, in the transponder authentication response.

[00071] Another characteristic of the secure communication system is the fact that the transponder has a mechanism for the dynamic generation of cryptographic keys, for single use per communicative session.

[00072] Another characteristic of the secure communication system is the fact that it has a mechanism to enable or disable the dynamic generation of cryptographic keys.

[00073] Another characteristic of the secure communication system is the fact that the native commands of the ISO 18000-6C protocol are disabled.

[00074] Another characteristic of the secure communication system is the fact of the partial deactivation of the original state machine of the ISO 18000-6C protocol.

[00075] Another characteristic of the secure communication system consists in the fact of the transmission of preparatory data in the UII response in the transponders during the inventory, according to ISO 18000-6C protocol, for the subsequent phase of authentication and identification and establishment of a secure session context.

[00076] Another characteristic of the secure communication system is the fact of modifying the UII response generation in the transponders during the inventory, according to ISO 18000-6C protocol, including the insertion of a random value in the transponder response, generated during the time of execution.

[00077] Another characteristic of the secure communication system is the full compatibility with the ISO 18000-6C standard.

[00078] Another characteristic of the secure communication system is the authentication and identification of transponders through a single combined command, with transmission of a set of identifying data of limited size.

[00079] Another feature of the secure communication system is authentication by a single command together with execution in two phases, to maximize parallelism over time of operations on multiple transponders, resulting in optimized performance of the interaction with transponders in speed high displacement.

BRIEF DESCRIPTION OF THE FIGURES

[00080] Other objectives, characteristics and advantages of the present invention will be better evaluated through descriptions of preferred embodiments of the invention, provided by way of non-limiting example, and the figures that refer to them, and where:- Figure 1 schematically illustrates the simplified block diagram of the proposed secure communication system; - Figure 2 schematically illustrates a mechanism for initializing the CTR operating mode of a cryptographic machine in the interrogator and transponder as part of a communicative session; - Figure 3 schematically illustrates a first mechanism of initialization of a new session between an interrogator and a transponder;- Figure 4 illustrates a schematic representation of the inventory according to the ISO 18000-6C protocol, with the transponder response according to a second alternative initialization mechanism;- A Figure 5 illustrates a schematic representation of the inventory according to the ISO 18000-6C protocol, with the transponder response according to a third alternative initialization mechanism; Figure 6 illustrates an alternative mechanism for establishing a new pair of random values between the interrogator and the transponder; Figure 7 schematically illustrates the implicit mutual authentication between an interrogator and a transponder , with reading of transponder identifier data protected by a cryptographic envelope;- Figure 8 schematically illustrates a secure and authenticated read between an interrogator and a transponder;- Figure 9 schematically illustrates the secure and authenticated writing between an interrogator and a transponder; - Figure 10 schematically illustrates the extended state machine of transponders; - Figure 11 schematically illustrates the mechanism for executing commands in two phases by means of auxiliary messages; - Figure 12 schematically illustrates the interleaved command execution mechanism for the interaction between an interrogator and multiple transponders; - Figure 13 schematically illustrates a mechanism that allows the interrogator to obtain a permanent Handle of a transponder after singularization; - Figure 14 illustrates schematically another realization of implicit mutual authentication between an interrogator and a transponder, with reading of transponder identifier data protected by a cryptographic envelope, with certain command and response parameters being represented by clear text; - Figure 15 schematically illustrates a second transponders extended state machine embodiment, in which the transponder does not respond to further command requests from the interrogator while processing a custom command; Figures 16, 17, 18, and 19 schematically illustrate varied embodiments of the implicit mutual authentication mechanism between an interrogated or and a transponder, with reading transponder identifying data protected by a cryptographic envelope;- Figures 19, 20, 21, 22, 23, and 24 schematically illustrate varied embodiments of the authenticated secure reading mechanism; 26, 27, and 28 schematically illustrate varied embodiments of the authenticated secure write mechanism; Figure 29 schematically illustrates a combined embodiment of the two authenticated secure read and write mechanisms.

PREFERRED DESCRIPTION OF THE INVENTION

[00081] The secure communication system based on the ISO 18000-6C protocol is composed, among others, by a means of communication consisting of a set of custom commands, configured in accordance with the ISO 18000-6C specification, the be implemented in interrogators and transponders, including specification of the respective valid transponder responses, in order to provide identification and access to transponder data through cryptographic mechanisms; a set of auxiliary custom commands to be implemented in interrogators and transponders, to improve the efficiency of performing operations on transponders in handling communication and execution failures, and in specifying valid transponder responses, and specifying machine extension of transponder status taking into account the custom commands in the present invention.

Simplified System Block Diagram

[00082] Figure 1 illustrates the simplified schematic diagram of the block diagram of the secure communication system proposed herein, which constitutes a first embodiment of the present invention, and where, without limitation of generality, the operation of the system can be divided into three Sequential phases: - Singularization of the transponders by the interrogator, according to the mechanism specified in the ISO 18000-6C protocol, with the establishment of permanent control references, through a new custom command Req_Handle, which constitutes a second embodiment of the present invention. - Mutual authentication between interrogators and transponder, with implicit identification and reading of transponder data, through a new custom command Mutual_Auth_Read, which constitutes another embodiment of the present invention. - Authenticated read and write access to the transponder memory, through new custom commands Secure_Auth_Read and Secure_Auth_Write, which constitute other concrete embodiments of the present invention.

Custom Commands

[00083] In one embodiment of the present invention, the secure communication system covers the following main custom commands:. Mutual_Auth_Read (MAR). Secure_Auth_Read (SAR). Secure_Auth_Write (SAW)

[00084] In another embodiment of the present invention, the secure communication system - different from the ISO 18000-6C standard -, the TID, UII, and USER memory areas of the transponders can be accessed exclusively through the main custom commands, protected by encryption mechanisms, Mutual_Auth_Read, Secure_Auth_Read and Secure_Auth_Write, or through similar custom command, protected by data security mechanisms; encryption, authentication, and authorization mechanisms.

[00085] In another embodiment of the present invention, the secure communication system also covers the following auxiliary custom commands:. Finish. Init_CryptoEngine. Init_Session. Request_Handle . Set_RN_TN

[00086] It should be noted that the decisive and essential qualities of the secure communication system are based on characteristics and functionalities, inherent to the commands, and on specific responses, regardless of the names chosen for these commands and their respective responses, as well. as in the parameters included in the signatures of these commands and responses.

Disabled native commands

[00087] In another embodiment of the present invention, the secure communication system defines a set of native transponder commands, specified in the ISO 18000-6C protocol, for total deletion, or for permanent deactivation, after initialization and before the first use of the field transponder: . Read . Write . Kill. Lock. Access. BlockWrite. BlockErase

[00088] Note that the Secure_Authenticated_Read and Secure_Authenticated_Write custom commands are secure replacements for the functionality of the native Read, Write, BlockWrite, and BlockErase commands. The functionality of the BlockErase command, in particular, can be achieved by overwriting existing information, with well-defined new information, such as a sequence of zero-value bits, in the memory area, using the Secure_Authenticated_Write command.

Fundamental Definitions

[00089] To enable communicative interaction with a transponder that is located in the interrogation zone, according to the ISO 18000-6C protocol, the interrogator has to detect and single out the transponder, and, for this, the ISO 18000-6C protocol defines the phase of detection and singularization (singulation) of transponders by the interrogator, called inventory (inventory).

[00090] Upon successful completion of this transponder singularization phase, the interrogator is aware of a temporary transponder identifier, called RN16, each RN16 consisting of a binary code of a well-defined amount of bits, which is used , by the interrogator, to address messages to the transponder, as part of the communication via the air interface, and, once established, the RN16 is valid, until the transponder participates in a new inventory, where a new RN16 is generated, or until receive an explicit request for a new generation.

[00091] As a non-limiting reference of the generality of the present secure communication system, it is assumed that the RN16 is represented by a 16-bit binary number, as specified in the ISO 18000-6C protocol, noting, however, that the present secure communication system allows the use of temporary identifiers of arbitrary shapes and sizes.

[00092] Temporary communicative dialogue, involving the exchange of messages and information, between an interrogator and a transponder constitutes a communicative session, or simply a session, and a new session begins with the establishment of a permanent Handle for the transponder between the interrogator and the transponder, and ends the moment the interrogator discards the known current Permanent Handle, ending the interaction with the transponder, or if the transponder's currently known Permanent Handle becomes invalid, without the interrogator being aware of a new Handle valid permanent. The maximum validity of an established permanent Handle is limited to the duration of the communicative session.

[00093] In the description of the present invention, where it is not specified differently, the word Handle is also used in the sense of Permanent Handle.

[00094] The present secure communication system covers an identifier permanently stored in the physical memory of each transponder, dynamically generated by the transponder at run time, in such a way that the identifier is unique and allows the identification of the transponder without ambiguity. in the context of the present invention, this identifier is called UTID (unique transponder identifier) and, in principle, this identifier can be implemented by means of any binary code. As a non-limiting reference of the generality of the secure communication system, it was assumed that the UTID in the transponders is represented by a 64-bit binary number.

[00095] The present secure communication system covers a group identifier, called GID, permanently stored in the physical memory of the transponders, with the following semantics: any two transponders belonging to the same group use as GID the same binary code and the(s) ) same cryptographic key(s) to establish the secure context of a temporary communicative session, with the end of the transponder authentication by the interrogator; the reciprocal authorization of the interrogator by the transponder for access control, and the protection of communication between them through cryptographic mechanisms. Conversely, if two transponders have different group identifiers, they belong to different groups, and use different cryptographic keys to establish the secure context of the temporary communicative session.

[00096] In order to prevent unambiguous identification of transponders through the GID, and thus to protect the confidentiality of the identity of individual transponders, it is suggested that the amount of transponders belonging to the same group be significantly greater than (the number) one . Beyond what is required, defining the size and interpretation of the GID is not essential for the secure communication system.

[00097] As a non-limiting reference for the generality of the present secure communication system, it is assumed that the GID is represented by a 24-bit binary number.

[00098] In addition to cryptographic access control mechanisms, the present invention covers that transponders can have one or more individual cryptographic keys; that is, an individual key associated with the UTID, or sharing the same cryptographic keys with other members of the same group; that is, an individual key associated with the GID.

[00099] As a non-limiting reference to the generality of the present secure communication system, it is assumed: that the transponders of the same group, that is, with the same GID, will use the same AK key to establish the secure communicative context; which will optionally include the generation of a temporary SK session key, and will perform implicit mutual authentication, with implicit identification and reading of transponder data, through the Mutual_Auth_Read command; and that each transponder will use an individual key, called RK, for read access control, and another individual key, called WK, for data write access control.

[000100] In the present invention, without limiting the generality, the following formal notation is used to indicate that the key AK is determined as a function of the GID, and the keys RK and WK are determined as a function of the UTID of the transponder: AK = AK( GID),RK = RK(UTID), orRK = SK(MSK, S), according to the value of the GSK parameter of the Mutual_Auth_Read command, and WK = WK(UTID), respectively, with MSK = MSK(GID), and variable S seed per session.

[000101] Alternatively, the RK and WK keys can also be determined depending on the GID value.

[000102] The interrogator could, for example, search for AK, RK, WK and, optionally, MSK, in a database that contains the associations between GIDs and UTIDs, on the one hand, and authentication and access control keys, by other side. However, specifying the process for obtaining keys is not essential for the functioning of the secure communication system.

[000103] In addition, the present invention covers the case of dynamic generation of secret keys RK and WK, using information exchanged as part of establishing the secure context of the temporary session as a time-varying seed, using one or more indexed master keys and shared between transponder and interrogator. In this case, the maximum validity time interval of the dynamically generated keys is restricted to the limited duration of the corresponding communicative session.

[000104] In the context of the present invention, the encryption of a block B of plain text, using an encryption secret key K, and resulting in a block C of ciphertext, is termed as C = EK(B). The reverse operation, of decrypting a ciphertext block C, using a secret decryption key K, obtaining the original plaintext block B, is termed as B = DK(C). EK(B1, B2, ..., Bn), denoting the encryption of n text words B1, B2, ..., Bn, without defining a logical order, compression or combination (for example, by the logical XOR operation), specifies the words in the encryption process, whereas, similarly, DK(C1, C2, ..., Cn) calls the decryption of n text words C1, C2, ..., Cn, without defining an order, compression or specific logical combination of words in the decryption process.

[000105] Thus, for example, the dynamic generation of a secret key SK (session key), variable by time, for a session of restricted duration between interrogator and transponder, can be performed through the operation SK = SK(MSK, S) := EMSK(S), using a time-varying S seed - for example, a random number, and an MSK session secret key shared between interrogator and transponder.

[000106] It is noted that, below, in the descriptions of the constituent parts of the secure communication system, object of the present invention, the specification and description of the main parameters of the interrogator commands and transponder responses is focused, without limiting the generality of the secure system of the present invention, and without excluding the possibility of including additional parameters in the command signatures, and responses for other purposes that do not interfere or compromise the main purposes of these commands and responses.

[000107] Furthermore, as a reference, and without limiting the generality of the secure system, the generic parameters Handle and CRC will be included in the signatures of commands and responses. The Handle parameter is used to identify the recipients of data transmission. The CRC parameter represents an error-detecting code, of the cyclic redundancy check type, with the purpose of detecting failures in message transmission.

[000108] Note that the present invention allows the use of a mechanism for generating and verifying arbitrary error detecting codes. In order to maintain compatibility with the ISO 18000-6C protocol, it is recommended to apply code CRC-16, in the version specified by the CCITT (International Telegraph and Telephone Consultative Committee).

[000109] It is noted that the definition of detection and treatment of transmission and data processing failures are not fundamental to the specification of the secure communication system of the present invention.

Dynamic Encryption Engine

[000110] The dynamic data encryption mechanism is another embodiment of the present invention, which is carried out, in a first way, through the inclusion of two parameters, variable in time (unique values, nonces), in the encryptions and data decryptions, one being generated by the interrogator, and the other by the transponder, during the phase of mutual authentication and transponder identification of each new session.

[000111] As a non-limiting reference of the generality of the present secure communication system, 64-bit nonces will be considered in the binary representation, resulting in a range of 264 possible states for each one, and, together, resulting in 2128 possible states, thus ensuring that, in practice, binary representations of the result of encrypting texts containing one or both of the nonces, as a result of any of the observed encryptions, are incongruent - even if the original texts are the same.

[000112] Another embodiment of the present invention is a second way to perform dynamic cryptography, which occurs after initialization between transponder and interrogator, through the operation of the symmetric cipher of the cryptographic machine, with the well-defined generation of a variable data sequence in the time by combining, in a certain way, this sequence with the original data or with the encrypted data. The second form can be used in combination with the first form, described above, or separately.

[000113] Without limiting the generality of the secure system, to perform dynamic cryptography for a particular operating mode, the operating modes CBC (Cipher Block Chaining) and CTR (Counter) can be used, for example, as specified by NIST [NIST Special Publication 800-38A, 2001], or any other mode with comparable operational characteristics.

[000114] The purpose of using dynamic cryptography, in combination with interrogator and transponder generated nonces, is to protect confidentiality; the actuality (timeliness); the uniqueness, and the integrity (integrity) of the messages and data to be transmitted, via the air interface, which, by itself, does not allow an effective access control.

[000115] It is noted that the present secure communication system essentially allows the use of arbitrary symmetric algorithms, with block sizes and arbitrary keys, operated in modes compatible or comparable to those described in the present invention.

[000116] The present secure communication system covers the use of more advanced standardized symmetric algorithms in relation to the state of the art. As a non-limiting reference of the generality of the present secure communication system, it is assumed the use of the Advanced Encryption Standard (AES) algorithm [NIST Federal Information Processing Standards Publication No. 197, 2001], with processing blocks and symmetric 128-bit keys of size. If it is necessary to encrypt multiple blocks of data that form a logical unit, the cryptographic algorithm preferably operates in a mode that allows the chaining of the individual blocks, as performed by the CBC mode and the CTR mode (in relation to sequence of unique counters necessary for the correct decryption of encrypted data, ideally in combination with complementary mechanisms to protect the integrity of this data), ensuring the detection of alteration, or unauthorized substitution of encrypted data, exchanged between the interrogator and the transponder. In the case of the use of the AES algorithm, the present secure communication system provides, without limitation in generality, the use of the CTR operating mode, and, where it is not defined differently for individual block encryption, the use of the basic operating mode of ECB (Electronic Code Book) encryption [NIST Special Publication 800-38A, 2001].

[000117] It is another embodiment of the present invention that, by combining an interrogator nonce and a transponder nonce with the data encrypted in ECB mode, and for the generation of all initial counters for the CTR mode of the cryptographic machine, the dynamic encryption mechanism of the present secure communication system continues to work without degradation of quality of service, and without significant reduction in the level of security, even in the case where the random number generator, used in one of the two entities, is suffering transient failures unintentional, such as faults induced by electromagnetic interference, or intentional, such as maliciously injected faults.

Cryptographic Machine Initialization

[000118] Figure 2 schematically illustrates a mechanism for initializing the CTR mode of operation of a cryptographic machine on the interrogator and on the transponder as part of a communicative session, which constitutes an embodiment of the present secure communication system, and where, without limitation of the generality, assuming the operation with keys and blocks of u bits, where u is an even number: The interrogator first sends the custom command Init_CryptoEngine, which contains, as main parameter, a single value (nonce) of u/2 bits, generated by the interrogator , called CTR_R; the transponder responds with a message containing, as its main parameter, another single u/2-bit value generated by the transponder, called CTR_T, and by concatenating the two unique values, a u-bit value is received, which can be used as initial counter C0 for the CTR mode of the AES algorithm, implemented by the cryptographic machine of the transponders. Without limitation of generality, in the case of the standardized AES algorithm, the value of u can take one of the values 128, 192 or 256 bits, respectively.

[000119] The present secure communication system covers the cases in which the initialization of the CTR operating mode of the cryptographic machine, in the interrogator and in the transponder, is performed in alternative ways, and, without limiting generality, the random values CTR_R and CTR_T can , for example, being inserted, as supplementary parameters, in other commands that are part of the present secure communication system.

[000120] Figure 7 schematically illustrates a second mechanism for initializing the CTR mode of operation of the cryptographic machine, in the interrogator and in the transponder, which constitutes an embodiment of the present secure communication system, in which, the exchange of the halves of the initial counter, called CRN and CTN, is performed implicitly, as part of the custom implicit mutual authentication command.

[000121] It should be noted that the application of other cryptographic algorithms for operating modes, other than CTR, is subject to the requirement of different cryptographic machine initialization mechanisms, and the application of such mechanisms is covered by the secure communication system.

Mechanism to Establish a Permanent HANDLE for Extended Transponder Control

[000122] Figure 13 schematically illustrates a mechanism that allows the interrogator to obtain a permanent Handle of a transponder, right after singularization, which constitutes an embodiment of the present secure communication system, where the permanent Handle, or simply Handle, allows the interrogator maintain prolonged interactions with multiple transponders in parallel.

[000123] The interrogator sends the custom command Req_Handle, with the parameters Old_Handle and CRC, to the transponder, and the transponder responds with a message that contains the error detector code CRC and the new permanent Handle, called New_Handle; the interrogator accepts the New_Handle as a new permanent Handle for future interactions with the transponder, as part of a communicative session to be established with the transponder.

[000124] At the same time, with the establishment of the permanent Handle, the transponder's internal state changes to a new state, outside the set of original states, as defined by the ISO 18000-6C standard, causing the internal state and behavior insensitivity from the transponder to subsequent conflicting commands from the original protocol inventory, which constitutes an essential feature for a parallel interaction of an interrogator with multiple transponders - constituting yet another embodiment of the present secure communication system.

[000125] Without limiting the generality, the interrogator, in general, establishes the permanent Handle, soon after having successfully singularized a transponder; that is, right after receiving the first temporary reference RN16 and the information from the UII memory area of the transponder, in response to sending the ACK message to it, as part of the inventory procedure, as specified in the ISO 18000-6C protocol. Consequently, in the first call of the Req_Handle command, after singularizing the transponder, the interrogator must use the value of the temporary reference RN16, as the value of the Old_Handle parameter, to establish a permanent Handle.

Mechanisms for Communicative Session Initiation

[000126] The session initiation mechanism between an interrogator and a transponder constitutes another embodiment of the present secure communication system, where the transponder informs the interrogator of its group identifier (GID), and where a secure context of the temporary communicative session, in preparation for the subsequent step of mutual authentication and identification of the transponder by the interrogator.

[000127] Session initialization can be performed after transponder singularization and after establishing a valid permanent Handle, by means of a dedicated custom command. Figure 3 schematically illustrates a first mechanism for initializing a new session between an interrogator and a transponder, which constitutes another embodiment of the present secure communication system, where the interrogator sends the custom command Init_Session, with the Handle and CRC parameters, to the transponder , and the transponder responds with a message containing the Handle; the GID; a single TN value (nonce transponder); a unique CTN (counter transponder nonce) value, and the CRC error detector code.

[000128] A second alternative mechanism, which constitutes another embodiment of the present secure communication system, forwards the parameters GID, TN and CTN, from the transponder to the interrogator, forming the response of each transponder in the inventory phase, so that the The response with the UII memory data includes the GID and the unique TN and CTN values, either dynamically generated during runtime, or pre-calculated in advance.

[000129] Figure 4 is a schematic representation of the inventory, according to the ISO 18000-6C protocol, with the transponder response, according to the second alternative mechanism, which constitutes another embodiment of the present secure communication system, where: the first three steps mark the messages provided for by the ISO 18000-6C protocol during the detection and singularization of a transponder [ISO/IEC 18000-6/Amd 1], and the fourth step shows the inclusion of the additional parameters GID, TN and CTN in the final response of the transponder, where, to maintain compliance with the ISO 18000-6C protocol, the TN and CTN memory areas can be logically mapped into the memory area of the UII memory bank.

[000130] The advantage of the second mechanism (figure 4) over the first (figure 3) is a significant reduction in the communication overhead, since, as the indispensable data is transmitted in passing during the inventory, there is no need to carry it out. one more message exchange, that is, a command from the interrogator and a response from the transponder.

[000131] Figure 5 is a schematic representation of the inventory, according to the ISO 18000-6C protocol, with the transponder response, according to a third alternative mechanism, which constitutes another embodiment of the present secure communication system, where, in the fourth step, only the invariant GID parameter is included in the final transponder response, and the variable values by time TN and CTN are generated by the transponder and forwarded to the interrogator, as part of the authentication and identification phase, as described in the Mutual_Auth_Read command.

[000132] Therefore, the third mechanism allows the memory area of the GID parameter to be logically or physically mapped into the memory area of the UII memory bank, eliminating the need to generate a new single value in real time, or to have it available a single pre-calculated value during inventory.

[000133] As a result, a key advantage of the third mechanism is that it enables the transponder to meet the constraints defined for permissible response times as part of the inventory process specified in ISO 18000-6C. In particular, this significantly facilitates the eventual implementation of the mechanisms presented in the present invention in passive transponders, typically processing slower than those that use an internal battery for processing, where the former, in general, need to generate numbers. cryptographic pseudo-random, of a time significantly longer than that foreseen by the ISO 18000-6C standard for the transponder responses to commands that are part of the inventory phase.

[000134] Then, as a non-limiting reference of generality, the availability of the third communicative session initialization mechanism is assumed, between the interrogator and the transponder, with information on the GID value as part of the inventory, and with the generation and information of the TN and CTN nonces as part of the transponder authentication and identification phase.

Mechanism for Generating Time-Variable Parameters

[000135] In another embodiment of the present secure communication system, prior to each new communicative session, between the interrogator and the transponder, which involves the transfer of encrypted data, the interrogator and the transponder determine and share two new time-varying parameters, TN and RN, in a well-defined way, or generate values derived from the unique values established prior to the current communicative session, and, in both cases, the interrogator and the transponder must establish the same new values for TN and RN.

[000136] As a non-limiting generality reference, let Next_Nonce be a bijector function N<m ^ N<m, which unambiguously generates a new value derived n' from a known value n: n' = Next_Nonce (n), with N<m being the universe of natural numbers less than a maximum number m, including the number zero, and thus, in the context of the present secure communication system, and without limitation of generality, it is assumed that interrogators and transponders implement the same Next_Nonce function, to generate derivatives of TN and RN nonces, as needed, in the following form: TN = Next_Nonce (TN) and RN = Next_Nonce (RN).

[000137] Without limiting the generality, an example for the Next_Nonce function is “increment by 1 (module m)”: n' = Next_Nonce (n) = n+1 (module m), with m = 264, in the case of nonces 64 bits in size.

[000138] Figure 6 illustrates an alternative mechanism to establish a new pair of unique values, between the interrogator and the transponder, which constitutes another embodiment of the present secure communication system, where the interrogator sends, in a first step, a new unique value to the transponder, implicitly requesting a new unique value from the transponder, which responds with a new unique value. In this example, and without limitation of generality, the exemplary name Set_RN_TN of the custom interrogator command was chosen.

[000139] Alternatively, the RN and TN nonces can be encrypted before transmission, using a secret key shared between transponder and interrogator.

[000140] Other purposes of changing the TN and RN nonces, in each new custom command exchange and corresponding response in the current session between the interrogator and transponder, and before the start of a new session, are: - To protect the timeliness and uniqueness of messages, verifying the TN and RN values included in received messages, both interrogator and transponder, being able to determine, without ambiguity, if the message is being current or if it is a repetition of an old message. - Protect the confidentiality of information included in messages, by increasing the original text, with TN and RN nonces before encryption, which results in a different ciphertext, even if the initial text is identical, before two encryptions at different times.

[000141] In particular, before the initialization and availability of operational modes of the cryptographic machine with automatic output variation, the use of nonces in the way described is necessary to protect confidentiality, as in the case of using the ECB mode, for example. - Protect the integrity of information included in messages, by augmenting the original text with the nonces TN, RN, or with both nonces, before encrypting the text, which results in a known part of the original text, which serves as a reference for the validation of future ciphertext decryption, taking advantage of the characteristic that, using an advanced cryptographic algorithm such as AES, a change of at least one bit in the ciphertext (in ECB mode, for example), results, in practice, in the alteration of each individual bit of the deciphered text, with a probability of approx. 50% compared to the original text.

[000142] Without limitation of generality, inserting in the original text a known nonce of, for example, 64 bits in size, the probability of detection of a ciphertext alteration approximately corresponds to the value 1-(1/2)64, that, in practice, it allows detection of all occurrences of bit changes.

[000143] In particular, the combination of a known nonce with a data unknown to the recipient, in the same original text, is necessary for the protection and verification of the integrity of the encrypted text, against changes in the case of using the ECB and CTR operational modes [ NIST Special Publication 800-38A, 2001], as well as in the case of any operational mode of cryptographic algorithms that does not allow verification of the integrity of (unknown) encrypted data as part of the decryption process.

Mechanism for Mutual Authentication Implicit with Transponder Identification

[000144] The mechanism for implicit mutual authentication with identification, of the transponder by the interrogator, constitutes another embodiment of the present secure communication system. The mechanism, among other essential purposes, aims, in the context of a communicative session, to prove the authenticity of the transponder to the interrogator. Another purpose is, through the early transmission by the transponder of the data requested by the interrogator, after encapsulation by a suitable cryptographic envelope, to authenticate the interrogator, indirectly and implicitly, without receiving an immediate response from the interrogator to the challenge provided by the transponder, thus, implicitly restricting access to unique numbers and a fixed set of additional identification data provided by the transponder to authentic interrogators.

[000145] The resulting mechanism protects the confidentiality, integrity and timeliness of this transponder identifying information during transmission by means of dynamic encryption to prevent unauthorized third parties from identifying and tracking the transponder.

[000146] The mechanism also ensures that only an authentic interrogator can open the cryptographic envelope, thus protecting the data provided in advance by the transponder. For a non-authentic interrogator, the cryptographic envelope only contains a set of data, in unrecognizable binary form, as a result of the applied cryptographic mechanism, which constitutes another embodiment of the present invention.

[000147] Another embodiment of the present secure communication system is that implicit mutual authentication becomes explicit, for the transponder, with knowledge of the authenticity of the interrogator, from the moment the (authentic) interrogator sends a memory access command of the transponder, aiming at reading or writing data, containing the correct answer to the initial transponder challenge.

[000148] Figure 7 schematically illustrates the implicit mutual authentication between an interrogator and a transponder, based on the Mutual_Auth_Read command, which allows, transversally, to determine the authenticity, first, of the transponder and, implicitly, of the interrogator through a scheme of challenge-response in combination with dynamic cryptography, with an implicit reading of identifying data from the transponder that is protected by a cryptographic envelope - which constitutes another embodiment of the present secure communication system.

[000149] Already aware of the GID group identifier and the permanent Handle of the transponder, the interrogator sends the custom Mutual_Auth_Read command to the transponder, with authentication challenge and the first half of the seed for the initialization of the cryptographic machine, in preparation of the mechanisms of encryption for the ongoing communicative session. The transponder processes the interrogator's command, and prepares the response with two essential components. The first component is represented by an encrypted data packet, in ECB mode and, without limitation in generality, containing the challenge of the transponder to the interrogator and the second half of the seed for the initialization of the cryptographic machine, for the CTR operating mode, with chaining of encrypted blocks (through a specific sequence of counters used in encryption).

[000150] The second component is composed of a sequence of encrypted and chained blocks, in CTR mode and, without limitation in generality, after initialization of your cryptographic machine, by the set of halves of the seed as the basis of the initial counter, using both challenges - of the interrogator and the transponder -, with an internal reference in the first cipher block to validate the correct decryption and, optionally, generating a temporary secret key for the current session, using the two challenges TN and RN, together with the seed, in combination with a shared secret key.

[000151] A non-authentic transponder is not aware of the required shared secret keys associated with the given GID, or the default session secret key, or the master secret key needed to generate the session temporary key, and thus does not manages to get the challenge and half the seed of the interrogator, thereby failing to generate the envelope with the transponder data in CTR mode, with the interrogator challenge inserted as reference, and the correct answer to the challenge.

[000152] Likewise, a non-authentic reader is not aware of the shared secret keys that guarantee data protection; keys are associated with the known GID, and cannot decrypt in ECB mode half of the transponder seed, and, consequently, cannot decrypt in CTR mode the envelope with the transponder's confidential data.

[000153] Additionally, the non-authentic interrogator cannot decrypt the encrypted transponder challenge in ECB mode.

[000154] In addition, the non-authentic interrogator is not able to provide the response to the challenge encrypted in CTR mode in subsequent attempts to access the transponder, through the custom commands Secure_Auth_Read and Secure_Auth_Write, guaranteeing the failure of authentication and authorization of these requests by the transponder.

[000155] The basic procedure of implicit mutual authentication mechanism with transponder identifier data reading is performed by the custom Mutual_Auth_Read command is shown in more detail in Figure 7.

[000156] In a first step, the interrogator obtains the default symmetric authentication key from the current transponder, AK = AK(GID), using the GID as a reference; generates the unique numbers RN (reader nonce) and CRN (counter reader nonce), which serve as challenge and seed, respectively, from the interrogator to the transponder; concatenate the nonces with the three parameters SMD, DMD, and GSK; computes, in ECB mode, the EAK ciphertext (RN, CRN, SMD, DMD, GSK) and, finally, sends the Mutual_Auth_Read command with the prepared parameters and with the other parameters, as specified in Figure 7, to the transponder.

[000157] The SMD parameter (Static Message authentication code Descriptor), which constitutes another embodiment of the present secure communication system, represents an indicator for the optional inclusion of a static integrity and authenticity protection code SMAC (Static Message Authentication Code), pre-computed over the concatenated UTID and TDATA data, and permanently recorded in the transponder's non-volatile memory when the transponder responds.

[000158] Without limiting generality, the preferred implementation of static authenticity code is the CMAC mechanism [NIST SP800-38B, 2005], with generation of MAC codes (Message Authentication Code) 128 bits in size.

[000159] The DMD parameter (Dynamic Message authentication code Descriptor), which constitutes another embodiment of the present secure communication system, represents an indicator for the optional inclusion of a dynamic integrity and authenticity protection code DMAC (Dynamic Message Authentication Code) in the response of the transponder, and which must be computed at runtime on a selection of the other data elements of the response, including the nonces RN and TN, and additionally, the data UTID and TDATA, in original text or in ciphertext form.

[000160] Without limiting the generality, the preferred implementation of the dynamic authenticity code is the CMAC mechanism [NIST SP800-38B, 2005], with generation of MAC codes (message authentication code) of 64 bits in size.

[000161] In the second step: the transponder obtains the EAK response (RN, CRN, SMD, DMD, GSK) from the interrogator, decrypts the response using the secret symmetric key AK, calculates DAK(EAK(RN, CRN, SMD, DMD, GSK)), stores the RN challenge, half of the interrogator's initial CRN counter, and the SMD, DMD, and GSK parameters, and continues the execution of the third step of implicit mutual authentication.

[000162] In the third step: the transponder generates the unique numbers TN (transponder nonce) and CRN (counter transponder nonce), which serve as challenge and seed, respectively, from the transponder to the interrogator; concatenates these nonces and computes the EAK ciphertext (TN, CTN) in the ECB mode of the AES cryptographic engine; obtains the UTID (Unique Transponder IDentifier) and TDATA (Transponder Data) data from memory, and, if indicated by the SMD parameter received from the interrogator, obtains from memory the SMAC static authenticity and integrity code, pre-calculated on the UTID data and TDATA, or defines the value of SMAC as the empty word with zero length (empty word string); calculates a CRC-16 error detector code, called DCRC, on the data RN, TN, UTID, DATA, obtaining DCRC = CRC-16 (RN, TN, UTID, TDATA); initializes the CTR operating mode of the internal cryptographic machine itself using, as the initial counter, the CTN value concatenated with CRN; encrypts, with the AES cryptographic machine, in CTR mode, the text composed of the values RN, TN, UTID, TDATA, DCRC, and SMAC, using the secret key SK, with SK obtained, as indicated by the GSK parameter, from the interrogator; that is, by reading a standard session key from memory, or generated on the fly, using a session key obtained from memory in combination with a seed, represented by the set of RN and TN values, thus obtaining ESK(RN, TN , UTID, TDATA, DCRC, SMAC), if indicated by the DMD parameter received from the interrogator; generates the DMAC dynamic authenticity and integrity code, on the RN, TN, UTID, TDATA data, or defines the DMAC value as the empty word with zero length (empty word string); and returns the set of values, obtained in response with the other parameters, to the interrogator, as specified in figure 7.

[000163] In the fourth step: the interrogator obtains the response from the transponder; first decrypts the TN and CTN data of the transponder, using the secret symmetric key AK, calculating DAK(EAK( TN, CTN )); initializes the CTR operating mode of the internal cryptographic machine itself, using the CTN value as the initial counter, concatenated with the known CRN value; obtains the secret key from the SK session. as indicated by the GSK parameter, either gets the current transponder's default session key, SK = SK(GID), using the GID as a reference, or generates the session key. using an MSK session secret generator key from the transponder, using the GID as a reference, MSK = MSK(GID), in combination with the seed represented by the set of known values RN and TN; decrypt the ciphertext ESK(RN, TN, UTID, TDATA, DCRC, SMAC); verifies that the RN and TN values contained in the deciphered text are identical to the locally held copies; recalculates and checks the DMAC code if not represented by the zero-length word as indicated by the DMD parameter; recalculates and checks the SMAC code, if not represented by the zero-length word, as indicated by the SMD parameter; recalculates and verifies the DCRC code, and in case all checks are successful, the transponder authentication is considered successful, and the interrogator extracts the UTID identifier and the TDATA data from the decrypted text; and completes the implicit mutual authentication, considering the transponder as authentic. If transponder authentication fails, the interrogator considers the transponder to be non-authentic and handles the failure accordingly.

[000164] It is noted that the specification of transponder reaction to interrogator authentication failure, and vice versa, interrogator reaction to transponder authentication failure, may vary according to the needs of the particular application, without influencing the basic operation of the implicit mutual authentication mechanism.

[000165] Without limiting the generality of the secure system, the address of the part of memory to be returned by the transponder, represented by the data ITUD, TDATA and, optionally, the additional value SMAC, can be specified by a variable parameter to be included in the command of the interrogator, instead of using a pre-defined addressing.

[000166] In addition, and without limitation of generality, the DMAC data can be calculated over other data sets, including broader data sets, and with the individual data being either the original text or encrypted text, with the only requirement that the DMAC code allows the interrogator, without ambiguity, to verify the integrity of the RN, TN, UTID, and TDATA data. Mechanism for Secure Reading with Request Authentication

[000167] The mechanism for secure reading with request authentication is another embodiment of the present secure communication system, and, among other essential purposes of this mechanism, are included: enabling the interrogator to read a defined amount of data from the persistent or volatile memory of the transponder; the verification of the authenticity and authorization of the interrogator reading request, through a challenge-response mechanism in the transponder; the protection of the integrity, uniqueness, timeliness and confidentiality of the data transmitted, via the air interface, by dynamic cryptography, and by error-detecting codes of the CRC type. Optionally, the protection can also use cryptographic codes of integrity and authenticity, of the MAC (message authentication code) type, including a descriptor of the memory area to be read and the data to be returned by the transponder, in order to prevent unauthorized third parties may manipulate or obtain knowledge of data stored or generated by the transponder, once these third parties have broken all barriers of protection of communication and data storage described up to the present described level.

[000168] Figure 8 schematically illustrates an authenticated reading, between interrogator and transponder, based on the Secure_Auth_Read command, and which constitutes another embodiment of the present secure communication system.

[000169] In a first step: the interrogator obtains the current transponder's read authorization symmetric key, RK = RK (UTID), using the UTID as a reference; updates local copies of the nonces of the current session, TN = Next_Nonce (TN) and RN = Next_Nonce (RN); calculates, with the AES cryptographic engine, in CTR mode, the ciphertext ERK(TN, RN, LMAR, LCRC, DMD), with LMAR being a descriptor of the range of the logical memory area to be read, LCRC being a code detector of errors, of the CRC type, computed on the LMAR parameter, and DMD being an indicator for the optional inclusion of a dynamic DMAC integrity and authenticity protection code in the response to be computed by the transponder at run time on the main elements of response data; and sends the Secure_Auth_Read command, with the parameters entered, as specified in Figure 8, to the transponder.

[000170] As a non-limiting generality reference, following the ISO 18000-6C standard, the LMAR logical memory area range descriptor can be defined by concatenating the following fields specified in the ISO 18000-6C protocol: MemBank, WordPtr, and WordCount . Note that the LMAR must comply with the requirements of the ISO 18000-6C protocol, regarding correct memory addressing.

[000171] As another non-limiting generality reference, the LMAR logical memory area range descriptor can be represented by a more complex data structure, incorporating additional parameters, including the LCRC and DMD parameters and others, and in the case of secure writing mechanism with request authentication, one or more integrity protection codes, type CRC-16 or other, protecting the data to be written in the memory range defined by LMAR.

[000172] In the second step: the transponder updates the local copies of the nonces of the current session, TN = Next_Nonce (TN) and RN = Next_Nonce (RN); decrypts the ciphertext, received from the interrogator, using the read authentication secret symmetric key RK; calculates DRK(ERK(TN, RN, LMAR, LCRC, DMD)), with AES cryptographic engine, in CTR mode; verifies that the values contained in the deciphered text TN and RN are identical to the local copies, and that the LCRC code is correct; if so, the authentication and authorization of the interrogator is considered successful, and the transponder continues the execution of the third step of reading and authenticated; otherwise, the interrogator is considered unauthorized to read data from the transponder's memory, and the transponder suspends the communicative session with the interrogator, or handles the failure in some other appropriate manner.

[000173] In the third step: the transponder obtains the RDATA data, requested from the memory area specified in the LMAR parameter; calculates an error-detecting code, of the CRC type, on the set of RN, TN, and RDATA values; encrypts, in CTR mode, the text composed by the values TN, RN, RDATA and RCRC, resulting in the ciphertext ERK (TN, RN, RDATA, RCRC); generates the DMAC dynamic authenticity and integrity code over the RN, TN, and RDATA data, or sets the DMAC value to the zero-length empty word (empty word string), as indicated by the received DMD parameter; and returns the final results obtained in the answer, with the other parameters, to the interrogator.

[000174] In the fourth step: the interrogator decrypts, in CTR mode, the ciphertext ERK(TN, RN, RDATA, RCRC) of the transponder, using the secret symmetric key RK; calculates DRK(ERK(TN, RN, RDATA, RCRC)); verifies that the values contained in the deciphered text TN and RN are identical to the locally kept copies; re-evaluates and verifies the RCRC code; if they are identical, the RDATA data returned is considered authentic, healthy, and current, and the interrogator considers the read successful; in case the nonces TN and RN are not congruent with the local values, or in the case of failure of the verification of the RCRC code, the interrogator considers the reading to be irregular, and continues its processing in this direction.

[000175] Note that the specification of the transponder's reaction to the interrogator's authorization failure, and vice versa, of the interrogator's reaction to the failure to verify the authenticity and timeliness of the data returned by the transponder, may vary according to the needs of the application privately, without influencing the basic operation of the authenticated read mechanism.

[000176] Without limiting the generality of the secure system, the DMAC data can be calculated over other data sets, including broader data sets, and with the individual data being in plain text or in encrypted text, with the only requirement that the DMAC code allows the interrogator to unambiguously verify the integrity of the RN, TN, and RDATA data.

[000177] Alternatives to key management constitute, without limitation of generality, in the RK key being dynamically generated by the interrogator and the transponder, or replaced by the current SK session key already established.

[000178] Another embodiment of the present secure communication system provides for the performance of a new authentication in each new read command, with the TN and RN session nonces changed through the Next_Nonce function, to ensure that a session hijacking ) is not practicable, as each read access is authorized individually.

Mechanism for Secure Writing with Order Authentication

[000179] The mechanism for secure writing with request authentication is another embodiment of the present secure communication system, and includes, among other essential purposes of this mechanism, enabling the interrogator to write a defined amount of data in memory, persistent or volatile, from the transponder; the verification of the authenticity and authorization of the interrogator's writing request, through a challenge-response mechanism in the transponder, and the protection of the integrity, uniqueness, timeliness, and confidentiality of data transmitted, via the air interface, by dynamic encryption , error-detection codes, of the CRC type, and, optionally, by cryptographic codes of integrity and authenticity, of the MAC (message authentication code) type, including the memory area descriptor to be written, the data to be written, and the writing operation execution code to be returned by the transponder, in order to prevent unauthorized third parties from manipulating or obtaining knowledge of data stored in or generated by the transponder.

[000180] Figure 9 schematically illustrates the authenticated writing between an interrogator and a transponder, based on the Secure_Auth_Write command, which constitutes another embodiment of the present secure communication system.

[000181] In a first step: the interrogator obtains the current transponder's symmetric write authorization key, WK = WK (UTID), using the UTID as a reference, updates the local copies of the nonces of the current session, TN = Next_Nonce (TN ) and RN = Next_Nonce (RN); calculates, with the AES cryptographic engine, in CTR mode, the EWK ciphertext (TN, RN, LMAR, LCRC, WDATA, WCRC, DMD), with LMAR being a descriptor of the range of the logical memory area to be written, LCRC being an error-detecting code, of the CRC type, computed on the LMAR parameter, WDATA, representing the data to be written, WCRC being an error-detecting code, of the CRC type, computed on the WDATA, and DMD data, being the indicator for the optional inclusion of a dynamic integrity and authenticity protection code calculated on the main elements of the command; inserts the DMD data a second time, without encryption, into the command, along with the DMAC dynamic integrity and authenticity code, or calculated on the RN, TN, LMAR, and WDATA data, or represented by the zero-length empty word (empty word string), as indicated by the DMD parameter; and sends the Secure_Auth_Write command, with the parameters entered, as specified in Figure 9, to the transponder.

[000182] Without limiting the generality, the DMD parameter is included a second time, as original text, before the DMAC data, so that the transponder has the ability to consider the DMAC descriptor, without needing to decrypt the encrypted data received in real time during transmission.

[000183] Alternatively, and without limitation of generality, the WCRC code can be computed over other data, such as over the TN, RN, and WDATA dataset, to associate the nonce values with the CRC code.

[000184] As a non-limiting generality reference, following the ISO 18000-6C standard, the LMAR logical memory area range descriptor can be defined by concatenating the following fields specified in the ISO 18000-6C protocol: MemBank, WordPtr, and WordCount . Note that the LMAR must comply with the requirements of the ISO 18000-6C protocol regarding correct memory addressing.

[000185] In the second step: the transponder updates the local copies of the nonces of the current session, TN = Next_Nonce (TN) and RN = Next_Nonce (RN); decrypts in CTR mode the ciphertext received from the interrogator using the WK secret symmetric key for read authentication; calculates DWK(EWK(TN, RN, LMAR, LCRC, WDATA, WCRC, DMD)); verifies that the RN and TN values contained in the deciphered text are identical to the locally held copies; re-evaluates and verifies the DMAC code if not represented by the zero-length word as indicated by the decrypted DMD parameter; re-evaluates and verifies the LCRC code; re-evaluates and verifies WCRC code; if all checks are successful, the interrogator's authentication and authorization is considered successful, and the transponder continues performing the third step of authenticated writing; otherwise, the interrogator is considered unauthorized to write data to the transponder's memory, and the transponder suspends the communicative session with the interrogator, or handles the failure in some other appropriate manner.

[000186] In the third step: the transponder writes the WDATA data into the memory area specified in the LMAR parameter; generates an informative code of the result of the operation called WCODE; encrypts, in CTR mode, the text composed of the three values TN, RN, and WCODE; returns the final EWK result (TN, RN, WCODE) as an answer with the other parameters to the interrogator.

[000187] In the fourth step: the interrogator decrypts, in CTR mode, the ciphertext EWK (TN, RN, WCODE) of the transponder, using the secret symmetric key WK, calculates DWK(EWK ( TN, RN, WCODE ); the values contained in the deciphered text TN and RN are identical to the copies held locally; if so, the WCODE code will be considered authentic, intact and current, the interrogator considers the writing according to the particular semantics defined by the WCODE code; otherwise, if the nonces TN and RN are not congruent with the local values, the interrogator considers the reading as irregular and continues its processing in this sense, treating the situation in an adequate way.

[000188] Note that the specification of the transponder's reaction to the interrogator's authorization failure, and vice versa, of the interrogator's reaction to the failure to verify the authenticity and timeliness of the data returned by the transponder, may vary according to the needs of the application privately, without influencing the basic operation of the authenticated read mechanism.

[000189] An example for generating the WCODE in the transponder, which constitutes another embodiment of the present secure communication system, is the generation of a CRC-16 code on the contents of the memory area that has just been written. However, the semantics of the authentic codes, returned by the transponder in response to the data writing operation, and the handling of different codes in the interrogator have no bearing on the present secure communication system.

[000190] Alternatives of key management constitute, without limitation of generality, the dynamic generation of the WK key, by the interrogator and the transponder, or its replacement by the current SK session key already established.

[000191] Another embodiment of the present secure communication system provides for the performance of a new authentication, in each new write command with the TN and RN session nonces, changed through the Next_Nonce function, to ensure that a session hijacking ) is not practicable, as each write access is authorized individually.

Extended State Machine

[000192] Figure 10 schematically illustrates the extended state machine of the transponders, which constitutes another embodiment of the present secure communication system, where, from the original states of the ISO 18000-6C protocol, the following states were disabled and eliminated: Open , Secured, and Killed, and all transitions associated with these states have also been eliminated.

[000193] As a non-limiting generality reference, new states and transitions were introduced in the transponder state machine for new interrogator commands and corresponding transponder responses: WAITING, MAR-PROC, MAR-READY, AUTHENTICIATED, SAR-PROC, SAR -READY, SAW-PROC, and SAWREADY.

[000194] These new states are assumed by each transponder in the following situations and under the following conditions:- WAITING, meaning “waiting”: The transponder immediately switches to this state if, and only if, one of the following conditions is satisfied: a) The transponder is currently in the ACKNOWLEDGED state, and has completed sending a response to error-free receipt of a Req_Handle command from an (error-free) transmission from the RSU;b) The transponder is currently in WAITING and has completed sending response regarding the error-free receipt of a repetition of the previous RSU Req_Handle command;c) The transponder is currently in WAITING and has completed sending the response regarding the error-free receipt of a new Req_Handle command request (with Valid permanent handle) of the RSU;d) The transponder is currently in the MAR-PROC state and has completed receiving, error-free, and is executing the Finalize command from the interrogator, with the FEOP flag set. - MAR-PROC, abbreviation for “mutual-authentication processing”: The transponder immediately switches to this state if one of the following conditions is met: a) The transponder is currently in the WAITING state, and has completed sending auxiliary response for error-free receipt of a Mutual_Auth_Read command from the interrogator;b) The transponder is currently in MAR-PROC state, and has completed sending an auxiliary response for error-free receipt of a direct retransmission of the command Mutual_Auth_Read from the interrogator, which was already received by the transponder in a previous transmission.- MAR-READY, abbreviation for "mutual-authentication ready" (mutual-authentication ready): The transponder immediately switches to this state if one of the following conditions is met:a ) The transponder is currently in the MAR-PROC state, has completed the internal processing of the Mutual_Auth_Read command, including the necessary decryption and encryption operations i internal data, has successfully prepared the secure envelope with encrypted transponder identifier data, and is ready to return the implicit mutual authentication return message to the interrogator; b) The transponder is currently in MAR-READY state and has completed sending reply assist in a direct, error-free retransmission of the interrogator's last Mutual_Auth_Read command, which has already been processed by the transponder.- AUTHENTICATED, meaning “authenticated”: A transponder immediately switches to this state if one of the following conditions is satisfied: a) The transponder is currently in MAR-READY state, and has completed receiving, in error-free transmission, the Finalize command from the interrogator, and has responded by sending the Mutual_Auth_Read command back to the interrogator; b) The transponder is currently in the AUTHENTICATED state and has completed by responding to a direct, error-free retransmission of the previously processed Finalize command from the interrogator; c) The transponder es it is currently in the SAR-PROC state and completed receiving, error-free, and executing the Finalize command from the interrogator, with the FEOP flag set; d) The transponder is currently in the SAR-READY state, received the Finalize command from the interrogator, in transmission error-free, and has completed sending the response to the Secure_Auth_Read command to the interrogator; e) The transponder is currently in the SAW-PROC state and has completed receiving, error-free, and executing the interrogator's Finalize command. with the FEOP flag set; f) The transponder is currently in the SAW-READY state, received the Finalize command from the interrogator, in error-free transmission, and completed sending Secure_Auth_Write command response to the interrogator.- SAR-PROC, abbreviation for “read-authenticated-secure processing ” (secure-authenticated-read processing): The transponder immediately switches to this state if one of the following conditions is met: a) The transponder is currently in the AUTHENTICATED state and has completed sending auxiliary response to error-free receipt of Interrogator Secure_Auth_Read command;b) The transponder is currently in the SAR-PROC state and has completed sending an auxiliary response for error-free receipt of a direct retransmission of the Secure_Auth_Read command from the interrogator, which was already received by the transponder in a previous transmission .- SAR-READY, abbreviation for “secure-authenticated-read ready”: The transponder immediately switches to this status if one of the following conditions is met: a) The transponder is currently in the SAR-PROC status and has completed the internal processing of the last Secure_Auth_Read command received, including the necessary internal data decryption and encryption operations, has successfully authenticated and authorized, the interrogator in process, and is ready to send back message to the processed Secure_Auth_Read command to the interrogator; b) The transponder is currently in the SAR-READY state and has completed sending an auxiliary response regarding error-free receipt of a retransmission from the last Secure_Auth_Read command of the interrogator, which has already been processed by the transponder. - SAW-PROC, abbreviation for "secure-authenticated-write processing" (secure-authenticated-write processing): The transponder immediately switches to this state if one of the following conditions is satisfied: a) The transponder is currently in the AUTHENTICATED state and has completed sending an auxiliary response for error-free receipt of the Secure_Auth_Write command from the interrogator;b) The transponder is currently in the SAW-PROC state and has completed sending an auxiliary response for error-free receipt of a direct retransmission from the Secure_Auth_Write command from the interrogator, which was already received by the transponder in a previous transmission.- SAW-READY, abbreviation for “secure-authenticated-write ready): The transponder immediately switches to this state if one of the following conditions is satisfied: a) The transponder is currently in the SAW-PROC state and has completed the internal processing of the last received Secure_Auth_Write command, including the operas required internal data decryption and encryption, has successfully authenticated and authorized the interrogator in the process, and is ready to send the return message to the processed Secure_Auth_Write command to the interrogator; b) The transponder is currently in the SAW-READY state and completed sending an auxiliary response for error-free receipt of a direct retransmission of the interrogator's last Secure_Auth_Write command, which has already been processed by the transponder.

[000195] Without limitation of generality, in addition to the above state transitions, the transponder can implement additional transitions, for example, to the initial READY state, according to the desired behavior in exceptional situations, including: a) The transponder receives a command Select;b) The transponder receives a Query, QueryRep, or QueryAdjust command; c) The transponder receives an unexpected custom command (outside the standard command flow), skipping necessary states and/or transitions, as defined in the present invention; d) The transponder performed a restart (reset) or a re-energization (power -up) due to power loss or other transient failure that resulted in loss of internal transponder status information.

[000196] Note that the state machine modified above represents a reference model compatible with the commands defined in the realization of the secure communication system, including all other compatible realizations of this reference state machine that enable an implementation of mechanisms of communication, whose functionality is compatible with the secure communication system of the present invention, including state machines with different names, number or types of states, and transitions.

[000197] Without losing the essence of the present secure communication system, and without limiting the generality, conceivable alternative realizations can, for example, unite the two states SAR-PROC and SAR-READY into a single state, if the execution mechanism in two phases of custom commands is not implemented, or if its execution is unnecessary, for example, because of a secure communication system implementation in a transponder with advanced hardware that allows a transponder response without significant delay, and within limits protocol and application definitions, the same observation being valid for the two pairs of states SAW-PROC and SAW-READY, and MAR-PROC and MAR-READY.

Mechanism for Two-Phase Command Execution

[000198] Figure 11 schematically illustrates the command execution mechanism in two phases, through auxiliary messages that constitutes another embodiment of the present secure communication system.

[000199] The two-phase execution mechanism applies to message pairs, consisting of an interrogator command and the corresponding response of the addressed transponder.

[000200] A first essential purpose of the mechanism is to enable transponders, to send a first auxiliary confirmation response to primary commands that need cryptographic processing, with an internal processing time in the transponder in the order of magnitude of milliseconds to tens of milliseconds or more, where this quality enables interrogators to detect transmission and processing errors that would result in the main custom command not being executed, in a short and well-defined time interval. Concretely, and without limiting generality, the mechanism allows, according to ISO 180006C, the transponder to continue responding to the interrogator's customized command, at time T1, and the interrogator can detect the lack of response at time T3 (timeout) .

[000201] Another purpose of the mechanism is to leave the interrogator in control of the interaction with the transponder and, after the presumed termination of the processing of the primary custom command in the transponder, after the time Δt, the interrogator requests, through an auxiliary custom command called Finalize , to the transmission of the primary transponder response.

[000202] Thus, the execution of the main custom command is divided into two distinct phases: the first phase being the confirmation, and the second phase being the completion of the main command execution.

[000203] A significant advantage of this two-phase main command execution is that the interrogator can take advantage of the time interval Δt, during which the transponder is being occupied with processing the primary request, to process other tasks or communicate with others transponders, reducing waiting time and increasing the operational efficiency of the interrogator.

[000204] The two-phase execution mechanism of the present secure communication system will benefit from the execution of any command-response pair, between interrogator and transponder, which involves prolonged processing in the transponder, and, in particular, this mechanism applies to custom commands that involve using encryption on the transponder: Mutual_Auth_Read, Secure_Auth_Read, and Secure_Auth_Write.

[000205] As a non-limiting reference of the generality of the present secure communication system, to enable the interrogator to estimate the time Δt more accurately, information about the performance or processing time of the transponders can be kept in a database and the interrogator can access this information using one of the GID, UTID and SPC values received from the transponder as the access key.

[000206] Alternatively, a variation of the auxiliary response that constitutes another embodiment of the present secure communication system, is the inclusion of an optional parameter - called EPTI -, to indicate the expected processing time indicator, The EPTI may, without limitation of generality, inform an index of the relative processing performance of the transponder, such as, for example, the number of bits that the transponder can encrypt or decrypt per millisecond, and an indication of the reading and writing performance in the non-volatile memory, such as, for example, and without limitation in generality, the recording (rewrite) time per 16-bit word in the transponder's internal EEPROM or Flash or FeRAM (or other) memory, allowing the interrogator to calculate the time needed for cryptographic operations and memory access on the transponder. Also, the EPTI can also inform the absolute estimate of the necessary processing time, considering the type and load of the request received from the interrogator, and, in general, knowledge of the EPTI enables the interrogator to estimate the necessary waiting time Δt with greater acuity than if you do not have this information.

[000207] Alternatively, without limitation of generality, the expected processing reference times, by command and transponder type and implementation, can be managed in the form of tables maintained in interrogators, mapping transponder model and version numbers. protocol implemented at absolute or relative processing performance values. In this case, it is supposed to include a transponder implementation model number, and a version number of the protocol implemented by the transponder, in the UII memory bank, whose contents will be read by the interrogator, during the inventory phase.

[000208] A variation of the auxiliary custom command, which constitutes another embodiment of the present secure communication system, is the inclusion of an optional parameter, denoted FEOP, to force the end of processing (force end of processing) in the transponder, when this has not yet finished internal processing at the time of receiving the Finalize command. Without limiting the generality, FEOP can be performed through a binary flag (binary flag; boolean flag), which assumes the values "1" or "enabled", to force the end of processing and "0" or "disabled", to allow further processing on the transponder.

[000209] Without limiting the generality, in the two-phase command execution mechanism, the transponder's reaction to a Finalize command, with or without FEOP activated, depends on the needs and boundary conditions of the particular application. Thus, for example, a transponder, which has not finished local processing, can respond to a Finalize command with FEOP disabled, through an error message, warning that processing is not completed, and stop the execution of the command, or return a dedicated response requesting more time for the interrogator to run and continue processing, or ignore the command. Without limiting generality, the specification of the interrogator's handling, regarding the transponder's inability to send a response to the Finalize command, may depend on the particular application, and is not essential to the specification of the present secure communication system. For example, the interrogator can extend the wait time and send a new Finalize command to get the answer, or simply abandon the interaction unilaterally.

[000210] It is observed that the present invention covers all variations of the two-phase execution mechanism that have compatible purposes and advantages, including mechanisms that involve number of auxiliary messages and/or different parameters. A possible compatible variation is that the transponder does not send an auxiliary confirmation, and the interrogator sends the Finalize command directly, after a certain waiting time.

[000211] Another compatible variation is to eliminate the Finalize command and, instead of letting the transponder respond after a defined time interval, let, for example, and without limitation of generality, this be deduced, by the interrogator and by the transponder, by the known amount of data the transponder will have to process internally. Mechanism for Interleaved Command Execution

[000212] Figure 12 schematically illustrates the mechanism of interleaved command execution for the interaction between an interrogator and multiple transponders, and constitutes another embodiment of the present secure communication system, where, among others, the essential purpose is to enable the partial parallelism of the processing interrogator commands in transponders, aiming to reduce the total execution time, compared to a sequential execution of message pairs, composed of an interrogator command and a corresponding response from the addressed transponder.

[000213] The interleaved execution mechanism, used in the present secure communication system, executes commands in two phases, for the benefit of any sequence of command-response pairs between an interrogator and a transponder, which involves prolonged processing in the transponder, in the order from magnitudes of milliseconds to tens of milliseconds or more. In particular, the mechanism applies to custom command sequences, according to the object of the present invention, which involve the use of encryption in the transponder: Mutual_Auth_Read, Secure_Auth_Read and Secure_Auth_Write.

[000214] Without limiting the generality, the generic principle of the merged execution mechanism can be divided into three stages, as illustrated in figure 12:1°. Sending stage of primary commands; 2nd. Interrogator waiting stage, e3°. Primary response collection stage.

[000215] In the first stage, using the two-phase execution scheme, the interrogator sends the next primary command PCi (primary command) due, according to the current communicative session, and receives an immediate auxiliary response ARi (auxiliary reply) from each transponder Ti from a set of M transponders T1 to TM, with which the interrogator is holding communicative sessions.

[000216] In the second stage, the interrogator waits for the completion of transponder T1 processing, and, without limitation of generality, in case the maximum command processing time is of the order of milliseconds for all transponders, given by tproc, then the RSU must wait for at least twait = tproc - (M-1) x (treq + tconf) > 0 milliseconds, after receiving ARi, for PCi processing on transponder T1 to be completed, with treq representing the upper limit for transmitting a single primary PCi command, with tconf representing the upper bound for receiving a single auxiliary ARi response from the transponder, and M specifying the total number of transponders to be processed.

[000217] Note that transmission time is determined by different factors, including data transfer rates for uplink and downlink, maximum allowable tolerances and message datagram sizes.

[000218] If the time required to send all M PCi commands, with 1 < i < M, is greater than the internal processing time of transponder T1, then tw = 0, and the interrogator can continue to the next stage without delay .

[000219] In the third and final stage, the interrogator sends Finalize auxiliary ACi (auxiliary command) commands to request and receive transmissions of the primary responses PRi from transponders Ti, 1 < i < M.

[000220] In case the time to receive the primary responses in the third stage is less than the time to send the primary commands in the first stage, the interrogator may be subject to additional waiting times, as exemplified below.

[000221] Without limiting the generality of its application, the merged execution mechanism follows a simplified model for a parallelized implicit mutual authentication of multiple transponders Ti, 1 < i < M, from the point of view of the interrogator, and constitutes another embodiment of the present secure communication system, where:1. Sending requests and receiving auxiliary acknowledgments of implicit mutual authentication: For every Ti with 1 < i < M, executed in sequence: i. Send it to You: Mutual_Auth_Read (Handlei, EK(...), CRC)ii. Receive from You: Reply (Handlei, ..., CRC)2. Expect availability of the first primary response. Wait for tw milliseconds with :. tw = max (0; tproc — (M—1) X (treq + tconf)) — 0,. treq = GetTransmissionTime(Mutual_Auth_Read(Handlei, EK(...), CRC)),. tconf = GetTransmissionTime(Reply(Handlei, ..., CRC)).3. Request and collect mutual authentication primary responses: For every Ti with 1 < i < M, run in sequence:i. Send to You: Finalize (Handlei, ..., CRC)ii. Receive from You: Reply (Handlei, EK(...), CRC)iii. If (i < M): Wait Δt milliseconds, with: • Δt — max (0; treq + tconf tfin trsp) > 0;. tfin = GetTransmissionTime (Finalize (Handlei, ..., CRC));• trsp— GetTransmissionTime (Reply (Handlei, EK(...), CRC)).

[000222] In the example, GetTransmissionTime constitutes an abstract helper mechanism to determine the transmission time of messages to be sent over the air interface.

[000223] The merged execution mechanism covers the execution of any homogeneous or heterogeneous set of commands to be executed on transponders.

[000224] Note that the interleaved execution mechanism is not limited to a particular sequence of command transmission per stage, but covers the optimization and change of the sequence in consideration of the transmission and processing time of each command and response, with the objective to avoid or reduce interrogator waiting time.

[000225] It should also be noted that the present secure communication system covers any and all variations of the interleaved command execution mechanism that have compatible purposes and advantages, including mechanisms involving auxiliary messages and/or distinct parameters, such as, for example , a compatible variation where, in the first stage, the transponder only sends primary PCi commands, without receiving ARi auxiliary acknowledgments.

Variations and Generalizations of the Secure Method of Communication

[000226] In addition to the variations described, this secure communication system also covers any and all variations and generalizations that do not fundamentally differ from the functionalities and/or purposes of the mechanisms described herein, and, in particular, and without limiting any other variations possible, the present secure communication system covers the following variations: - Modifications of the custom command signatures of the present secure communication system, to support multiple key generations per key type, such as multiple authentication key generation, read access and writing, and, for example, and without limitation of generality, the identification of the key generation to be used can be performed by means of an additional parameter in the affected commands that indicates the generation of the key to be used.- Custom command modifications of the present secure communication system, to support the use of one or multiple master keys, if Since the use of a key grants certain well-defined rights to the interrogator, directly or indirectly through the generation of a temporary secret key, which include, among others, exclusive access, read or write, to special or general areas , from the transponder memory; authorization of the use of special functionality and specific commands of the transponder; activation or deactivation, temporary or permanent, of read and/or write access to the transponder memory areas, including the modification of the internal status of these transponder memory areas, from "read and write allowed" to "read only allowed" , and vice versa, and the total and permanent deactivation of transponders (Kill). - In coordination with interrogators, transponders alter or replace the TN and RN nonces, received in custom commands, before generating the corresponding responses, instead of reusing the TN and RN nonces of the custom commands received without change.- Replacement of nonces, or augmentation with other time-varying values, chosen from a range of values sufficient to guarantee an insignificant probability of repetition of the values used as nonces in messages in practice, as needs of the particular application. - Use of arbitrary cryptographic algorithms for cryptographic operations of customized commands defined by this secure communication system. - Modifications of the nomenclature of commands, responses and parameters in the signatures of commands and responses, without essential modification of the functionality and purposes of the Affected commands, responses, and parameters.- Modifications to the composition of custom command parameters and transponder responses, without essential modification of the functionality and purposes of the commands and responses that are the subject of this secure communication system. Parameters can, for example, and without limitation of generality, be combined by means of reversible logical operations, as with the XOR operation, to reduce the total size in bits of the composite dataset, in order to reduce transmission time, or the number and time of cryptographic operations required.- Modifications of parameter sizes in number of bits of commands and responses, and, in particular, modifications due to the use of block sizes other than 128 bits used in the reference algorithm ( AES-128), or modifications due to the use of cryptographic algorithms other than the AES reference algorithm, and nonces with varying bit sizes. read/write transponders containing standardized size data blocks and/or predefined memory addresses in the read/write data. - The use of arbitrary bit numbers for custom command parameters and corresponding responses. - Cryptographic machines implemented in interrogators and/or transponders that use operating modes other than CTR mode, to ensure the integrity protection of encrypted size data arbitrary.- Descriptions of the constituent parts of the secure communication system, focusing on the specification and description of the main parameters of interrogator commands and transponder responses, without limiting generality and without excluding the possibility of including additional parameters in the command signatures and responses for other purposes that do not interfere or compromise the main purposes of these commands and responses. - Variations in the specification of commands and responses, objects of the present secure communication system, in relation to the different ways of handling exceptions and processing failures and command transmission and responses.- Secure and authenticated versions of the native Lock and Kill commands implemented following the Secure_Authenticated_Write command model, defining a new custom command, with a new characteristic bit sequence, as specified in the ISO 18000-6C protocol, replacing the data parameters to be written by the Secure_Authenticated_Write command, with necessary parameters of the respective operation, obtaining, for example, and without limitation of generality, custom Secure_Auth_Kill and Secure_Auth_Lock commands, and replacing the result code of writing the response to the Secure_Authenticated_Write command with an appropriate result code of the new operation, and where the Access command becomes unnecessary after disabling the other commands and modifying the state machine. - Changed LMAR logical memory area range descriptor settings, including settings that are different from memory defined in the norm to ISO 18000-6C, but whose adoption is permissible by that standard in custom commands. It is possible to change, for example, and without limitation in generality, the size values of LMAR components, or an entirely different addressing scheme can be defined, such as an LBA (Linear Block Addressing) or other type scheme.

Other Variations and Generalizations of the Secure Method of Communication

[000227] In addition to the variations described, this secure communication system also covers, without limitation of any other possible variations, the following variations: - Variations of the customized commands that are representations of the present secure communication system (including, without limitation of generality , the custom commands Mutual_Auth_Read, Secure_Auth_Read, and Secure_Auth_Write), so that some or all of the command parameters are entered in plaintext rather than encrypted form for applications that allow a level of protection of reduced security, in favor of improved processing performance on the transponder. Figure 14 schematically illustrates a variation of the custom Mutual_Auth_Read command and corresponding response, which constitutes an embodiment of the present secure communication system, in which the exchange of auxiliary parameters RN, CRN, SMD, DMD, TN, and CTN is performed without protection by cryptographic envelope; - Variations of the custom commands that are representations of the present secure communication system - including, in particular, without limitation in generality, the custom commands Mutual_Auth_Read, Secure_Auth_Read, and Secure_Auth_Write - as command parameters are changed, or added, with the purpose of effecting behaviors differentiated from the interrogator commands and the corresponding transponder responses. As a non-limiting reference of the generality of this secure communication system, the use of additional parameters is assumed to include static, precalculated and stored authenticity codes in the transponder's memory, or dynamic, generated by the transponder at run time ( meaning also in real time) in the transponder response. Another non-limiting reference is the inclusion of an additional parameter in the custom command for the generation of one or more temporary keys for data encryption with validity restricted to the duration of the communication session between the transponder and an interrogator. Another non-limiting reference is the inclusion of an additional parameter in the custom command for indexing one or more secret keys, or one or more secret master keys for generating one or more session keys.- Variations of custom commands that constitute representations of the present secure communication system, including, without limitation in generality, the custom commands Mutual_Auth_Read, Secure_Auth_Read, and Secure_Auth_Write, such that one or more parameters, explicitly reserved for future use, are inserted into the corresponding command and/or response. As a non-limiting reference for the generality of the present secure communication system, it is assumed the use of an RFFU parameter, of at least one bit in size, with a well-defined default value. Without limitation of generality, the default value will be represented by a bit string of size greater than or equal to 1 bit, with the most significant bit (MSB) being the bit '0', to indicate the non-use of the parameter and the disregard of it by the container. The use of such parameters, of the RFFU type, in commands and responses allows the extension of functionality in the implementation of a secure communication system in interrogators and readers, which guarantee total backward compatibility with previous commands and responses. Additionally, without limitation of generality, the value of the RFFU parameter, which indicates the presence of new functionality, will be discriminated by a sequence of N bits of size greater than or equal to 1 bit, with the most significant bit (MSB) being the bit ' 1', to indicate the use of the parameter in the function of a new command and/or response characteristic to be evaluated by the recipient. If the size of the RFFU parameter is greater than 1 bit, the nature of the new function will be discriminated by the sequence of the least significant N-1 bits of the RFFU parameter, allowing switching between up to 2N-1 new varied functionalities. Furthermore, without limitation of generality, the size of the RFFU parameter, in the case of the MSB being represented by the '1' bit, can have a well-defined size that is larger than the size of the RFFU parameter, in the case of the MSB being equal to the value bit '0', to keep the size of the message containing the RFFU parameter as small as possible, to improve the efficiency of message transmission over the air interface, also reducing the probability of transmission error, which increases with each additional bit size of message. Figure 14 schematically illustrates a variation of the custom Mutual_Auth_Read command, which is an embodiment of the present secure communication system, in which a new RFFU parameter was inserted in the corresponding command and response. constitute other non-limiting representations of the present secure communication system, including, in particular, without limitation in general, the mechanisms illustrated in figures 3 and 4, in the way that some or all of the parameters of the commands and the respective responses are protected by encryption, using secret keys shared between interrogator and transponder.- Variations of custom commands characterized by the use of asymmetric cryptographic algorithms to protect the confidentiality, integrity, authenticity, uniqueness, and timeliness of data and messages. As a non-limiting reference of the generality of the present secure communication system, it is assumed, in transponders that have the technical capacity to perform asymmetric cryptography at runtime, the use of asymmetric algorithm for data encryption and decryption; for exchanging session temporary secret keys; for use in symmetric encryption algorithms; for the protection of data to be transmitted over the air interface; for the generation of authenticity and integrity codes on data, and for the generation of digital signatures on data and messages exchanged, with the objective of proving non-repudiation of data and messages sent/received. In particular, another non-limiting reference to the generality of the present secure communication system is the insertion of a dynamic digital signature code in the secure communication mechanisms Mutual_Auth_Read, Secure_Auth_Read, and Secure_Auth_Write, and in the various variations thereof, calculated by the reader or by the transponder, or calculated by the two, in real time, on the reader command data, transponder response, or on protocol data, replacing, or supplementing, any dynamic DMAC integrity and authenticity protection code used, replacing, or supplementing any static SMAC integrity and authenticity protection code used, and replacing or supplementing any dynamic CRC-type data integrity protection code used. As a non-limiting reference of the generality of the present secure communication system, for the generation of digital signatures or asymmetric codes of authenticity and integrity using a public and private key scheme, it is assumed the use of asymmetric algorithms, of the elliptic curve encryption type (ECC, Elliptic Curves Cryptography) [NIST Federal Information Processing Standards Publication No. 186-3, 2009], which, according to the state of the art, allow efficient implementations on transponders with limited resources, compared to the use of the RSA mechanism, which requires significantly larger secret keys and block sizes, or it is assumed to use asymmetric algorithms with comparable or smaller key size, block size, and computational complexity compared to asymmetric ECC-type algorithms. - Variations of custom commands in which the Open state remains, and is not cleared from the transponder state machine with the Re command q_RN remaining valid (and not disabled), and the Req_Handle custom command being executed after the first execution of the Req_RN command in the inventory phase with the transponder in the Open state.- Variations of the present secure communication system in which the Req_Handle custom command contains, as another non-limiting embodiment of the present secure communication system, one or more additional parameters for changing the internal state of the transponder. As a non-limiting reference for the generality of the present secure communication system, such changes include changing the status values of the S0, S1, S2, and S3 session flags, and the selected SL flag, as defined by the ISO 18000-6C standard, as well as the introduction and use of new internal status parameters in the transponders. As another non-limiting reference to the generality of the present secure communication system, such change includes the insertion of an additional parameter to perform the transponder reset in conditional form - by evaluating a logical condition as a function of the transponder's internal state - or unconditional.- Variations of the present secure communication system in which the transponder response to the custom command Req_Handle contains, as another non-limiting embodiment of the present secure communication system, one or more additional parameters to inform the transponder's internal status to the interrogator. As a non-limiting reference for the generality of the present secure communication system, such information includes the status values of the S0, S1, S2, and S3 session flags, and the selected SL flag, as defined by the ISO 18000-6C standard, and the values of other internal transponder parameters, including additional internal state parameters introduced again.- Variations of embodiments of the transponder state machine, including the non-limiting embodiment of the extended transponder state machine illustrated schematically in figure 15, which is constituted in another embodiment of the present secure communication system, with state transition variations such that the transponder does not respond to reader command requests while processing one of the complex custom commands Mutual_Auth_Read, Secure_Auth_Read, and Secure_Auth_Write, which require extended processing time in the OBU and a high power or energy level in this pr access, and not considering new reader commands during the processing of these complex custom commands, which in certain cases significantly improves the robustness of the secure communication system implementation in passive transponder devices (which do not have their own power source).- Variations of the custom commands in which, as another non-limiting embodiment of the present secure communication system, a message transmission counter is used in the custom commands sent by the interrogator and in the responses returned by the transponder, for the purpose of more efficient identification of retransmissions, and for control of the flow and order of message delivery in variations of the secure communication system that allow multiple commands and/or multiple responses to be sent and temporarily stored for retransmission. As a non-limiting reference of the generality of the present secure communication system, such message transmission identifiers include cyclic numerical counters with binary representation of size of one or more bits. A non-limiting example is a 2-bit-sized counter, with the incrementing function “plus one modulo 22”, resulting in the sequence of values 0, 1, 2, and 3 per counter cycle. Another non-limiting example is a non-numeric message identifier that uses two or more differentiated values, such as a flag with values A and B. - Variations of custom commands in which the encryption mode is switched with the decryption mode in command messages, which constitute another non-limiting embodiment of the present secure communication system, in order to allow implementations of the secure communication system in transponders in a way that it is only necessary to implement the encryption mode in the transponder, to reduce the implementation complexity and energy consumption in the operation of the transponder, as well as improving the temporal processing performance in the transponder that constitutes a device with limited resources compared to the interrogator device. So in other words, the encryption operation (CIPH) can be given by the decryption function (DEC), and the reverse decryption operation (CIPH-1) by the encryption function (ENC), this being permissible in the case of symmetric ciphers , such as AES and DES, in which the encryption and decryption features are interchangeable, to achieve data encryption and decryption. As a non-limiting reference of the generality of the present secure communication system, the use of the AES cryptographic symmetric algorithm is assumed, as well as any other cryptographic symmetric algorithm, such as DES, TDES, Blowfish, or IDEA, without limitation of the generality, in the mode ECB operational, by the reader in the decryption function (DEC), to encrypt (CIPH) the original data (plaintext), where CIPH=DEC, so that the transponder then decrypts (CIPH-1) the obtained ciphertext (ciphertext), by through the application of the AES symmetric cryptographic algorithm, in the ECB operating mode, in the reverse encryption function (ENC), where CIPH-1=ENC, to recover the original text, using the same shared secret symmetric key or generated in a synchronized manner between transponders and interrogator.- Variations of custom commands in which the secret keys of encryption in commands and corresponding responses of the same communicative session between interrogator and transponder are varied, which const Here is another non-limiting embodiment of the present secure communication system. Without limiting generality, such secret key variations include the periodic generation of new session secret keys based on time-varying seeds, such as, for example, not limiting, using the nonces in the messages of each new command-response pair, and the use of multiple secret keys for encrypting different data blocks in the same command or response message.

Variations of Embodiments of Secure Communication System MUTUAL_AUTH_READ Implicit Mutual Authentication Mechanism

[000228] Figure 16 schematically illustrates a non-limiting embodiment of implicit mutual authentication between an interrogator and a transponder, with reading of data identifying the transponder, protected by a cryptographic envelope, using, as a non-limiting example of generality, the nonces RN, TN, CTN, 64 bits in size, and CRN56, 56 bits in size, the ECB operating mode of the AES-128 cryptographic machine, with the secret key AK, 128 bits, in the form that CIPH=ENC and CIPH-1 =DEC, to protect the confidentiality and integrity of the RN and CRN56 protocol parameters in the command and TN and CTN, in the corresponding response, and, using the CTR mode of the AES-128 cryptographic machine, with 128-bit SK secret key to protect the confidentiality and integrity of the 64-bit UTID and 64-bit TDATA vehicular data and the SMAC static code for protection of the integrity and authenticity contained in the response, with the SMAC being pre-calculated on the UTID and TDATA data, and previously stored in memory during transponder customization, with the size and type of the SMAC defined by the SMD2 parameter, with the dynamic error detection code DCRC, type CRC-16, being calculated on the vehicle data and on the SMAC code in execution time by the transponder, and with the DCRC parameter, in the transponder response, being combined with the least significant 16 bits of the TN parameter, by the XOR (or exclusive) operation, and with a dynamic integrity and authenticity protection code DMAC, of size and type defined by the DMD2 parameter, and calculated at run time by the transponder on the encrypted data blocks, in CTR mode, contained in the reply message, and using the CTN, 64 bits, and CRN56, 56 bits parameters , to initialize the CTR mode initial counter, and with the command message containing non-limiting examples of additional parameters, the RFFU2 parameter being a 2-bit parameter reserved for future use and not protected. gone by encryption, SMD2 being a 2-bit descriptor parameter of the SMAC code, DMD2 being a 2-bit descriptor parameter of the DMAC code, GSK1 being a 1-bit descriptor parameter defining the mechanism of obtaining the temporary secret key of the SK session by the transponder - being effected by the bit value '0' in binary notation of the GSK1 parameter, without limitation of generality, the use of a default predefined session secret key, and by the bit value '1' of the GSK1 parameter, the use of a default master key to generate, at runtime, a new session SK temporary secret key, in this process of dynamic generation of the SK key using the RN and TN nonces, or other combination of time-varying parameters such as seed, and being the parameter RFFUP3 a 3-bit parameter reserved for future use, protected by encryption, and being RFFU2 and RFFUP3 non-limiting examples of parameters intended for the future safe introduction of new functionality into the controller, without changing the basic structure of the current command, to maintain backward compatibility and interoperability of implementations of different versions of the secure mechanism in transponders and interrogators.

[000229] Figure 17 schematically illustrates another non-limiting embodiment of implicit mutual authentication between an interrogator and a transponder, with reading of transponder identifier data protected by a cryptographic envelope, which uses, as a non-limiting example of generality, nonces RN, TN , CTN, 64 bits in size, and CRN56, 56 bits in size, the ECB operating mode of the AES-128 cryptographic machine, with 128 bits AK and SK secret keys, in the form CIPH=ENC, with CIPH-1 =DEC in all cases, to protect the confidentiality and integrity of the protocol parameters RN and CRN56, in the command, and CTN, in its two occurrences, and RN and TN, in the corresponding response, and the dynamic code DCRC, from detection of errors, type CRC-16, calculated at run time by the transponder over the 64-bit UTID and 64-bit TDATA vehicle data and over the SMAC code contained in the response, with the DCRC parameter being combined with the 16 least significant bits of the TN parameter, by the XOR (or exclusive) operation, and using the AES-128 cryptographic machine CTR mode as the SK secret key, to protect the confidentiality and integrity of the vehicle data UTID and TDATA, and the static SMAC protection code of integrity and authenticity in the response, with the SMAC being pre-calculated on the UTID and TDATA data and previously stored in memory, during the transponder customization, with the size and type of the SMAC defined by the SMD2 parameter, with the DCRC dynamic code of the error detection, type CRC-16, being calculated on the vehicle data and on the SMAC code at runtime by the transponder, with the DCRC parameter in the transponder response being combined with the least significant 16 bits of the TN parameter by the XOR operation (or unique), and with a dynamic DMAC integrity and authenticity protection code, of type and size defined by the DMD2 parameter, and calculated at run time, by the transponder, on the data blocks encrypted in CTR mode, with secret key SK, and on data blocks encrypted with secret key SK, in ECB mode, contained in the reply message, and using parameters CTN, 64 bits, and CRN56, 56-bit, to initialize the CTR mode initial counter, and with the command message containing, as non-limiting examples of additional parameters, with RFFU2 being a 2-bit parameter reserved for future use and not protected by encryption, SMD2 being a parameter 2-bit descriptor of SMAC code, DMD2 being a 2-bit descriptor parameter of DMAC code, MKS3 being a 3-bit descriptor parameter for selecting the default session key or master key to be used for generating the secret key of SK session, with MKS3 without generality limitation indexing a total of 23 = 8 keys or master keys with indices 0 to 7, these keys being pre-recorded in the transponder's memory during personalization, GSK1 being a 1-bit descriptor parameter that defines inte the mechanism of obtaining the temporary secret key of the SK session by the transponder, being performed by the bit value '0' in binary notation of the GSK1 parameter, without limitation of generality, the use of a standard session secret key indexed by the MKS3 parameter and stored in the transponder, and by the bit value '1' of the GSK1 parameter, the use of that secret master key stored in the transponder and indexed by the MKS3 parameter for the generation at runtime of a temporary secret key of SK session, and, in this process of dynamic generation of the SK key, using the RN and TN nonces or another combination of time-varying parameters such as seed, and the RFFU2 parameter being a non-limiting example for a parameter intended for the future introduction of new features to the command without changing the structure basic of the current command to maintain backward compatibility and interoperability of implementations of different engine versions safe on transponders and interrogators.

[000230] Figure 18 schematically illustrates another non-limiting embodiment of implicit mutual authentication between an interrogator and a transponder, with reading of transponder identifier data protected by a cryptographic envelope, which uses, as a non-limiting example of generality, nonces RN, TN , IRN and ITN, 64 bits in size, the ECB operating mode of the AES-128 cryptographic machine, with the 128 bits AK secret key, in the form CIPH=ENC with CIPH-1=DEC, to protect the confidentiality and integrity of the protocol parameters of RN and IRN protocol parameters in the command and TN and ITN in the corresponding response, a dynamic 64-bit DMAC integrity and authenticity protection code in the command, and, without limitation of generality, the DMAC being calculated in time of execution by the reader on the block of RN and ITN data encrypted in ECB mode in the command using, as a non-limiting example, a secret key and a DMAC format and size determined by the read. or, in real time, as a function of the known transponder's GID group identifier, and the CBC mode, with the 128-bit SK secret key, to protect the confidentiality and integrity of the TN and RN nonces, of the vehicle identification number, and, without limitation in generality, represented by the VIN (vehicle identification number), according to the 128-bit ISO 3779 international standard, and the DCRC dynamic code for error detection, 16-bit CRC-16 type, calculated on the VIN, in time of execution by the transponder, with the DCRC parameter, in the response, being combined with the least significant 16 bits of the TN parameter, by the XOR (or exclusive) operation, and using the set of parameters IRN, 64 bits, and ITN, 64 bits, as the initialization vector (IV) of the CBC mode of the AES-128 cryptographic machine.

[000231] Figure 19 schematically illustrates another non-limiting embodiment of implicit mutual authentication between an interrogator and a transponder, with reading of data identifying the transponder, protected by a cryptographic envelope, which uses, as a non-limiting example of generality, nonces RN, TN, IRN, and ITN, 64 bits in size, the ECB operating mode of the AES-128 cryptographic machine with the 128-bit AK secret key in the decryption function, for data encryption in the form CIPH=DEC, with CIPH- 1=ENC to protect the confidentiality and integrity of the RN and IRN protocol parameters in the command, the form CIPH=DEC allowing the transponder decryption of the data encrypted by the interrogator to be performed in ECB mode in the encryption function, then CIPH-1= ENC, removing the need for the additional implementation of the decryption mode in favor of the unique encryption mode in the transponder, allowing, without limitation of generality, in certain cases of implementation of the cryptographic machine the reduction of the cryptographic algorithm implementation chip area and the energy consumption in the operation of the algorithm in passive transponders, and using the ECB operating mode of the AES-128 cryptographic machine with the 128-bit AK secret key in the function of encryption, for data encryption in the form CIPH=ENC with CIPH-1=DEC, to protect the confidentiality and integrity of the parameters and TN and ITN in the response, using the CBC encryption mode of the symmetric cryptographic algorithm with the secret key SK of 128 bits, to protect the confidentiality and integrity of the RN and TN nonces, the vehicle identification number being, without limitation in generality, represented by the VIN (vehicle identification number), according to the 128-bit ISO 3779 international standard, and the static code 64-bit SMAC integrity and authenticity protection pre-calculated over the VIN during transponder customization, with the SMAC parameter in the transponder response being combined with the TN parameter, by the XOR (or exclusive) operation, and using the set of 64-bit IRN and 64-bit ITN parameters as initialization vector (IV) for mode initialization CBC in the current communication session between interrogator and transponder, and using, as a non-limiting example, a 1-bit binary TC transmission counter in the command and response messages for indicating new transmissions and retransmissions of command and response, respectively, and the command and response messages containing non-limiting examples of additional parameters, with a 1-bit RFFU parameter of size reserved for future use, not protected by encryption, and the RFFU parameter being intended for the future introduction of new features into the mechanism without changing the basic command and corresponding response structure, to maintain backward compatibility and interoperability of dif-version implementations components of the secure mechanism in transponders and interrogators.

Variations of Secure Read Mechanism Embodiments SECURE_AUTH_READ with Secure Communication System Request Authentication

[000232] Figure 20 schematically illustrates a non-limiting embodiment of secure reading with request authentication between an interrogator and a transponder, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, a descriptor of range of logical memory area to be read LMAR, 64 bits, the LMAR parameter in the interrogator command being combined with the RN parameter, by the XOR (or exclusive) operation, the ECB operating mode of cryptographic machine AES-128 with 128-bit SK session secret key in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the 64-bit LMAR memory descriptor and nonces in the command, and to protect the confidentiality and integrity of nonces and the 64-bit integrity and authenticity protection DMAC dynamic code in the response, the DMAC being calculated at runtime by the transponder on the n > 1 data blocks DW1 to DWn at 128 bits each, with the block DWn containing a well-defined padding, if the amount of data read and contained in the last block is less than the block size, and the DMAC parameter in the transponder response, being combined with the TN parameter, by the XOR operation (or exclusive), and using the CTR mode of the AES-128 cryptographic machine, to protect the confidentiality and integrity of data DW1 to DWn read from the transponder memory in case of successful authentication of the request.

[000233] Figure 21 schematically illustrates another non-limiting embodiment of secure reading with request authentication between an interrogator and a transponder, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, a descriptor of range of logical memory area to be read LMAR, 64 bits, the LMAR parameter in the interrogator command being combined with the RN parameter, by the XOR (or exclusive) operation, using the ECB operating mode of the AES-128 cryptographic machine with key 128-bit SK secret in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the 64-bit nonces and LMAR memory descriptor in the interrogator command, and using the CTR mode of the cryptographic machine AES-128 with 128-bit SK secret key, to protect the confidentiality of RN and TN nonces, DW1 to DWn data read from the transponder memory, and 16-bit CRC-16 type CRC-16 dynamic integrity code in the response, the RCRC being calculated, at run time, by the transponder on the n > 1 data blocks DW1 to DWn at 128 bits each, with the DWn block containing a well-defined padding, if the amount of data read and contained in the last block is smaller than the block size, the RCRC parameter in the transponder response being combined with the least significant 16 bits of the TN parameter, by the XOR (or exclusive) operation, and using as a non-limiting example a 1-bit binary TC transmission counter in the command and response messages to indicate new transmissions and retransmissions.

[000234] Figure 22 schematically illustrates another non-limiting embodiment of secure reading with request authentication between an interrogator and a transponder, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, a descriptor of range of logical memory area to be read LMAR, 64 bits, the LMAR parameter in the interrogator command being combined with the RN parameter, by the XOR (or exclusive) operation, the CBC operating mode of the AES-128 cryptographic machine with secret key 128-bit SK in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the nonces and 64-bit LMAR memory descriptor in the interrogator command, and protect the confidentiality and integrity of the nonces, data DW1 to DWn are read, and from the 16-bit CRC-16 type CRC-16 dynamic integrity code RCRC in the response, the RCRC being calculated, at run time, by the transponder on the n > 1 data blocks DW1 to DWn at 128 bits each , with the DWn block containing a well-defined padding, if the amount of data read and contained in the last block is less than the block size, the RCRC parameter in the transponder response being combined with the least significant 16 bits of the TN parameter, by the XOR operation (or exclusive), using in the command and response messages, as a non-limiting example of additional parameters, the 1-bit RFFU parameter reserved for future use and not protected by encryption, and using a dynamic DMAC integrity and authenticity protection code of predefined size and type or defined by an auxiliary parameter included in the LMAR parameter, and the DMAC being calculated at runtime by the transponder on the CBC mode encrypted data blocks contained in the transponder's response.

[000235] Figure 23 schematically illustrates another non-limiting embodiment of secure reading with request authentication between an interrogator and a transponder, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, a descriptor of range of logical memory area to be read LMAR, 64 bits, LMAR parameter in interrogator command being concatenated with parameters TN and RN, ECB operating mode of cryptographic machine AES-192 with SK secret key 192 bits in form CIPH=DEC, with CIPH-1=ENC, to protect the confidentiality and integrity of the nonces and the LMAR memory descriptor in the interrogator command, and using the CBC mode of the AES-192 cryptographic machine with 192-bit SK secret key in the form CIPH=ENC, with CIPH-1=DEC, to protect in the response the confidentiality and integrity of nonces, data DW1 to DWn read from the transponder memory, and the dynamic code DMAC to protect the integrity and authenticity of 64 bits, the DMAC being calculated, at run time, by the transponder on the n > 1 data blocks DW1 to DWn at 192 bits each, with the DWn block containing a well-defined padding if the amount of data read and contained in the last block is smaller than the block size, the DMAC parameter in the transponder response being concatenated with the RN and TN parameters, and the DMAC type being predefined or defined by an auxiliary parameter included in the LMAR parameter.

[000236] Figure 24 schematically illustrates another non-limiting embodiment of secure read with request authentication between an interrogator and a transponder, optimized for secure and authenticated reading of a single transponder memory block containing up to 64 bits of data, using, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, an interval descriptor of the logical memory area to be read LMAR, 64 bits for addressing up to 64 bits of data to be read from the memory of the transponder, the LMAR parameter in the interrogator command being concatenated with the TN and RN parameters, using the ECB operating mode of the AES-192 cryptographic machine with 192-bit SK secret key in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the TN and RN nonces and the LMAR memory descriptor in the interrogator command, and protect the confidentiality and integrity of the RN and TN nonces and the single block of read data DW64 64 bits in the reply message, the DW64 block containing a well-defined padding if the amount of data to be read is less than 64 bits.

Variations of Secure Write Mechanism Embodiments SECURE_AUTH_WRITE with Secure Communication System Request Authentication

[000237] Figure 25 schematically illustrates a non-limiting embodiment of secure writing with explicit request authentication between an interrogator and a transponder, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, a descriptor of interval of the logical memory area to be written LMAR48, 48 bits, LMAR48 being concatenated with a WCRC dynamic code of integrity type CRC-16, 16 bits, the WCRC being calculated, at run time, by the interrogator on the n > 1 DW1 to DWn data blocks at 128 bits each, with the DWn block containing a well-defined padding if the amount of data to be written in this last block is smaller than the block size, and with this padding being removed by the transponder before writing the data DW1 to DWn in the internal memory at the addresses specified by parameter LMAR48 in the case of successful authentication of the command by analyzing the validity and correctness of the TN, RN, WCRC and which values either additional integrity code contained in parameter LMAR48 by the transponder, the set of parameters LMAR48 and WCRC concatenated in the interrogator command being combined with parameter RN, by the XOR (or exclusive) operation, and using the CBC mode of the AES-128 cryptographic machine with the 128-bit WK writing secret key, to protect the confidentiality and integrity of the RN and TN nonces, the LMAR48 and WCRC parameters, and the n > 1 data blocks DW1 to DWn and to be written in the transponder memory in the command , and using the CBC encryption mode of the AES-128 cryptographic machine with the 128-bit WK writing secret key to protect the confidentiality and integrity of the RN and TN nonces and the WCRC* parameter in the transponder reply message, being WCRC* a 16-bit CRC-16 type dynamic integrity code calculated by the transponder at runtime over the memory area that was actually written, the WCRC* parameter being in the transponder response combined with the least significant 16 bits of the TN parameter, by the XOR (or exclusive) operation, and using as a non-limiting example a 1-bit binary TC transmission counter in the command and response messages to indicate new transmissions and command retransmissions and answer.

[000238] Figure 26 schematically illustrates another non-limiting embodiment of secure writing with explicit authentication of request between an interrogator and a transponder, which uses, as a non-limiting example of generality, an optional dynamic code to protect the integrity and authenticity DMAC, of 64 bits, a DMD parameter being, without limitation of generality, a 4-bit descriptor indicating the presence and type and size of DMAC, being used without limitation of generality the value '0000' of the DMD in binary notation, to indicate the absence of the DMAC, corresponding to a zero bit size of DMAC, and the other DMD values being used to describe the size and type of DMAC algorithm and the secret key index used by the interrogator in the DMAC generation, at run time, on data blocks encrypted in CTR mode with secret key WK and on data blocks encrypted with secret key WK in ECB mode contained in the command message, using n onces RN and TN, 64 bits in size, an interval descriptor of the logical memory area to be written LMAR, 64 bits, optionally containing internally an additional dynamic integrity code being calculated at runtime by the interrogator over the n > 1 DW1 to DWn data blocks at 128 bits each, with the DWn block containing a well-defined padding, if the amount of data in the last block to be written is less than the block size, and with this padding being removed by the transponder before writing the data DW1 to DWn in the internal memory at the addresses specified by the LMAR parameter, in the case of successful authentication of the command, through the transponder analysis of the validity and correction of the DMAC, TN, and RN values, and any codes of additional integrity contained in the LMAR parameter, the LMAR parameter in the interrogator command being combined with the RN parameter, by the XOR (or exclusive) operation, and using the ECB mode of the AES-1 cryptographic machine 28 with the 128-bit WK writing secret key in the decryption function for data encryption in the form CIPH=DEC, with CIPH-1=ENC, to protect the confidentiality and integrity of the TN, RN, and LMAR data in the command, and using the CTR mode of the AES-128 cryptographic machine with the 128-bit WK writing secret key, to protect the confidentiality and integrity of n > 1 data blocks DW1 to DWn contained in the command and intended to be written in the transponder's memory after successful authentication of the request, and using the ECB mode of encryption of the AES-128 cryptographic machine with the 128-bit WK writing secret key, in the encryption function, for data encryption in the form CIPH=ENC with CIPH-1 =DEC, to protect the confidentiality and integrity of the RN and TN nonces and the WCRC parameter in the transponder response message, WCRC being a 16-bit dynamic integrity code type CRC-16, calculated by the transponder, at run time, about the memory area that was actually written, and being the WCRC parameter in the transponder response combined with the least significant 16 bits of the TN parameter by the XOR (or exclusive) operation.

[000239] Figure 27 schematically illustrates another non-limiting embodiment of secure writing with explicit request authentication between an interrogator and a transponder, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, a descriptor interval of the logical memory area to be written LMAR, 64 bits, internally containing a dynamic integrity code of type CRC-16, 16 bits, additional being calculated, at run time, by the interrogator on the n > 1 blocks DW1 to DWn data at 192 bits each, with the DWn block containing a well-defined padding if the amount of data in this last block to be written is less than the block size, and with this padding being removed by the transponder before writing the data DW1 to DWn in the internal memory at the addresses specified by the LMAR parameter, in the case of successful authentication of the command through the transponder analysis of the validity and correction of the TN, and RN values, and of any additional integrity codes contained in the LMAR parameter, the LMAR parameter in the interrogator command being concatenated with the TN and RN parameters, and using the ECB mode of the AES-192 cryptographic machine with the 192-bit WK writing secret key in the function encryption for data encryption in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the TN, RN, and LMAR data on command, and using the CTR mode of the AES-192 cryptographic machine with the 192-bit WK write secret key, to protect the confidentiality and integrity of n > 1 data blocks DW1 to DWn contained in the command and intended to be written into the transponder memory after successful authentication of the request, and using the ECB mode of Encryption of the AES-192 cryptographic machine with the 192-bit WK writing secret key in the encryption function for data encryption in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of nonc es RN and TN and the LMAR* parameter in the transponder response message, with 64-bit LMAR* being the range descriptor of the logical memory area that was actually written, internally containing the 16-bit CRC-16 type dynamic integrity code additional, recalculated, at runtime, by the transponder on the contents of that data area in the transponder memory that was actually written, and the LMAR* parameter in the transponder response being concatenated with the RN and TN parameters.

[000240] Figure 28 schematically illustrates another non-limiting embodiment of secure writing with explicit request authentication between an interrogator and a transponder, optimized for secure and authenticated writing of a data block in the transponder's memory, which uses, as an example, no limiting the generality, nonces RN and TN, 64 bits in size, a DW16 data block, 16 bits in size, an interval descriptor of the logical memory area to be written LMAR48, 48 bits, LMAR48 being concatenated with the DW16 block to be written, if command authentication is successful, through transponder analysis of the validity and correction of the TN value and any additional integrity codes contained in parameter LMAR48, with the set of parameters LMAR48 and DW16 in the interrogator command , being combined with the RN parameter, by the XOR (or exclusive) operation, and using the ECB mode of the AES-128 cryptographic machine with the 128-bit WK writing secret key in the encryption function, for data encryption in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the TN, RN, LMAR48, and DW16 data at the command, and using the machine encryption ECB mode cryptographic AES-128 with 128-bit WK writing secret key in the encryption function, for data encryption in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the RN and TN nonces and the parameter DW16* in the transponder reply message, with DW16* being the data block read again by the transponder from the logical memory area that was actually written, and parameter DW16* being in the transponder reply combined with the least significant 16 bits of the parameter TN by XOR (or exclusive) operation.

Variation of the combined realization of the authenticated secure writing and authenticated secure reading mechanisms of the secure communication system

[000241] Figure 29 schematically illustrates a non-limiting embodiment of the combination, in a single command, of the functionality of the authenticated secure writing and authenticated secure read mechanisms, optimized for secure and authenticated reading of a single RDW128 data block and the secure and authenticated writing of a single WDW32 data block in the transponder memory, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, an interval descriptor of the logical memory area to be read RLMAR48 , 48-bit, a 48-bit WLMAR48 logical memory area interval descriptor to be written, and a 32-bit WDW32 block of data to be written to the memory area specified by the WLMAR48 parameter, and using the ECB mode from the AES-256 cryptographic machine with the secret key K1 of 256 bits in the encryption function, for the data encryption in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the data T N, RN, RLMAR48, WLMAR48, and WDW32 in the command, and using the ECB mode of encryption of the AES-256 cryptographic machine with the 256-bit writing secret key K2 in the encryption function, for data encryption in the form CIPH= ENC, with CIPH-1=DEC, to protect in the transponder response message the confidentiality and integrity of the RN and TN nonces, the WCRC parameter, 32 bits, and the data block RDW128, 128 bits, read from the memory specified by parameter RLMAR48, WCRC being a 32 bit dynamic integrity code type CRC-32, calculated by the transponder, at run time, over the memory area that was actually written, and the WCRC parameter being in the response of transponder combined with the most significant 32 bits of the TN parameter, by the XOR (or exclusive) operation.

Types of Transponders

[000242] It is observed that, unlike the ISO 18000-6C protocol, the present secure communication system covers implementations in all types of transponders, including passive, semi-active or semi-passive, and active transponders.

[000243] In the context of the present secure communication system, the types of transponders are characterized in the following way:- passive transponder refers to a transponder that receives both information and energy for the operation of the RF signal of the interrogator;- transponder semi-active (or semi-passive) refers to a transponder that uses its own power source to operate the internal integrated circuit and only takes power from the interrogator's RF signal to return information to the interrogator by modulating an RF signal. on top of the interrogator's carrier; - active transponder refers to a transponder that uses its own energy source both for the operation of the internal integrated circuit and for transmitting information to the interrogator, through the modulation of an RF signal generated by the transponder itself.

[000244] The present secure communication system also covers all types of interrogators and transponders that implement the ISO 18000-6C protocol completely or in part, including future evolutions, with full reverse compatibility, as well as derivatives of the ISO 18000-6C protocol, with strict backward compatibility.

applications

[000245] The present secure communication system covers all application domains of the ISO 18000-6C protocol, also covering any and all radio frequency identification applications that benefit in any way from the mechanisms described in the present invention, including, but without limit to the case, electronic registration, identification, location, and tracking of people and tangible assets of any nature, such as vehicles, truck fleets and other means of transport, as well as cargo, animals, products manufactured goods, raw materials, valuables, medicines, documents, packaging, boxes, pallets, and containers, in addition to the protection of assets and documents against forgery, imitation, theft and theft, replacing or complementing, without limitation in generality, vehicle information stored in the transponders with electronic product codes (EPC) or with other identifying data, according to the needs of processes and applications.

[000246] As a non-limiting reference of the generality of the present secure communication system, the present secure communication system explicitly covers all application domains connected to the Brasil-ID system (www.brasil-id.org.br) for identification, tracking, and radio frequency merchandise authentication (RFID), including all applications that require or benefit from one or more secure mechanisms of the present secure communication system, for the secure and efficient identification and authentication of products, documents, people, and vehicles, including also the secure recording of data on transponders, with emphasis on situations in which the time available to perform RFID identification and authentication is limited, because of the mobility of the objects or people to be tracked, or because of the mobility of the equipment of reading (interrogator).

[000247] As a non-limiting reference of the generality of this secure communication system, such applications linked to the Brasil-ID system and covered by this secure communication system include the identification, authentication, and recording of low-volume product transponders at high speeds , or large volumes of products at low speed, in the way that the time available to complete a secure interaction between reader and transponder is limited and critical considering the high complexity of processing to be performed on the transponders, due to cryptographic mechanisms.

[000248] As a non-limiting reference of the generality of the present secure communication system, the present secure communication system also covers all applications that generally require an authentication mechanism with a high cryptographic protection level, to guarantee the authenticity of goods, components, products, documents, people, means of transport, and physical (not limited to generality, represented by GPS-type global coordinates, street names and numbers, or other means) and logical places (not limited to generality, exemplified logical locations, such as, for example, "shipping zone", "receiving zone", and others according to the process and application of tracking and identification and particular authentication).

[000249] Although the present invention has been described based on exemplary embodiments, modifications may be introduced in its basic inventive concept, which will be defined through the set of claims that follow.

Claims (74)

1. SECURE COMMUNICATION SYSTEM BASED ON IDENTIFICATION AND INFORMATION EXCHANGE BY RADIO FREQUENCY, used in the communication between an interrogator and one or multiple transponders, in order to provide greater security and efficiency in communication in systems based on the standardized protocol ISO 180006C, characterized by fact of: employing custom commands that use a symmetric encryption algorithm to encrypt information before transmission via the communication interface; employing custom commands that allow the cryptographic content to be changed in each communication; employing custom commands that authenticate the transponder with reading data from it through a single command; employ custom commands that authenticate the interrogator by writing data to the transponder; employ custom commands that allow the transponder to return a status code to the interrogator in response to processes with persistent memory state change demand transponder interface; employ custom commands that allow the execution of computationally expensive processes on transponders in two phases; employ custom commands that allow the establishment of sessions to initialize the interrogator and transponder cryptographic machines; employ custom commands that allow execution by parallelism over time of operations between an interrogator and multiple transponders; transponders consist of a passive, semi-passive/semi-active, or active device; transponders have a state machine that defines the behavior in relation to commands received from interrogators, defines the internal state and defines the processing performed; transponders have the implementation of a symmetric key cryptographic algorithm, also called cryptographic machine; transponders have cryptographic machine with pseudo-random number generator function (pseudo-random number gen erator, PRNG); transponders have a cryptographic machine with a function to generate and verify cryptographic authentication and integrity cryptographic codes on binary data; transponders have a mechanism for generating and verifying error-detecting codes on binary data; transponders have a mechanism to enable or disable the dynamic generation of cryptographic authentication and integrity codes; transponders have a mechanism to enable or disable the inclusion of a static cryptographic authentication and integrity code pre-recorded in the transponder's memory, in the transponder authentication response; transponders have a mechanism to enable or disable the dynamic generation of cryptographic keys for single use per communicative session; transponders have, for each transponder, a unique and unique ID denoted UTID (unique transponder identifier); transponders have, for each group of transponders, an ID of group denoted GID; transponders have a mechanism for disabling native commands and partial disabling of the original state machine of the ISO 18000-6C protocol; transponders have a mechanism to transmit in the UII response the preparatory data for the subsequent authentication phase and identification and establishment of a secure session context; the transponders have a mechanism to further transmit in the UII response a random value generated during runtime; and the transponders have a parallelism mechanism for executing in two phases a single authentication command. 2. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that the transponder has an extension of the state machine to take into account the customized commands in the present invention. 3. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that its operability can be divided into a first phase without the use of Singularization encryption of the transponders by the interrogator according to the already existing mechanism specified in the ISO 18000-6C protocol, with establishment of permanent control references through a new custom Req_Handle command; a second phase of Mutual Authentication between interrogator and transponder, with implicit identification and reading of transponder data through a new custom Mutual_Auth_Read command, and a third phase of Authenticated Read and Write Access to the transponder memory, through new commands custom Secure_Auth_Read and Secure_Auth_Write. 4. SECURE COMMUNICATION SYSTEM, according to claim 3, characterized in that, unlike the ISO 18000-6C standard, the TID, UII, and USER memory areas of the transponders cannot be accessed without encryption, and can be accessed exclusively through the main custom commands, protected by encryption mechanisms, Mutual_Auth_Read, Secure_Auth_Read and Secure_Auth_Write, or through similar custom command, protected by data security mechanisms, encryption, authentication and authorization mechanisms. 5. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that the deactivation of native transponder commands eliminates or permanently deactivates the ISO 18000-6C protocol commands: Read, Write, Kill, Lock, Access, BlockWrite, and BlockErase. 6. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that it covers a group identifier, called GID, permanently stored in the physical memory of the transponders, with the following semantics: any two transponders that belong to the same group, use as GID the same binary code and the same cryptographic key(s) to establish the secure context of a temporary communicative session, with the end of the transponder authentication by the interrogator, the reciprocal authorization of the interrogator by the transponder for access control, and protection of the communication between them through cryptographic mechanisms and, conversely, if two transponders have different group identifiers, they belong to different groups and use different cryptographic keys to establish the secure context of the temporary communicative session. 7. SECURE COMMUNICATION SYSTEM, according to claim 6, characterized by the fact that, in order to prevent the identification of unambiguous transponders through the GID, and thus protect the confidentiality of the identity of the individual transponders, the number of transponders belonging to the same group must be significantly larger than number one. 8. SECURE COMMUNICATION SYSTEM, according to claim 7, characterized by the fact that, as a non-limiting reference of generality, it can be assumed that the GID is represented by a 24-bit binary number. 9. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that after the interrogator obtains a permanent Handle of a transponder, soon after singularization, the transponder changes its internal state to a new state outside the set of original states of the ISO 18000-6C standard, causing the transponder to become insensitive to subsequent conflicting commands from the original protocol inventory, allowing for the parallel interaction, described in the invention, of an interrogator with multiple transponders. 10. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that, as a non-limiting reference of generality, Next_Nonce is a bijector function N<m ^ N<m that, unambiguously, generates a new derived value n ' of a known value n: n' = Next_Nonce(n), with N<m being the multitude of natural numbers less than a maximum number m and including the number zero, and thus, without limitation of generality, it is assumed that the interrogators and transponders implement the same Next_Nonce function to generate derivatives of TN and RN nonces as needed, as follows: TN = Next_Nonce (TN) and RN = Next_Nonce (RN). 11. SECURE COMMUNICATION SYSTEM, according to claim 10, characterized in that, without limitation of generality, an example for the Next_Nonce function is "increment by 1 (module m)": n' = Next_Nonce (n) = n+1 (module m), with m = 264 in the case of 64-bit size nonces. 12. SECURE COMMUNICATION SYSTEM according to claim 1, characterized in that it provides a mechanism for implicit mutual authentication with identification of the transponder by the interrogator, with proof of the authenticity of the transponder to the interrogator with encapsulation of data read from the transponder by a cryptographic envelope. In the proposed implicit mutual authentication, the interrogator is authenticated indirectly and implicitly, where the transponder does not receive an immediate response from the interrogator to the challenge provided via the Mutual_Auth_Read command. 13. SECURE COMMUNICATION SYSTEM, according to claim 12, characterized by the fact that the custom Mutual_Auth_Read command requires response with two essential components, where the first component is represented by an ECB-mode encrypted data packet containing the transponder challenge to the interrogator and, containing data for initialization of the cryptographic machine in CTR operating mode, and where the second component is composed of a sequence of blocks encrypted in CTR mode. 14. SECURE COMMUNICATION SYSTEM, according to claim 12, characterized in that the Mutual_Auth_Read command has the SMD (Static Message authentication code Descriptor) parameter that indicates the optional inclusion in the transponder response of a static integrity protection code and SMAC (Static Message Authentication Code) authenticity, pre-computed over the concatenated UTID and TDATA data and permanently recorded in the transponder's non-volatile memory; have the DMD (Dynamic Message authentication code Descriptor) parameter, which represents an indicator for the optional inclusion of a dynamic integrity and authenticity protection DMAC (Dynamic Message Authentication Code) code in the transponder response. 15. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that it provides a mechanism for the safe reading of data from the transponder memory; provide verification of the authenticity and authorization of the interrogator read request through a challenge-response mechanism in the transponder, in addition to protecting the integrity, uniqueness, timeliness, and confidentiality of data transmitted via the air interface by the use of dynamic encryption, by use error-detection codes of the CRC type, and the use of cryptographic integrity and authenticity codes of the MAC (message authentication code) type; provide a descriptor of the memory area to be read and returned by the transponder in the Secure_Auth_Read command, which calculates, with the AES cryptographic machine in CTR mode, the ciphertext that has the LMAR parameter being a descriptor of the range of the logical memory area to be read, which has the LCRC parameter being an error detector code of the CRC type computed over the LMAR parameter, and which has the DMD parameter being an indicator for the optional inclusion of a dynamic DMAC integrity and authenticity protection code in the response to be computed by the transponder. 16. SECURE COMMUNICATION SYSTEM, according to claim 15, characterized in that the descriptor of the range of the LMAR logical memory area can be defined by concatenating the following fields of the ISO 18000-6C protocol: MemBank, WordPtr, and WordCount , meeting the requirements of the ISO 18000-6C protocol regarding correct memory addressing. 17. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that it provides a mechanism for secure writing with authentication of the request that writes data to the transponder memory; provide verification of the authenticity and authorization of the interrogator's writing request through a challenge-response mechanism on the transponder, and protection of the integrity, uniqueness, timeliness, and confidentiality of data transmitted via the air interface by using dynamic encryption , by the use of error-detecting codes of the CRC type, and by the use of cryptographic codes of integrity and authenticity of the MAC (message authentication code) type; provide a descriptor of the memory area to be written, the data to be written, and the execution code of the write operation to be returned by the transponder in the Secure_Auth_Write command that calculates, with the AES cryptographic machine in CTR mode, the ciphertext that has the LMAR parameter being a descriptor of the range of the logical memory area to be written, which has the LCRC parameter being a CRC-type error detector code computed over the LMAR parameter, which has the WDATA parameter representing the data to be written, which has the WCRC parameter being a CRC-type error detector code computed on the WDATA data, and which has the DMD parameter being the indicator for the optional inclusion of a dynamic integrity and authenticity protection code. 18. SECURE COMMUNICATION SYSTEM, according to claim 17, characterized in that the LMAR logical memory area interval descriptor can be defined by concatenating the following fields of the ISO 18000-6C protocol: MemBank, WordPtr, and WordCount , meeting the requirements of the ISO 18000-6C protocol regarding correct memory addressing. 19. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that it provides for extended state machine of the transponders, where, from the original states of the ISO 18000-6C protocol, the states: Open, Secured, and Killed, and all transitions associated with these states were also eliminated. As a non-limiting generality reference, new states and transitions were introduced in the transponder state machine for new interrogator commands and corresponding transponder responses: WAITING, MAR-PROC, MAR-READY, AUTHENTICIATED, SAR-PROC, SAR-READY, SAW-PROC, and SAW-READY, and these new states are assumed by each transponder in the following situations and under the following conditions: WAITING (“waiting” ), with the transponder immediately changing to that state if and only if one of the following conditions is met: (a) the transponder is currently in the ACKNOWLEDGED state, and has completed the sending response as to receipt of a Req_Handle command from an error-free transmission from the RSU; (b) the transponder is currently in WAITING and has completed sending a response regarding receipt of a repeat of the previous Req_Handle command from RSU; (c) the transponder is currently in WAITING and has completed sending a response to error-free receipt of a new Req_Handle command request with valid permanent RSU Handle; (d) the transponder is currently in the MAR-PROC state and has completed receiving error free and executing the Finalize command from the interrogator with the FEOP flag set; MAR-PROC (“mutual-authentication processing”), with the transponder immediately switching to this state if one of the following conditions is met: (a) the transponder is currently in the WAITING state, and has completed sending helper response regarding error-free receipt of a Mutual_Auth_Read command from the interrogator; (b) the transponder is currently in the MAR-PROC state and has completed sending an auxiliary response to error-free receipt of a direct retransmission of the interrogator's Mutual_Auth_Read command that was already received by the transponder in a previous transmission; MAR-READY, ("mutual-authentication ready" - mutual-authentication ready), the transponder immediately switches to this state if one of the following conditions is met: (a) the transponder is currently in the MAR-PROC state, completed the internal processing of the Mutual_Auth_Read command, including the necessary internal data decryption and encryption operations, has successfully prepared the secure envelope with encrypted transponder identifier data, and is ready to return the implicit mutual authentication return message to the interrogator; (b) the transponder is currently in MAR-READY state and has completed sending an auxiliary response to an error-free direct retransmission of the interrogator's last Mutual_Auth_Read command that has already been processed by the transponder; AUTHENTICATED, with a transponder immediately changing to that state if one of the following conditions is satisfied: (a) the transponder is currently in the MAR-READY state, received error-free the Terminate command from the interrogator and fulfilled it sending the return for the Mutual_Auth_Read command to the interrogator; (b) the transponder is currently in the AUTHENTICATED state and has completed responding to an error-free direct retransmission of the previously processed Finalize command from the interrogator; (c) the transponder is currently in the SAR-PROC state and has completed receiving error free and executing the Finalize command from the interrogator with the FEOP flag set; (d) the transponder is currently in the SAR-READY state, has received the error-free Finalize command from the interrogator, and has completed sending the response to the Secure_Auth_Read command to the interrogator; (e) the transponder is currently in the SAW-PROC state and has completed receiving error free and executing the Finalize command from the interrogator with the FEOP flag set; (f) the transponder is currently in the SAW-READY state, has received error-free Finalize command from the interrogator, and has completed sending a response to the Secure_Auth_Write command to the interrogator; SAR-PROC (secure-authenticated-read processing) where the transponder immediately switches to this state if one of the following conditions is met: (a) the transponder is currently in the AUTHENTICATED state and has completed sending an auxiliary response to error-free receipt of the Secure_Auth_Read command from the interrogator; (b) the transponder is currently in the SAR-PROC state and has completed sending an auxiliary response to error-free receipt of a direct retransmission of the Secure_Auth_Read command from the interrogator that was already received by the transponder in a previous transmission; SAR-READY (secure-authenticated-read ready), the transponder immediately switches to this state if one of the following conditions is satisfied: (a) the transponder is currently in the SAR-PROC state and completed the internal processing of the last Secure_Auth_Read command received, including the necessary internal data decryption and encryption operations, successfully authenticated and authorized the interrogator in the process, and is ready to send back message to the processed Secure_Auth_Read command to the interrogator; (b) the transponder is currently in the SAR-READY state and has completed sending an auxiliary response as to error-free receipt of a direct retransmission of the interrogator's last Secure_Auth_Read command that has already been processed by the transponder; SAW-PROC (secure-authenticated-write processing), whereby the transponder immediately switches to this state if one of the following conditions is satisfied: (a) the transponder is currently in the AUTHENTICATED state and has completed sending an auxiliary response to error-free receipt of the Secure_Auth_Write command from the interrogator; (b) the transponder is currently in the SAW-PROC state and has completed sending an auxiliary response to error-free receipt of a direct retransmission of the Secure_Auth_Write command from the interrogator that was already received by the transponder in a previous transmission; SAW-READY ("write-authenticated-secure ready" - secure-authenticated-write ready), with the transponder immediately changing to this state if one of the following conditions is satisfied: (a) the transponder is currently in the SAW-PROC state and completed the internal processing of the last Secure_Auth_Write command received, including the necessary internal data decryption and encryption operations, successfully authenticated and authorized the interrogator in the process, and is ready to send the message back to the processed Secure_Auth_Write command to the interrogator; (b) the transponder is currently in the SAW-READY state and has completed sending an auxiliary response as to error-free receipt of a direct retransmission of the interrogator's last Secure_Auth_Write command that has already been processed by the transponder. 20. SECURE COMMUNICATION SYSTEM, according to claim 19, characterized in that, without limitation of generality, the transponder can implement additional transitions, such as for the initial READY state, according to the desired behavior in exceptional situations, including: ( a) the transponder receives a Select command; (b) the transponder receives a Query, QueryRep, or QueryAdjust command; (c) the transponder receives an unexpected custom command and, outside the standard command stream, skips necessary states and/or transitions; (d) the transponder performed a reset or re-energization (power-up) due to power loss or other transient failure that resulted in a loss of internal transponder status information. 21. SECURE COMMUNICATION SYSTEM according to claim 20, characterized by the fact that, without limitation of generality, conceivable alternative realizations can, for example, unite the two states SAR-PROC and SAR-READY in one state only, if the two-phase execution mechanism of custom commands is not implemented, or its execution unnecessary; for example, because of an implementation of the secure communication system in a transponder with advanced hardware, which allows a transponder response without significant delay and within defined protocol and application limits, the same observation being valid for the two pairs of states SAW-PROC and SAW-READY, and MAR-PROC and MAR-READY. 22. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that it provides a mechanism for executing commands in two phases through auxiliary messages, which will be applied to pairs of messages composed of an interrogator command and a response corresponding to the addressed transponder, whose first essential purpose is to enable transponders to send a first auxiliary confirmatory response to primary commands that need cryptographic processing with an internal processing time in the transponder in the order of magnitude of milliseconds to tens of milliseconds or more, where it is quality enables interrogators to detect transmission and processing errors, which would result in the main custom command not being executed in a short, well-defined time interval. Concretely, without limitation of generality, the mechanism allows, according to the ISO 18000-6C standard, for the transponder to continue responding to the interrogator's customized command at time T1, and the interrogator can detect the lack of response at time T3 (timeout) . 23. SECURE COMMUNICATION SYSTEM according to claim 22, characterized by the fact that another purpose of the mechanism is to let the interrogator in control of the interaction with the transponder and, after the supposed termination of the processing of the primary customized command in the transponder, after the Δt time, the interrogator requests, through an auxiliary custom command called Finalize, the transmission of the transponder's primary response and, thus, the execution of the main custom command is divided into two distinct phases: the first confirmation phase, and the second phase of finalizing the execution of the main command. 24. SECURE COMMUNICATION SYSTEM, according to claim 22, characterized in that, in this execution of the main command in two phases, the interrogator takes advantage of the time interval Δt, during which the transponder is being occupied with the processing of the primary request, to process other tasks or communicate with other transponders, reducing waiting time and increasing the operational efficiency of the interrogator. 25. SECURE COMMUNICATION SYSTEM, according to claim 22, characterized in that the two-phase execution mechanism benefits the execution of any command-response pair between interrogator and transponder that involves prolonged processing in the transponder and, in In particular, this mechanism applies to custom commands that involve using encryption on the transponder: Mutual_Auth_Read, Secure_Auth_Read, and Secure_Auth_Write. 26. SECURE COMMUNICATION SYSTEM, according to claim 22, characterized by the fact that, as a non-limiting reference of generality, to enable the interrogator to estimate time Δt more accurately, information on performance or processing time The transponders can be kept in a database and the interrogator can access this information using one of the GID, UTID, and SPC values received from the transponder as the passkey. 27. SECURE COMMUNICATION SYSTEM, according to claim 22, characterized in that, alternatively, a variation of the auxiliary response is the inclusion of an optional parameter - called EPTI -, to indicate the expected processing time (expected processing time indicator), the EPTI may, without limitation of generality, inform an index of the relative processing performance of the transponder, such as the number of bits that the transponder can encrypt or decrypt per millisecond, and an indication of the performance of reading and of writing in non-volatile memory, such as, for example, and without limitation in generality, the recording time (rewrite) per 16-bit word in the EEPROM or Flash or FeRAM (or other) internal memory of the transponder, allowing the interrogator to calculate the time required for cryptographic operations and memory access on the transponder, or the EPTI can also inform the absolute estimate of the necessary processing time, consider I monitor the type and load of the request received from the interrogator, and, in general, knowledge of the EPTI enables the interrogator to estimate the necessary waiting time Δt with greater accuracy than in the case where this information is not available. 28. SECURE COMMUNICATION SYSTEM, according to claim 22, characterized in that, alternatively, without limitation of generality, the reference times of the processing expected by command and transponder type and implementation can be managed in the form of maintained tables in interrogators by mapping transponder model and implemented protocol version numbers to absolute or relative processing performance values. In this case, it is supposed to include a transponder implementation model number, and a protocol version number implemented by the transponder, in the UII memory bank, whose contents will be read by the interrogator during the inventory phase. 29. SECURE COMMUNICATION SYSTEM according to claim 22, characterized in that a variation of the auxiliary custom command is the inclusion of an optional parameter, denoted FEOP, to force the end of processing (force end of processing) in the transponder when this has not yet finished the internal processing when receiving the Finalize command, and, without limitation of generality, the FEOP can be performed by means of a binary indicator (binary flag; boolean flag) that receives the values "1" or "on" to force the end of processing and "0" or "off" to allow further processing on the transponder. 30. SECURE COMMUNICATION SYSTEM, according to claim 22, characterized in that, without limitation of generality, in the two-phase command execution mechanism, the transponder reaction to a Finalize command, with or without FEOP activated, depends on the needs and boundary conditions of the particular application, so, for example, a transponder that has not finished processing locally may respond to a Finalize command with FEOP disabled, via an error message warning that processing has not been completed, and stop command execution, or return dedicated response requesting more time for the interrogator to run and continue processing, or ignore the command. Without limiting generality, specifying the interrogator's handling of the transponder's inability to send a response to the primary command to a Finalize command may depend on the particular application, and the interrogator may, for example, extend the waiting time and send a new Finalize command to get the answer, or simply abandon the interaction unilaterally. 31. SECURE COMMUNICATION SYSTEM, according to claim 22, characterized in that it covers all variations of the two-phase execution mechanism that have compatible purposes and advantages, including mechanisms involving number of auxiliary messages and/or different parameters , with a possible compatible variation being the transponder not sending an auxiliary confirmation, and the interrogator directly sending the Finalize command, after a certain waiting time. 32. SECURE COMMUNICATION SYSTEM, according to claim 22, characterized by the fact that in another compatible variation the Finalize command is eliminated and, instead of letting the transponder respond after a defined time interval, it is left, for example , and without limitation of generality, that this is deduced by the interrogator and the transponder, from the known amount of data that the transponder will have to process internally. 33. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that it provides an interleaved command execution mechanism for the interaction between an interrogator and multiple transponders, which, among others, has the essential purpose of enabling the partial parallelism of the processing of interrogator commands in transponders, aiming to reduce the total execution time compared to a sequential execution of message pairs, composed of an interrogator command and a corresponding response from the addressed transponder. 34. SECURE COMMUNICATION SYSTEM according to claim 33, characterized in that the interleaved execution mechanism executes commands in two phases, for the benefit of any sequence of command-response pairs between an interrogator and a transponder that involves prolonged processing on the transponder, in the order of magnitude of milliseconds to tens of milliseconds or more, and, in particular, the mechanism applies to custom command sequences, involving the use of encryption in the transponder: Mutual_Auth_Read, Secure_Auth_Read and Secure_Auth_Write. 35. SECURE COMMUNICATION SYSTEM, according to claim 33, characterized in that, without limitation of generality, the generic principle of the merged execution mechanism can be divided into three stages, the first stage being the sending of primary commands; the second stage of waiting for the interrogator, and the third stage of collecting the primary responses, whereby, in the first stage, using the two-phase execution scheme, the interrogator sends the next due primary command PCi (primary command), as per the session current communicative, and receives an immediate auxiliary reply ARi (auxiliary reply) from each transponder Ti of a set of M transponders T1 to TM with which the interrogator is maintaining communicative sessions; in the second stage, the interrogator waits for the completion of transponder T1 processing, and, without limitation of generality, if the maximum command processing time is of the order of milliseconds for all transponders, given by tproc, then the RSU must wait for , at least, twait = tproc — (M-1) x (treq + tconf) > 0 milliseconds, after receiving ARi so that PCi processing on transponder T1 is terminated, with treq representing the upper limit for transmitting a single primary command PCi, with tconf representing the upper limit for receiving a single auxiliary ARi response from the transponder, and M specifying the total number of transponders to be processed, the transmission time being determined by different factors, including transfer rates of data for the uplink and downlink, by the maximum allowable tolerances and by the message datagram sizes, and, if the time required to send all M PCI commands, with 1 < i < M, is greater than the internal processing time of transponder T1, so tw = 0 and the interrogator can continue to the next stage without delay, and in the third and last stage, the interrogator sends the auxiliary Finalize ACi commands (auxiliary command) to request and receive the transmissions of the primary responses PRi from the transponders Ti, 1 < i < M, in the case where the time for receiving the primary responses in the third stage is less than the time for sending the primary commands in the first stage, the interrogator may be subject to additional waiting times. 36. SECURE COMMUNICATION SYSTEM, according to claim 33, characterized by the fact that, without limitation of generality, the interleaved execution mechanism follows a simplified model for a parallelized implicit mutual authentication of multiple transponders Ti, 1 < i < M , from the interrogator's point of view, where: (1) send requests and receive auxiliary acknowledgments of implicit mutual authentication: for every Ti with 1 < i < M, executed in sequence: (i) send to Ti: Mutual_Auth_Read (Handlei, EK (...), CRC); (ii) receive from You: Reply (Handlei, ..., CRC); (2) wait for availability of first primary response: wait for tw milliseconds with: tw = Max (0; tproc - (M-1) x (treq + tconf)) > 0, treq = GetTransmissionTime (Mutual_Auth_Read (Handlei, EK(.). ..), CRC)), tconf = GetTransmissionTime(Reply(Handlei, ..., CRC)); (3) request and collect primary mutual authentication responses: for every Ti with 1 < i < M, executed in sequence: (i) send to Ti: Finalize (Handlei, ..., CRC); (ii) receive from Ti: Reply (Handlei, EK(...), CRC); (iii) if (i < M): wait Δt milliseconds, with: Δt = Max (0; treq + tconf - tfin - trsp) > 0; tfin = GetTransmissionTime (Finalize (Handlei, ..., CRC)); trsp = GetTransmissionTime(Reply(Handlei, EK(...), CRC)). 37. SECURE COMMUNICATION SYSTEM, according to claim 33, characterized by the fact that the exemplified GetTransmissionTime constitutes an abstract auxiliary mechanism to determine the transmission time of messages to be sent through the air interface. 38. SECURE COMMUNICATION SYSTEM, according to claim 33, characterized in that the interleaved execution mechanism covers the execution of any homogeneous or heterogeneous set of commands to be executed in transponders. 39. SECURE COMMUNICATION SYSTEM, according to claim 33, characterized in that the interleaved execution mechanism is not limited to a particular sequence of command transmission per stage, but covers the optimization and change of the sequence in consideration of the transmission time and processing each command and response, with the aim of avoiding or reducing interrogator waiting time. 40. SECURE COMMUNICATION SYSTEM, according to claim 33, characterized in that it covers any and all variations of the mechanism of interleaved command execution that have compatible purposes and advantages, including mechanisms involving auxiliary messages and/or distinct parameters, as, for example, a compatible variation where, in the first stage, the transponder only sends primary PCi commands, without receiving ARi auxiliary acknowledgments. 41. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that it covers modifications of custom command signatures to allow multiple key generations per key type, such as multiple authentication key generation, read and write access , and, for example, and without limitation of generality, the identification of the key generation to be used can be accomplished by means of an additional parameter in the affected commands which indicates the generation of the key to be used. 42. SECURE COMMUNICATION SYSTEM, according to claim 41, characterized in that it covers modifications of the customized commands of this secure communication system to allow the use of one or multiple master keys, with the use of one key grants certain well-defined rights to the interrogator, directly or indirectly through the generation of a temporary secret key, which include, among others, exclusive, read or write access to special or general areas of the transponder memory; authorization of the use of special functionality and specific commands of the transponder; activation or deactivation, temporary or permanent, of read and/or write access to the transponder memory areas, including the modification of the internal status of these transponder memory areas from "read and write allowed" to "read only allowed", and vice versa, and the total and permanent deactivation of transponders (Kill). 43. SECURE COMMUNICATION SYSTEM, according to claim 41, characterized in that it covers, in coordination with interrogators, transponders that change or replace the TN and RN nonces received in customized commands before generating the corresponding responses, instead of reusing the TN and RN nonces of the custom commands received without change. 44. SECURE COMMUNICATION SYSTEM, according to claim 41, characterized in that it covers replacement of nonces or increase with other variable values for times chosen in a range of values sufficient to guarantee an insignificant probability of repetition of the values used as nonces in messages in practice, according to the needs of the particular application. 45. SECURE COMMUNICATION SYSTEM, according to claim 41, characterized in that it covers the use of arbitrary encryption algorithms for the cryptographic operations of the customized commands defined by the present system. 46. SECURE COMMUNICATION SYSTEM, according to claim 41, characterized in that it covers changes in the nomenclature of commands, responses and parameters in the signatures of commands and responses, without essential modification of the functionality and purposes of the commands or responses or of the affected parameters. 47. SECURE COMMUNICATION SYSTEM according to claim 41, characterized in that it covers changes in the composition of customized command parameters and transponder responses, without essential modification of the functionality and purposes of the commands and responses and where the parameters they can, for example, and without limitation of generality, be combined by means of reversible logical operations, as with the XOR operation, to reduce the total size in bits of the composite data set, in order to reduce transmission time, or the number and time of cryptographic operations required. 48. SECURE COMMUNICATION SYSTEM according to claim 41, characterized in that it covers changes in parameter sizes in number of bits of commands and responses and, in particular, changes due to the use of block sizes different from that of 128 bits , used in the reference algorithm, or modifications due to the use of cryptographic algorithms other than the AES reference algorithm, and nonces with varying number of bits sizes. 49. SECURE COMMUNICATION SYSTEM according to claim 41, characterized in that it covers custom commands optimized for specific sizes of data blocks, including variations of custom read/write access commands for transponders that support sized data blocks standardized, and/or predefined memory addresses when reading/writing data. 50. SECURE COMMUNICATION SYSTEM according to claim 41, characterized in that it covers the use of arbitrary numbers of bits for the parameters of the customized commands and the corresponding responses. 51. SECURE COMMUNICATION SYSTEM, according to claim 41, characterized in that it covers cryptographic machines implemented in interrogators and/or transponders that use operating modes other than the CTR mode to ensure the protection of the integrity of encrypted data of arbitrary size. 52. SECURE COMMUNICATION SYSTEM, according to claim 41, characterized in that it covers descriptions of the constituent parts of the system focusing on the specification and description of the main parameters of interrogator commands and transponder responses, without limiting generality and without exclude the possibility of including additional parameters in the signatures of commands and responses for other purposes that do not interfere or compromise the main purposes of these commands and responses. 53. SECURE COMMUNICATION SYSTEM, according to claim 41, characterized in that it covers variations in the specification of commands and responses, objects of this secure communication system, in relation to the different ways of handling exceptions and processing failures and transmission of commands and responses. 54. SECURE COMMUNICATION SYSTEM, according to claim 41, characterized in that it covers secure and authenticated versions of the native Lock and Kill commands, implemented according to the Secure_Authenticated_Write command model, defining a new custom command, with a new bit sequence characteristics, as specified in the ISO 18000-6C protocol, replacing the data parameters to be written from the Secure_Authenticated_Write command with necessary parameters of the respective operation, obtaining, for example, and without limitation of generality, custom Secure_Auth_Kill and Secure_Auth_Lock commands, and replacing the code from the result of writing the response to the Secure_Authenticated_Write command with an appropriate code of the result of the new operation, and where the Access command becomes unnecessary after disabling the other commands and modifying the state machine. 55. SECURE COMMUNICATION SYSTEM according to claim 41, characterized in that it covers altered definitions of the LMAR logical memory area range descriptor, including definitions that are different from the memory addressing mode defined in the ISO 18000-6C standard but whose adoption is permissible by the aforementioned standard in customized commands, for example, and without limitation of generality, the size values of LMAR components can be changed, or an entirely different addressing scheme can be defined, such as an LBA-type scheme (Linear Block Addressing) or other. 56. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that the custom commands Mutual_Auth_Read, Secure_Auth_Read, and Secure_Auth_Write perform the exchange of auxiliary parameters RN, CRN, SMD, DMD, TN, and CTN without protection by cryptographic envelope . 57. SECURE COMMUNICATION SYSTEM, according to claim 3, characterized by the fact that, in another non-limiting embodiment, the extended state machine of the transponders constitutes variations of state transitions in the way that the transponder does not respond to requests for interrogator commands while processing one of the complex custom commands Mutual_Auth_Read, Secure_Auth_Read, and Secure_Auth_Write, which require extended processing time on the transponder and a high power or energy level in this process, considering that no consideration of new interrogator commands during processing these complex custom commands in certain cases significantly improve the robustness of the secure communication system implementation in passive transponder devices (which do not have their own power source). 58. SECURE COMMUNICATION SYSTEM, according to claim 57, characterized in that in another non-limiting embodiment of the present secure communication system, a message transmission counter is used in the customized commands sent by the interrogator and in the responses returned by the transponder, for the purpose of more efficient identification of retransmissions, and for flow control and order of message delivery in variations of the secure communication system that allow multiple commands and/or multiple responses to be sent and temporarily stored for retransmission ; where message transmission identifiers include cyclic numerical counters with binary representation of size of one or more bits, counters of 2 bits in size, with the incrementing function "plus one modulo 22", resulting in the sequence of values 0, 1, 2 , and 3 per counter cycle, non-numeric message identifiers that use two or more differentiated values, such as a flag (flag) with values A and B. 59. SECURE COMMUNICATION SYSTEM, according to claim 1, characterized in that another non-limiting embodiment of the present secure communication system is the exchange of the use of encryption mode with decryption mode in pairs of messages. command and response, respectively, in order to allow implementations of the secure communication system on transponders in a way that it is only necessary to implement the encryption mode on the transponder, to reduce implementation complexity and energy consumption in transponder operation, as well as improving the temporal processing performance in the transponder that constitutes a device with limited resources compared to the reader device; the usage exchange is defined by: the encryption operation (CIPH) can use the decryption function (DEC), and the reverse decryption operation (CIPH-1) uses the encryption function (ENC), in the case of symmetric ciphers such as AES and DES, in which the encryption and decryption features are interchangeable to achieve data encryption and decryption. 60. SECURE COMMUNICATION SYSTEM according to claim 59, characterized in that the symmetric cipher can be the symmetric cryptographic algorithm AES - as well as any other symmetric cryptographic algorithm such as DES, TDES, Blowfish, or IDEA. 61. SECURE COMMUNICATION SYSTEM, according to claim 60, characterized in that a non-limiting embodiment of the implicit mutual authentication between an interrogator and a transponder, with reading of transponder identifier data protected by a cryptographic envelope, using, as non-limiting example of generality, the nonces RN, TN, CTN, 64 bits in size and CRN56, 56 bits in size, the ECB operating mode of the cryptographic machine AES-128 with the secret key AK 128 bits, in the form that CIPH=ENC, and CIPH1=DEC to protect the confidentiality and integrity of the RN and CRN56 protocol parameters in the command and TN and CTN in the corresponding response, and using the CTR mode of the AES-128 cryptographic machine with 128-bit SK secret key, to protect the confidentiality and integrity of the 64-bit UTID and 64-bit TDATA vehicular data and the SMAC static integrity and authenticity protection code contained in the response, with the SMAC if pre-calculated on the UTID and TDATA data and previously stored in memory during the transponder customization, with the size and type of the SMAC defined by the SMD2 parameter, with the dynamic error detection code DCRC, type CRC-16, being calculated on the vehicle data and on the SMAC code, at runtime, by the transponder, and with the DCRC parameter in the transponder response being combined with the least significant 16 bits of the TN parameter, by the XOR (or exclusive) operation, and with a dynamic DMAC integrity and authenticity protection code of size and type defined by the DMD2 parameter, and calculated, at run time, by the transponder on the CTR-mode encrypted data blocks contained in the response message, and using the CTN parameters of 64 bits, and CRN56, 56 bits, to initialize the initial counter of the CTR mode, and with the command message containing non-limiting examples of additional parameters, the parameter RFFU2 being 2 bits, rese rved for future use and not protected by encryption, SMD2 being a 2-bit descriptor parameter of the SMAC code, DMD2 being a 2-bit descriptor parameter of the DMAC code, GSK1 being a 1-bit descriptor parameter, defining the mechanism for obtaining the key SK session temporary secret by the transponder, being performed by the bit value '0' in binary notation of the GSK1 parameter, without limitation of generality, the use of a default predefined session secret key, and, by the bit value '1' of the GSK1 parameter , the use of a standard master key, to generate, at runtime, a new session temporary secret key SK, in this process of dynamic generation of the SK key using the nonces RN and TN, or other combination of variable parameters, by time as seed, and RFFUP3 being a 3-bit parameter, reserved for future use, protected by encryption, and RFFU2 and RFFUP3 being non-limiting examples of parameters intended for the future safe introduction of new fu ntionalities in the command without changing the basic structure of the current command to maintain backward compatibility and interoperability of implementations of different versions of the secure mechanism in transponders and interrogators. 62. SECURE COMMUNICATION SYSTEM according to claim 60, characterized in that in another non-limiting embodiment of the implicit mutual authentication between an interrogator and a transponder, with reading of transponder identifying data, protected by a cryptographic envelope, which uses, as a non-limiting example of generality, nonces RN, TN, CTN, 64 bits in size and CRN56, 56 bits in size, the ECB operating mode of the AES-128 cryptographic machine with the secret keys AK and SK 128 bits in the form CIPH=ENC, with CIPH-1=DEC, in all cases to protect the confidentiality and integrity of the protocol parameters RN and CRN56 in the command and CTN in its two occurrences, and RN and TN in the corresponding response, and the code DCRC dynamic error detection, type CRC-16, calculated, at run time, by the transponder on the 64-bit UTID and 64-bit TDATA vehicular data and on the SMAC code contained in the response, with the parameter DCRC being combined with the least significant 16 bits of the TN parameter, by the XOR (or exclusive) operation, and using the AES-128 cryptographic machine CTR mode as the SK secret key, to protect the confidentiality and integrity of the UTID and TDATA vehicle data and the static SMAC code for protection of integrity and authenticity in the response, with the SMAC being pre-calculated on the UTID and TDATA data, and previously stored in memory during the transponder customization, with the SMAC size and type defined by the SMD2 parameter , with the dynamic error detection code DCRC, type CRC-16, being calculated over the vehicle data and over the SMAC code, at run time, by the transponder, with the parameter DCRC in the transponder response being combined with the 16 bits less significant of the TN parameter, by the XOR (or exclusive) operation, and with a dynamic DMAC integrity and authenticity protection code of type and size defined by the DMD2 parameter and calcu side, at run time, by the transponder on the data blocks encrypted in CTR mode with the secret key SK and on the data blocks encrypted with the secret key SK in ECB mode contained in the reply message, and using the CTN parameters of 64-bit, and 56-bit CRN56, to initialize the CTR mode initial counter, and with the command message containing non-limiting examples of additional parameters, with RFFU2 being a 2-bit parameter, reserved for future use and not protected by encryption , SMD2 being a 2-bit descriptor parameter of the SMAC code, DMD2 being a 2-bit descriptor parameter of the DMAC code, MKS3 being a 3-bit descriptor parameter, for selecting the default session key or master key to be used for the generation of the SK session secret key, with MKS3 without generality limitation indexing a total of 23 = 8 keys or master keys with indices 0 to 7, these keys being pre-written in the transponder memory during personalization, GSK1 se ing a 1-bit descriptor parameter that defines the mechanism for obtaining the temporary secret key of session SK by the transponder, being performed by the bit value '0', in binary notation of the parameter GSK1, without limitation of generality, the use of a secret key session pattern indexed by the MKS3 parameter, and stored in the transponder, and, by the '1' bit value of the GSK1 parameter, the use of that secret master key stored in the transponder and indexed by the MKS3 parameter, for the generation, at run time, of a temporary secret key of SK session, and in this process of dynamic generation of the SK key, using the nonces RN and TN, or another combination of time-varying parameters with the seed (seed), and the parameter RFFU2 being a non-limiting example for a parameter intended for the future introduction of new functionality to the command, without changing the basic structure of the current command, to maintain backward compatibility and interoperability of implementations of different versions of the secure mechanism in transponders and interrogators. 63. SECURE COMMUNICATION SYSTEM, according to claim 60, characterized in that in another non-limiting embodiment of the implicit mutual authentication between an interrogator and a transponder, with reading of transponder identifying data, protected by a cryptographic envelope, which uses, as a non-limiting example of generality, nonces RN, TN, IRN and ITN, 64 bits in size, the ECB operating mode of the cryptographic machine AES-128 with the secret key AK 128 bits in the form CIPH=ENC, with CIPH -1=DEC, to protect the confidentiality and integrity of protocol parameters from RN and IRN protocol parameters in the command, and TN and ITN in the corresponding response, a dynamic 64-bit DMAC integrity and authenticity protection code in the command, and without limitation of generality, the DMAC being calculated, at run time, by the reader on the block of RN and ITN data, encrypted in ECB mode, in the command using, as a non-limiting example, a key secret and a DMAC format and size determined, in real time, by the reader as a function of the known transponder's GID group identifier, and the CBC mode with the 128-bit SK secret key, to protect the confidentiality and integrity of the TN and RN, the vehicle identification number, which, without limitation of generality, can be represented by the VIN (vehicle identification number), according to the 128-bit ISO 3779 international standard, and the DCRC dynamic code of error detection, type CRC- 16, 16 bits, calculated over the VIN, at run time, by the transponder, with the DCRC parameter in the response, being combined with the least significant 16 bits of the TN parameter, by the XOR (or exclusive) operation, and using the set of the 64-bit IRN and 64-bit ITN parameters as the initialization vector (IV) of the CBC mode of the AES-128 cryptographic machine. 64. SECURE COMMUNICATION SYSTEM, according to claim 60, characterized in that in another non-limiting embodiment of the implicit mutual authentication between an interrogator and a transponder, with reading of transponder identifying data, protected by a cryptographic envelope, which uses, as a non-limiting example of generality, nonces RN, TN, IRN, and ITN, 64 bits in size, the ECB operating mode of the cryptographic machine AES-128 with the secret key AK 128 bits, in the decryption function, to data encryption in the form CIPH=DEC, with CIPH-1=ENC, to protect the confidentiality and integrity of the RN and IRN protocol parameters in the command, the form CIPH=DEC, allowing the decryption of the data encrypted by the interrogator in the transponder is performed in ECB mode in the encryption function, then CIPH-1=ENC, removing the need for the additional implementation of the decryption mode in favor of the unique encryption mode in the transponder, allowing if In general limitation, in certain cases of cryptographic machine implementation, the reduction of the cryptographic algorithm implementation chip area and energy consumption in the algorithm operation in passive transponders, and using the ECB operating mode of the AES-128 cryptographic machine with 128-bit AK secret key, in the encryption function, for data encryption in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the parameters and TN and ITN in the response, using the mode Symmetric cryptographic algorithm encryption CBC with 128-bit SK secret key, to protect the confidentiality and integrity of the RN and TN nonces, of the vehicle identification number, which, without limitation of generality, may be represented by the VIN (vehicle identification) number), according to the 128-bit ISO 3779 international standard, and the 64-bit static SMAC integrity and authenticity protection code, pre-calculated on the VIN during pers. nalization of the transponder, with the SMAC parameter in the transponder response, being combined with the TN parameter, by the XOR (or exclusive) operation, and using the set of 64-bit IRN and 64-bit ITN parameters as the vector of initialization vector, IV) for the initialization of the CBC mode in the current communication session between interrogator and transponder, and using as a non-limiting example a TC transmission counter, binary of 1 bit, in the command and response messages, for the indication of new command and response transmissions and retransmissions, respectively, and command and response messages containing non-limiting examples of additional parameters, one RFFU parameter, 1 bit in size, not protected by encryption, intended for the future introduction of new features in the engine without changing the basic structure of the command and corresponding response, to maintain backward compatibility and imple interoperability. mentations of different versions of the secure mechanism in transponders and interrogators. 65. SECURE COMMUNICATION SYSTEM according to claim 64, characterized in that in a non-limiting embodiment of secure reading with request authentication between an interrogator and a transponder that uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, a range descriptor of the logical memory area to be read LMAR, 64 bits, the LMAR parameter in the interrogator command being combined with the RN parameter, by the XOR (or exclusive) operation, the mode ECB cryptographic engine AES-128 cryptographic engine with 128-bit SK session secret key in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the nonces and the 64-bit LMAR memory descriptor , in command, and protect the confidentiality and integrity of the nonces and the 64-bit DMAC dynamic integrity and authenticity protection code in the response, the DMAC being calculated, at run time, by the transponder over the n > 1 DW1 to DWn data blocks at 128 bits each, with the DWn block containing a well-defined padding, if the amount of data read and contained in the last block is less than the block size, and the parameter DMAC in the transponder response being combined with the TN parameter, by the XOR (or exclusive) operation, and using the CTR mode of the AES-128 cryptographic machine, to protect the confidentiality and integrity of the DW1 to DWn data read from the transponder memory in the case successful authentication of the request. 66. SECURE COMMUNICATION SYSTEM, according to claim 64, characterized in that in another non-limiting embodiment of secure reading with request authentication between an interrogator and a transponder, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, an interval descriptor of the logical memory area to be read LMAR, 64 bits, the LMAR parameter in the interrogator command being combined with the RN parameter by the XOR (or exclusive) operation using the ECB operating mode of the AES-128 cryptographic machine with 128-bit SK secret key in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the nonces and the 64-bit LMAR memory descriptor in the interrogator command, and using the CTR mode of the AES-128 cryptographic machine with 128-bit SK secret key, to protect the confidentiality of the RN and TN nonces, the DW1 to DWn data read from the transponder memory, and the dynamic code Integrity RCRC type CRC-16, 16 bits, in the response, the RCRC being calculated, at run time, by the transponder on the n > 1 data blocks DW1 to DWn at 128 bits each, with the DWn block containing one well defined padding, if the amount of data read and contained in the last block is less than the block size, the RCRC parameter in the transponder response being combined with the least significant 16 bits of the TN parameter, by the XOR (or exclusive) operation and using as a non-limiting example a 1-bit binary TC transmission counter in the command and response messages for indicating new transmissions and retransmissions. 67. SECURE COMMUNICATION SYSTEM, according to claim 64, characterized in that in another non-limiting embodiment of secure reading with request authentication between an interrogator and a transponder, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, an interval descriptor of the logical memory area to be read LMAR, 64 bits, the LMAR parameter in the interrogator command being combined with the RN parameter, by the XOR (or exclusive) operation, the CBC operating mode of the AES-128 cryptographic machine with 128-bit SK secret key in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the 64-bit nonces and LMAR memory descriptor in the command of interrogator, and protect the confidentiality and integrity of the nonces, the data read DW1 to DWn, and the RCRC dynamic integrity code, type CRC-16, 16 bits, in the response, the RCRC being calculated, at run time, by the transponder under re os n > 1 data blocks DW1 to DWn at 128 bits each, with the DWn block containing a well-defined padding, if the amount of data read and contained in the last block is smaller than the block size, the RCRC parameter in transponder response being combined with the least significant 16 bits of the TN parameter, by the XOR (or exclusive) operation, using in the command and response messages, as a non-limiting example of additional parameters, the 1-bit RFFU parameter, reserved for future use and not protected by encryption, and using a dynamic DMAC integrity and authenticity protection code of pre-defined size and type or defined by an auxiliary parameter included in the LMAR parameter, and the DMAC being calculated, at run time, by the transponder on the CBC mode encrypted data blocks contained in the transponder response. 68. SECURE COMMUNICATION SYSTEM, according to claim 64, characterized in that in another non-limiting embodiment of secure reading with request authentication between an interrogator and a transponder, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, an interval descriptor of the logical memory area to be read LMAR, 64 bits, the LMAR parameter in the interrogator command being concatenated with the parameters TN and RN, the ECB operating mode of the cryptographic machine AES-192 with 192-bit SK secret key in the form CIPH=DEC, with CIPH-1=ENC, to protect the confidentiality and integrity of the nonces and the LMAR memory descriptor in the interrogator command, and using the CBC mode of the cryptographic machine AES-192 with 192-bit SK secret key in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the nonces, the DW1 to DWn data read from the transponder memory, and the dynamic code in the response. 64-bit integrity and authenticity protection DMAC co, the DMAC being calculated, at run time, by the transponder on the n > 1 data blocks DW1 to DWn at 192 bits each, with the DWn block containing a well-defined padding , if the amount of data read and contained in the last block is less than the block size, the DMAC parameter in the transponder response being concatenated with the RN and TN parameters, and the DMAC type being predefined or defined by a parameter auxiliary included in the LMAR parameter. 69. SECURE COMMUNICATION SYSTEM according to claim 64, characterized in that in another non-limiting embodiment of secure reading with request authentication, between an interrogator and a transponder, optimized for the secure and authenticated reading of a single block of the transponder memory, containing up to 64 bits of data, using, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, an interval descriptor of the logical memory area to be read LMAR, 64 bits, for addressing up to 64 bits of data to be read from the transponder memory, the LMAR parameter in the interrogator command being concatenated with the TN and RN parameters, using the ECB operating mode of the AES-192 cryptographic machine with 192 SK secret key bits in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the TN and RN nonces and the LMAR memory descriptor in the interrogator command, and to protect the confidentiality and integrity ade of the nonces RN and TN and the single block of data read DW64 64 bits in the reply message, the block DW64 containing a well defined padding, if the amount of data to be read is less than 64 bits. 70. SECURE COMMUNICATION SYSTEM, according to claim 64, characterized in that in a non-limiting embodiment of secure writing with explicit request authentication, between an interrogator and a transponder, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, a range descriptor of the logical memory area to be written LMAR48, 48 bits, LMAR48 being concatenated with a WCRC dynamic integrity code, type CRC-16, 16 bits, the WCRC being calculated, at run time, by the interrogator on the n > 1 data blocks DW1 to DWn at 128 bits each, with the DWn block containing a well-defined padding, if the amount of data to be written in this last block is smaller than the block size, and with this padding being removed by the transponder before writing the data DW1 to DWn in the internal memory at the addresses specified by parameter LMAR48, in the case of successful authentication of the command through the analog Verify the validity and correctness of the TN, RN, WCRC values, and any additional integrity code contained in the LMAR48 parameter by the transponder, the set of LMAR48 and WCRC parameters concatenated in the interrogator command being combined with the RN parameter, by the XOR operation ( or exclusive), and using the CBC mode of the AES-128 cryptographic machine with the 128-bit WK writing secret key, to protect the confidentiality and integrity of the RN and TN nonces, the LMAR48 and WCRC parameters, and the n > 1 data blocks DW1 to DWn and to be written in the transponder memory, and using the AES-128 cryptographic machine CBC mode with the 128-bit WK writing secret key, to protect the confidentiality and integrity of the RN and nonces TN and the WCRC* parameter in the transponder response message, WCRC* being a 16-bit dynamic integrity code, type CRC-16, calculated by the transponder, at run time, over the memory area that was written and f effectively, being the WCRC* parameter in the transponder response combined with the least significant 16 bits of the TN parameter, by the XOR (or exclusive) operation, and using as a non-limiting example a 1-bit binary TC transmission counter in the messages of command and response, for the indication of new transmissions and retransmissions of command and response. 71. SECURE COMMUNICATION SYSTEM, according to claim 70, characterized in that in another non-limiting embodiment of secure writing with explicit request authentication, between an interrogator and a transponder, which uses, as a non-limiting example of generality, an optional 64-bit dynamic DMAC integrity and authenticity protection code, a DMD parameter being, without limitation of generality, a 4-bit descriptor indicating the presence and type and size of the DMAC, being used, without limitation of generality, the value '0000' of the DMD, in binary notation, to indicate the absence of the DMAC, corresponding to a zero-bit size of the DMAC, and the other values of the DMD being used to describe the size and type of DMAC algorithm and the index of secret key used by the interrogator in the DMAC generation, at runtime, on the data blocks encrypted in CTR mode with the secret key WK and on the data blocks encrypted with the secret key WK, in ECB mode, contained in the command message, using RN and TN nonces, 64 bits in size, an interval descriptor of the logical memory area to be written LMAR, 64 bits, and optionally containing an internal code additional integrity dynamic, being calculated, at run time, by the interrogator on the n > 1 data blocks DW1 to DWn at 128 bits each, with the DWn block containing a well-defined padding, if the amount of data in the last block to be written is smaller than the block size, and with this padding being removed by the transponder before writing the data DW1 to DWn in the internal memory at the addresses specified by the LMAR parameter, in the case of successful authentication of the command, through the analysis by the transponder of the validity and correctness of the DMAC, TN, and RN values, and of any additional integrity codes contained in the LMAR parameter, the LMAR parameter in the interrogator command being combined with the RN parameter, by the XOR operation (or exclusive), and using the ECB mode of the AES-128 cryptographic machine with the 128-bit WK writing secret key in the decryption function, for data encryption in the form CIPH=DEC, with CIPH1=ENC, to protect the confidentiality and integrity of the TN, RN, and LMAR data at the command, and using the CTR mode of the AES-128 cryptographic machine with the 128-bit WK writing secret key, to protect the confidentiality and integrity of n > 1 DW1 data blocks to DWn contained in the command and intended to be written to the transponder memory after successful authentication of the request, and using the ECB mode of encryption of the AES-128 cryptographic machine with the 128-bit WK writing secret key in the encryption function, for data encryption in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the RN and TN nonces and the WCRC parameter in the transponder reply message, WCRC being a dynamic integrity code, type CRC -16, 16-bit, calculated side by the transponder, at runtime, over the area of memory that was actually written, and the WCRC parameter in the transponder response being combined with the least significant 16 bits of the TN parameter by the XOR (or exclusive) operation. 72. SECURE COMMUNICATION SYSTEM, according to claim 70, characterized in that in another non-limiting embodiment of secure writing with explicit authentication of request between an interrogator and a transponder, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, an interval descriptor of the logical memory area to be written LMAR, 64 bits, internally containing an additional 16 bits dynamic integrity code, type CRC-16, being calculated, at run time, by interrogating the n > 1 data blocks DW1 to DWn at 192 bits each, with the DWn block containing a well-defined padding, if the amount of data in this last block to be written is less than the size of the block, and with this padding being removed by the transponder, before writing the data DW1 to DWn in the internal memory at the addresses specified by the LMAR parameter, in the case of successful authentication of the command through the analysis by the transponder of the validity and correctness of the TN, and RN values, and of any additional integrity codes contained in the LMAR parameter, the LMAR parameter in the interrogator command, being concatenated with the TN and RN parameters, and using the ECB mode of the AES cryptographic machine -192 with the 192-bit WK writing secret key in the encryption function for data encryption in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of the TN, RN, and LMAR data in the command , and using the CTR mode of the AES-192 cryptographic machine with the 192-bit WK writing secret key, to protect the confidentiality and integrity of the n > 1 data blocks DW1 to DWn contained in the command and intended to be written in the memory of the transponder, after successful authentication of the request, and using the ECB mode of encryption of the AES-192 cryptographic machine with the 192-bit WK writing secret key in the encryption function for data encryption in the form CIPH=ENC, with CIPH1= D EC, to protect the confidentiality and integrity of the RN and TN nonces and the LMAR* parameter in the transponder response message, with LMAR*, 64 bits, the range descriptor of the logical memory area that was actually written, internally containing the dynamic integrity code, type CRC-16, of additional 16 bits, recalculated, at run time, by the transponder on the contents of that data area in the transponder memory that was actually written, and being the parameter LMAR*, in the response of transponder, concatenated with the parameters RN and TN. 73. SECURE COMMUNICATION SYSTEM, according to claim 70, characterized in that in another non-limiting embodiment of secure writing with explicit request authentication, between an interrogator and a transponder, optimized for the secure and authenticated writing of a block of data in the transponder memory, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, a DW16 data block, 16 bits in size, a range descriptor of the logical memory area a be written LMAR48, 48 bits, LMAR48 being concatenated with the DW16 block to be written, if the command authentication is successful, through the transponder analysis of the validity and correction of the TN value, and any additional integrity codes contained in the parameter LMAR48, with the set of LMAR48 and DW16 parameters in the interrogator command being combined with the RN parameter, by the XOR (or exclusive) operation, and using the cryptographic engine's ECB mode AES-128 with 128-bit WK writing secret key in the encryption function for data encryption in the form CIPH=ENC, with CIPH-1=DEC, to protect the confidentiality and integrity of data TN, RN, LMAR48, and DW16 at the command, and using the ECB mode of encryption of the AES-128 cryptographic machine with the 128-bit WK writing secret key in the encryption function for data encryption in the form CIPH=ENC, with CIPH1=DEC, to protect the confidentiality and integrity of the RN and TN nonces and the DW16* parameter in the transponder response message, with DW16* being the data block read again by the transponder of the logical memory area that was actually written, and the DW16* parameter in the response from transponder combined with the least significant 16 bits of the TN parameter, by the XOR (or exclusive) operation. 74. SECURE COMMUNICATION SYSTEM, according to claim 70, characterized in that in a non-limiting embodiment of the combination, in a single command, of the functionality of the authenticated secure writing and authenticated secure reading mechanisms, optimized for reading secure and authenticated of a single RDW128 data block and the secure and authenticated writing of a single WDW32 data block in the transponder memory, which uses, as a non-limiting example of generality, nonces RN and TN, 64 bits in size, a logical memory area to be read range descriptor RLMAR48 48-bit, a logical memory area to be written range descriptor WLMAR48 48-bit, and a 32-bit WDW32 block of data to be written to the memory area specified by the WLMAR48 parameter, and using the ECB mode of the AES-256 cryptographic machine with the 256-bit secret key K1 in the encryption function for data encryption in the form CIPH=ENC, with CIPH-1=DEC, pa to protect the confidentiality and integrity of the TN, RN, RLMAR48, WLMAR48, and WDW32 data at the command, and using the ECB mode of encryption of the AES-256 cryptographic machine with the 256-bit K2 writing secret key in the encryption function for the data encryption in the form CIPH=ENC, with CIPH1=DEC, to protect the confidentiality and integrity of the RN and TN nonces, the 32-bit WCRC parameter and the 128-bit RDW128 data block in the transponder response message read from the memory area specified by the RLMAR48 parameter, WCRC being a 32-bit dynamic integrity code type CRC-32, calculated by the transponder, at run time, over the memory area that was actually written, and the WCRC parameter being in the transponder response combined with the most significant 32 bits of the TN parameter by the XOR (or exclusive) operation.

Images