RFID, Privacy and Corporate Data
Open standards for RFID systems hold great promise, but how do you prevent competitors from scanning sensitive data off of your RFID tags, or eavesdropping on communications between your tags and readers?
June 2, 2003 -- Corporate espionage is not a topic that gets a lot of coverage in the media because it's something no victim likes to talk about. Yet, it happens all the time. Companies want to know what their competitors are doing. Most do their snooping well within the confines of the law, but some resort to hiring "investigators" to sort through garbage, pay off employees, even steal laptops.
Radio frequency identification offers tremendous potential to cut waste and boost efficiency across supply chains, once standards are adopted. But open standards also raise the specter of competitors being able to read data off of your tags. In last week's feature, Creating an RFID Privacy Plan, we looked at the issues that need to be considered when developing strategies for protecting consumer privacy while maintaining the benefits of RFID tagging. This week, we look at the issues surrounding the need to secure corporate data and the integrity of products.
There are three primary issues surrounding RFID and the need to protect proprietary information: protecting data stored on the tag, protecting the integrity of the tag (and thus thee product), and securing data related to the serial number on a tag, which may be stored in a network database. None of these issues are impossible to overcome, but they require companies to make some tradeoffs, and the only way to make the right decisions is to understand the options available.
In many cases, companies may not need or want to secure RFID data. Information stored in tags on reusable plastic containers that stay within a company's own four walls probably doesn’t need to be secured. And in most cases, you don't need to protect data related to the manufacturer and stocking keeping unit. But what if you are tracking components for military aircraft? Or you're putting tags carrying an electronic manifest on containers being shipped to a customer? It's even possible that someone sitting in a car could point a device at your dock doors and pick up serial numbers from your readers.
When it comes to protecting data on the tags, there are two issues to be concerned about. The first is preventing someone from reading the tag, and the second is preventing someone from eavesdropping on the communication between the tags and readers. RFID committees working on standards under the aegis of the International Organization for Standardization have addressed both issues.
|
Radio frequency identification offers tremendous potential to cut waste and boost efficiency across supply chains, once standards are adopted. But open standards also raise the specter of competitors being able to read data off of your tags. In last week's feature, Creating an RFID Privacy Plan, we looked at the issues that need to be considered when developing strategies for protecting consumer privacy while maintaining the benefits of RFID tagging. This week, we look at the issues surrounding the need to secure corporate data and the integrity of products.
There are three primary issues surrounding RFID and the need to protect proprietary information: protecting data stored on the tag, protecting the integrity of the tag (and thus thee product), and securing data related to the serial number on a tag, which may be stored in a network database. None of these issues are impossible to overcome, but they require companies to make some tradeoffs, and the only way to make the right decisions is to understand the options available.
In many cases, companies may not need or want to secure RFID data. Information stored in tags on reusable plastic containers that stay within a company's own four walls probably doesn’t need to be secured. And in most cases, you don't need to protect data related to the manufacturer and stocking keeping unit. But what if you are tracking components for military aircraft? Or you're putting tags carrying an electronic manifest on containers being shipped to a customer? It's even possible that someone sitting in a car could point a device at your dock doors and pick up serial numbers from your readers.
When it comes to protecting data on the tags, there are two issues to be concerned about. The first is preventing someone from reading the tag, and the second is preventing someone from eavesdropping on the communication between the tags and readers. RFID committees working on standards under the aegis of the International Organization for Standardization have addressed both issues.
To continue reading this article, please log in or choose a purchase option.
Option 1: Become a Premium Member.
| One-year subscription, unlimited access to Premium Content: $189 |
Option 2: Purchase this article.
| Pages: 4 | Word Count: 2,515 | Purchase Price: $19.99 |
