Network-enabled RFID tag endorsement

We claim: 1. A method for a Radio Frequency Identification (RFID) reader to endorse an RFID tag, the method comprising: receiving an identifier from the tag; determining a certificate from the tag, wherein the certificate identifies a property of an item to which the tag is affixed, the property including one or more of: a region of sale, whether the item is hazardous, whether the item has been approved by one or more entities, whether the item contains allergens, whether the item meets safety standards, whether the item meets relevant intellectual property (IP) licensure requirements, and customer satisfaction ratings associated with the item; challenging the tag with a challenge; receiving a response from the tag; sending a first message including at least the identifier, challenge, and response to a verification authority; sending a second message including at least the identifier and the certificate to a certification authority; receiving a first reply from the verification authority; and receiving a second reply from the certification authority. 2. The method of claim 1 , wherein the identifier is one or more of: a tag identifier (TID), a key identifier (KID), a unique item identifier (UII), an electronic product code (EPC), a serialized trade identification number (SGTIN), and a Universal Resource Identifier (URI). 3. The method of claim 1 , wherein the certificate further identifies at least one of: a property of the tag and the certification authority. 4. The method of claim 1 , wherein the certificate is determined by constructing the certificate from the identifier and at least one assertion accessible to the reader, wherein the assertion is in at least one of: a human-readable form, a scan-readable form, and a machine-readable form. 5. The method of claim 1 , further comprising at least one of: storing a plurality of responses from a plurality of tags before sending at least one of the plurality of responses to the verification authority; and storing a plurality of certificates from the plurality of tags before sending at least one of the plurality of certificates to the certification authority. 6. The method of claim 1 , wherein at least one of the first and second messages further includes at least one of: a reader certificate; a physical location for the reader; and a reader electronic signature. 7. The method of claim 1 , wherein at least one of: the verification authority and the certification authority are the same entity, the first and second messages are combined into a single message, and the first and second replies are combined into a single reply. 8. The method of claim 1 , wherein at least one of: the response is concatenated with the identifier, the certificate is concatenated with the identifier, and the certificate is concatenated with the response. 9. The method of claim 1 , wherein the reader challenges multiple tags with one challenge simultaneously, and at least one of the tags is configured to store its response for a subsequent reading by the reader. 10. A method for a Radio Frequency Identification (RFID) system including a reader, a verification authority, and a certification authority to endorse an RFID tag containing a key, the method comprising: the reader: receiving an identifier from the tag; determining a certificate from the tag; challenging the tag with a challenge; receiving a response from the tag, wherein at least one of the certificate and the response is concatenated with the identifier; sending a first message including the identifier, challenge, and response to a verification authority; and sending a second message including at least the identifier and the certificate to a certification authority; and at least one of: the verification authority sending a first notification to a designated party if the response is incorrect, and the certification authority sending a second notification to the designated party if the certificate is not supported. 11. The method of claim 10 , further comprising at least one of: the reader storing a plurality of responses from a plurality of tags before sending at least one of the plurality of responses to the verification authority; and the reader storing a plurality of certificates from the plurality of tags before sending at least one of the plurality of certificates to the certification authority. 12. The method of claim 10 , wherein the reader determines the certificate by constructing the certificate from the identifier and at least one assertion accessible to the reader, wherein the assertion is in at least one of: a human-readable form, a scan-readable form, and a machine-readable form. 13. The method of claim 10 , wherein the verification authority is one of: the same as the certification authority; and a proxy for the certification authority. 14. The method of claim 10 , wherein at least one of: the verification authority signs the first notification with a verification authority electronic signature; and the certification authority signs the second notification with a certification authority electronic signature. 15. The method of claim 10 , wherein the reader challenges multiple tags with one challenge simultaneously, and at least one of the tags is configured to store its response for a subsequent reading by the reader. 16. A Radio Frequency Identification (RFID) reader adapted to endorse an RFID tag, the reader comprising: a memory; and a processor coupled to the memory, the processor configured to: receive an identifier from the tag; determine a certificate from the tag; challenge the tag with a cryptographic challenge, wherein the tag and multiple other tags are challenged with the challenge simultaneously, and at least one of the tags is configured to store its response to the cryptographic challenge for a subsequent reading by the reader; receive a response from the tag; send a first message including at least the identifier, challenge, and response to a verification authority; send a second message including at least the identifier and the certificate to a certification authority; receive a first reply from the verification authority; and receive a second reply from the certification authority. 17. The RFID reader of claim 16 , wherein the processor is further configured to determine the certificate by constructing the certificate from the tag ID and at least one assertion accessible to the reader. 18. The RFID reader of claim 16 , wherein the processor is further configured to at least one of: store a plurality of responses from a plurality of tags before sending at least one of the plurality of responses to the verification authority; and store a plurality of certificates from the plurality of tags before sending at least one of the plurality of certificates to the certification authority. 19. The RFID reader of claim 16 , wherein at least one of the first and second messages further includes at least one of: a reader certificate; a physical location for the reader; and a reader electronic signature. 20. The RFID reader of claim 16 , wherein the processor is further configured to cause the tag to send at least one of: the response concatenated with the identifier, the certificate concatenated with the identifier, and the certificate concatenated with the response. 21. The method of claim 1 , wherein the property of the item to which the tag is affixed further includes one or mor