SecureTag
SecureTag
Long-Range Tracking You Can Actually Trust
SecureTag is a battery-powered, long-range tracking tag built security-first, from the radio signal up. Every broadcast is encrypted, signed, and impossible to fake or replay — not as an add-on, but as the foundation of the design.
Highlights
Every Broadcast Encrypted. Every Identity Rotating. Nothing to Spoof.
SecureTag combines a hub-and-spoke trust architecture with per-message rotating identifiers, so no signal in the air ever reveals who or what you're tracking.
- Unlinkable, Rotating Broadcast Identity
- Signed & Replay-Proof Commands
- Silent Tamper Detection
- Disposable, Instantly-Revocable Relays
Product Overview
SecureTag is designed for organizations and individuals who need location tracking they can actually trust — not just a blinking dot on a map, but a signal that is authentic, private, and fresh. It closes the three failure modes of ordinary tracking tags: cloneable identities, spoofable locations, and replayable recordings.
The system is a hub-and-spoke network: tags only ever talk to nearby readers over short-range radio, readers only ever talk to a central server, and the server is the single hub every trust decision routes through. A tag never extends trust to a reader directly — it only ever acts on instructions signed by the server, so compromising a single relay never cascades into a fleet-wide breach.
A tag trusts exactly one entity: the server. Every other party — readers, managers, the operator dashboard — reaches it only through the server.
How It Works
A tag moves through factory setup once, then spends its working life in steady-state: broadcast, sleep, repeat.
Key Features
🔐 Cryptographic Identity, Not a Fixed ID
- Rotating, time-based identifier derived from a per-tag shared secret — no fixed serial number is ever broadcast
- Every reported location is authenticated and encrypted before it ever hits the air
- ECC P-384 signed commands, verified fresh against the server's certificate on every contact
🕵️ Replay- and Spoof-Proof by Construction
- Time-bound identifiers expire within minutes — a captured signal can't be rewound to fake a past location
- A cheap symmetric pre-filter rejects forged commands before the tag ever spends power on an expensive signature check
- An hourly proximity exchange bounds how physically close a tag really is to its reader, closing the "relay it far away" attack
🚨 Quiet Tamper Reporting
- Interference attempts are flagged, not announced — the tag keeps behaving normally so an attacker gets no feedback that they've been noticed
- The compromise flag rides encrypted inside the next routine check-in, invisible over the air
🔁 Contained, Recoverable Compromise
- Losing a reader degrades coverage in one area — nothing more; the server simply stops trusting it, instantly, with zero tag-side reconfiguration
- A stolen shared secret is recoverable over the air; only a stolen private key requires physical recall
🔋 Long Range, Low Power
- Long-range radio mode built to outreach typical short-range consumer trackers
- Deep-sleep, broadcast-only radio profile for extended field battery life
- Scheduled listen windows keep the tag reachable for commands without giving up the low-power profile
Technical Highlights
- Hub-and-spoke trust model — one hub, one revocation point, no N-party certificate web to keep in sync
- AES-128-GCM encrypted, ECC P-384 signed steady-state traffic
- Rotating, time-based identifiers for tag lookup — never a static ID in the clear
- Certificate-based mutual authentication between reader and server
- Ratcheted shared secret — advances one-way on each epoch and reboot for backward secrecy
- Fixed-format radio packets tolerant of single-fragment loss — no retransmission, by design
Ideal Use Cases
- Family & personal safety tracking (children, elderly relatives, pets)
- Vehicle, bike & equipment anti-theft tracking
- Field asset & tool tracking for enterprises
- Supply chain and logistics tag tracking
- Any deployment where the location signal itself must be trustworthy, not just present
Why Choose SecureTag?
- Nobody but your own server can identify or follow your tag's signal
- Cloning and spoofing simply don't work against a per-tag verified identity
- Compromise of any single relay is contained, instant to revoke, and never cascades
- Long field life from a deep-sleep, broadcast-only power profile
- Built security-first from the radio signal up — not bolted on afterward
Ready to deploy tracking you can actually trust?
SecureTag Other trackers tell you where something is. SecureTag also guarantees the answer is real, private, and yours alone.