By Joseph Pearson
Elliptic Curve Cryptography (ECC) RFID Security
A standardized cryptography method is a vital part of the TDSI for both tag-data encryption/decryption and authentication. Meeting these goals is a new public-key cryptography standard: the
Institute of Electrical and Electronic Engineers' (IEEE) Standard 1363a Elliptic Curve Cryptographic (ECC) algorithm. The
National Security Agency (NSA) has selected ECC as critical technology for protecting mission-critical national security information. For RFID applications, ECC enables very fast signature creation, ensuring no incremental delays in production-line operation. The IEEE Standard 1363a ECC algorithm provides the equivalent level of security as 1,024-bit RSA encryption, but uses 75 percent less tag
memory for a
digital signature. What's more, ECC's efficiency provides a high level of security to supply chain RFID tags without increasing computing power, complexity or cost.
The Path to a Tag Data Security Infrastructure
The TDSI is designed for flexible and secure item-level tagging deployment throughout the supply chain. For it to become a reality, pharmaceutical manufacturers, distributors and retailers must agree on the rules, specifications and methods of deployment.
From a technical perspective, the working groups in the process of defining the EPC item-tagging specification for
high-frequency (HF) and ultrahigh-frequency (
UHF) could consider adopting the IEEE Standard 1363a ECC algorithm. To make the hardware infrastructure available to the industry, reader manufacturers and other RFID solution providers would incorporate the IEEE 1363a ECC standard into their devices as part of their product offerings.
In parallel with the introduction of the
Gen 2 specification, EPCglobal established a certification procedure to address both compliance and
interoperability. The organization's role in establishing an item-level specification could extend to the selection of a certifying authority for the public-key cryptographic infrastructure, whose role it will be to issue certificates to authorized supply chain participants and manage the allocation of private and public keys.
Although outside the scope of the TDSI, additional security measures can be considered in the item-tagging standard, such as a password-protected
read-write command and a password-protected kill command that would completely deactivate the tag.
A TDSI can be the security foundation for item-level tagging that provides both on- and off-network capabilities to address the requirements across the pharmaceutical supply chain. It incorporates a sophisticated level of security in the supply chain, while creating a more flexible approach and a range of options for implementation.
This approach to item-level tagging for the pharmaceutical industry in a secure, yet open supply chain is applicable to a range of high-value branded goods from cosmetics and apparel to sports collectables, antiques and art. In all of these applications, consumer protection from a secure RFID system not only comes in the form of product safety, but in raising consumers' confidence that they are getting genuine goods.
Joseph Pearson is the pharmaceutical business development manager at Texas Instruments.
THE WORLD'S RFID AUTHORITY
PREMIUM = Requires Subscription. Learn More
