Suppose, 15 years ago, you had been told about a technology that could potentially erase (or copy) all the files from your computer, aid criminals in stealing your credit card and bank information, and even make you a party to unethical and illegal activities. And suppose a state legislature proposed banning that technology. Would you have supported the legislation?

Or suppose that you had been told that there was a new technology on the horizon that would claim one life every 13 minutes1 in the United States alone, damage the environment, and leave the country hostage to foreign interests. Would you have supported banning that technology?

Couched in those terms, many people would. Yet if such legislation had been enacted, neither the Internet nor the automobile would be in use today.

Today, some people are trying to portray Radio Frequency Identification (RFID) technology in much the same way. Many reports focus only on negative scenarios without providing an accurate perspective on how the technology works and how it is improving and protecting our quality of life.

It is doubly ironic that critics of this technology raise fears about its potential for invading privacy when in fact this technology can help protect our security, ensure the safety of the food we eat and authenticate the medications we take.

It’s important to realize that RFID is not a monolithic technology. It is, instead, a family of similar but not identical systems, each with its own capabilities and limitations. Different systems require different levels of security to ensure privacy. Attempting to develop a one-size-fits-all approach to privacy and security would, instead, result in a one-size-fits-none “solution” that could deprive citizens of existing and future benefits of the technology.

The question is, do you ban the technology or do you establish realistic and effective safety and security procedures (best practices) to protect users of the technology?

To make educated decisions about how RFID fits into our lives, it is important to understand the various ways in which RFID is already being used to provide security, safety and authentication to protect the public and the common good.

This article will highlight the existing benefits and uses of RFID, demonstrate the increasing need for RFID to ensure product and personal safety, examine security issues and the different types of RFID systems, suggest a “common sense approach,” and highlight AIM Global’s historical and continuing initiatives to explain and promote consumer privacy and security issues.

RFID provides security through item identification and authentication of items in everyday life. For example:

Baggage identification: RFID identifies luggage to enable baggage and passenger matching to ensure airline safety and expedite baggage handling.

Product authentication: RFID protects consumers from counterfeit or adulterated materials in the supply chain; pharmaceuticals are among the first to benefit from RFID.

Patient identification: RFID is being used in hospital patient wristbands to help ensure that patients - including newborns - are properly identified and receive the right treatment, procedures and medication.

Homeland Security: biometric RFID-enabled driver authentication cards prove a truck driver has passed a background check and is authorized to be transporting hazardous material. RFID tags on trucks crossing the border communicate manifests to border crossing stations to speed clearance of trusted cargos and allow inspectors to focus on non-trusted containers. Active RFID security seals and sensors are being used to secure maritime containers and detect dirty bombs inside them before they can enter the country from foreign ports.

Food Supply Chain Protection: RFID food animal ID ear tags allow rapid identification and tracking in the event of potential medical or toxicological threats. Sources of food shipments are also being identified and monitored (with sensors) to trace the source of biological or toxicological contamination.

Car Immobilizers: help protect consumers from car theft.

RFID also provides consumers convenience:

Toll Tags offer convenience to commuters by allowing them to automatically pay tolls either by direct charges to their bank accounts or by prepaying a certain amount. Time saved in toll lines also saves gas which benefits the environment as well as saving consumers money.

Electronic Payment through key fobs or contactless smart cards provides convenience as well as safety for consumers. In work places and school campuses, electronic payment replaces the requirement to carry cash which can improve personal security.

RFID-enabled Cards simplify certain transactions such as library book check-out and customer loyalty programs.

“Smart Labels” are increasingly being used to streamline the supply chain to reduce costs, prevent theft, and ensure consumers fully -stocked shelves and complete choice.

Companion Animal Identification with RFID tags helps lost animals be reunited with their families. Injected under the skin, they cannot be lost with a collar as can other types of identification tags.

RFID Wrist Bands provide peace of mind for parents who can locate their children in amusement parks and other public places. These wristbands can also have a stored monetary value so that children do not have to carry cash.

Recycling Programs in some countries are now considering RFID tags to identify the type of recyclable material, help automate the recycling stream, or identify the party responsible for ensuring proper disposal. Recycling initiatives, such as WEEE (Waste Electrical and Electronic Equipment) in the European Community, would benefit from such tagging.

RFID already provides personalized services, enhanced security and identity protection, better service, convenience and savings for consumers and business. RFID holds the promise of even greater improvements.

The Need for Authentication: The need for RFID to provide product authentication has never been greater and goes beyond prescription drugs and baggage.

IEEE Spectrum recently highlighted in its article, “Bogus!” by Michael Pecht and Sanjay Tiku, some eye-opening counterfeits that are costing consumers money and jeopardizing their safety. They included:

? Up to 15% of pharmaceutical products sold worldwide are counterfeit.

? A police raid on a suspected counterfeiter in China’s Guangdong province turns up US $1.2 million in fake computer parts and documents ? enough to produce not only complete servers and personal computers but also the packaging material, labels, and even the warranty cards to go with them. All the parts are neatly labeled with the logo of Compaq Computer Corp.

? A capacitor electrolyte made from a stolen and defective formula finds its way into thousands of PC motherboards, causing the components to burst and leak and the computers to fail, eventually costing more than $100 million to rectify.

? 8 Local authorities in Suffolk County, N.Y., seize counterfeit electrical safety outlets?used in bathrooms, kitchens, and garages to guard against electrical shock?bearing phony Underwriters Laboratories logos. The bogus parts had no ground-fault-interrupt circuitry, and had they been installed anywhere near water, the results could have been fatal.

? Dozens of consumers worldwide are injured, or merely surprised, when their cellphones explode, the result of counterfeit batteries that short-circuit and suddenly overheat.

According to statistics collected by Gieschen Consultancy, a surprising range of products is being counterfeited.

Products that could affect consumers’ health or safety:
Adhesives
Aircraft Parts
Condoms
Baby Formula
Baby Powder
Bathroom Appliances
Brakes
Cigarette Lighters
Electrical Switches
Fuses
Home Appliances
Liquefied Petroleum Gas (LPG) Cylinders
Machine Parts
Medicines: Antacids, Anti-Bacterial, Antibiotics, Anti-Hypertension, Cholesterol, Herbal, Impotence, Tuberculosis, Pain Relievers, Tranquilizers, Windshields
Milk, Milk Drinks, Milk Powder
Soy Sauce
Spices
Steel Bars
Sway Bar Links
Whiskey
Fish Finders

Many RFID tags?such as product code labels?are designed to be easily read in an “open system.” The code on these tags can be accessed by an unauthorized individual. That does not mean, however, that security is compromised.

Tag-to-reader communication for applications that might provide access to personally identifiable information (PII) are typically designed to have short read ranges from a few inches to a few feet to help prevent spurious reads from adjacent tags. This also helps protect against unauthorized reads.

RFID security, however, is more than tag-to-reader communication. RFID security is system-based.

Security first comes from authenticating the reader that communicates to the host database. This means that a reader interrogating a database must communicate the proper authentication codes, typically via a hardwired connection, before gaining access to information.

However, knowing a non-significant number (such as a serialized product code) does not provide immediate access to PII. In many cases, even access to the primary database via the tag’s unique code may only provide access to additional product information. PII may be kept in a different database.

The security of the database itself is equally important. Strong security and authentication policies should be used to protect “data at rest.”

The number of databases (and security features) that must be broached to get to PII is an important consideration in protecting PII from unauthorized access.

For contactless RFID-enabled access control, unauthorized access to a facility might be gained. For higher security areas, a secondary form of authorization?a PIN or biometric check?should be employed.

RFID-enabled identification cards should be designed to prevent unauthorized reading through authentication, range limitation, or other means (which could include an RF-blocking sleeve).

RFID is actually a family of similar technologies and systems that range from the very basic to extremely sophisticated. Each member of the RFID family has a different set of capabilities and limitations. It is important to understand these differences in order to understand how RFID can be, and is being, used to benefit the public as well as to understand the types of security that needs to be put in place for each of these uses.

Primarily, the differences among RFID systems can be defined by the type of RFID tag (the data carrier). True RFID tags do not contain an onboard microprocessor (intelligence). “Smart cards,” which is a different type of RFID technology, do have intelligence.

Types of RFID Memory:
Read-only tags are pre-programmed with a unique, unchangeable code that is, by itself, meaningless. This code is designed to be read by suitably programmed readers. These tags are intended for applications where the code serves only as a pointer to a secure database.

Read/write tags are designed to have their data changed or added within the supply chain. This may be because tags are reused within a facility or because they are updated with information to be used by trading partners further down the supply chain. Current generations of these tags can be “locked” to prevent unauthorized revision or addition of data.

Types of RFID Tags:
Passive tags rely on the energy provided by the reader to power their response. Passive tags today have effective ranges from a few centimeters to seven meters under optimal conditions. In actual use, ranges tend to be shorter than those claimed for “optimal” conditions.

Battery-assisted passive tags contain batteries to provide power memory or sensors. Battery-assisted, sensor-enabled tags record a history of conditions such as temperature, humidity, or other conditions that would affect the quality or safety of the product.

Active tags contain batteries to boost signal strength to enable greater range?upwards of 100 meters. Batteries may also power GPS, satellite or cell phone connections, sensors, or a host of other features. Active tags may also be programmed to broadcast on a fixed schedule.

Contactless Smart Cards: Currently, these are passive devices that differ from standard passive RFID tags primarily in the presence of a microprocessor that allow for encryption and enhanced security.

Common Sense and RFID:
RFID technology is a term that covers a wide range of evolving technologies, capabilities and applications. Developing responsible security procedures for RFID cannot, therefore, be addressed by a simple, one-size-fits-all approach.

Intelligent application of RFID technology is the first step in ensuring security and privacy.

Many existing state and federal laws already address illegal harvesting of PII from the Internet, credit card transactions, phone calls, and other existing technologies. AIM Global believes that extending existing laws to cover illegal harvesting of data from RFID tags would be a reasonable approach.

RFID-specific legislation would be inflexible because it could not rapidly respond to changing conditions in either the technology or its uses, depriving people of many of the direct benefits of RFID.

The development of rigorous, accepted best practices will provide the industry the flexibility to develop and continually improve security measures to meet these changing conditions.

AIM Global’s member companies contribute industry experts to national and international standards bodies to provide guidelines for RFID use and to ensure compliance with standards developed by ISO and other standards organizations).

AIM Global, its member companies, and other responsible organizations are vigilantly and constantly working to develop best practices to develop new levels of consumer benefits while ensuring system security and personal privacy.

We encourage anyone interested in these issues, including legislative policy makers and public opinion influencers such as, journalists and market analysts, to contact AIM Global to learn more about the variety of RFID systems, proper applications of the technology, and best practice recommendations. Its diverse membership of experts make AIM Global a worldwide resource and authority on RFID and other related Automatic Identification and Mobility technology issues.

AIM’s Proactive Approach:
AIM understands and appreciates consumers’ privacy rights. As the global authority and resource for the entire Automatic Identification and Mobility industry, which includes RFID, AIM Global is actively engaging the entire industry to develop tools and best practices to ensure that these concerns are properly addressed.

In 2004, AIM Global was the first organization to develop an internationally recognized symbol to unambiguously identify the presence and type of RFID tag in a label or item. AIM recommends the use of a universally recognized symbol, either the one developed by AIM or by EPCglobal, on all RFID-tagged products, supporting a consumer’s right to know if a tag is attached.

In October, 2005, AIM Global published its privacy and security policy that supports consumers’ privacy and security rights.

AIM is currently working on a more comprehensive list of recommendations and best practices on security and privacy.

Source: AIM Global/Dan Mullen

----- Advertisement -----

The Glossary of Terms in Logistics & Shipping is the most comprehensive paper-based dictionary and therefore the standard for defining terms used in the area of Logistics and Shipping. Use this powerful tool to expand your professional vocabulary and ensure that everyone on your team is speaking the same language. www.theKnowledgeTransfer.com

paperback student version $ 19,99 hardcover executive version $ 29,99

| Permanent Link | Print This eLog |

(Visited over 19394 times)