Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Protecting EPC Tags

In the short term, companies could use a transponder ID written to every microchip to ensure the authenticity of an EPC tag.
By Florian Michahelles and Mikko Lehtonen
Sep 22, 2008Companies are looking to use Electronic Product Code (EPC) tags to reduce counterfeit goods in the supply chain, but the tags themselves can be counterfeited. One cost-effective solution is to use the transponder ID (TID) number, which identifies the chip type and any custom commands and optional features it supports, to authenticate the tag.


Florian Michahelles
The TID is a read-only number written to the tag's microchip by the chip manufacturer. It's not a unique identification number, and it wasn't designed as a security feature. But we've been studying TIDs at the ETH Zurich Auto-ID Lab and believe that when they're appended with unique serial numbers, they can be used as an inexpensive anti-counterfeiting measure—at least in the short term.

Anyone who's close enough to a tagged product can read the EPC number written on the tag and write the number to another tag. Counterfeiters could easily buy blank ultrahigh-frequency tags based on the EPC protocol, even in small quantities, and write a bogus EPC to the tag. Then they could put that tag on a counterfeit article to fool supply-chain partners, customs or even consumers into thinking the product was genuine. So an EPC number alone doesn't prevent counterfeiting.

The TID number can be read from tags just as easily as the EPC number, but because chip manufacturers protect this part of the chip's memory from changes, these numbers can't be rewritten—at least, not without a significant investment in special equipment to modify the chip's physical structure. As a result, if the genuine tag has a unique serialized TID number, a counterfeiter could copy the EPC number to another tag, but not the TID number.


Mikko Lehtonen
As a service to their customers, tag manufacturers could easily add unique serial numbers to the TIDs. But the reason we say this is a short-term solution is that the security of the TID scheme has some limitations. Counterfeiters could use standard components to build a small transmitter that emits an EPC and TID taken from a legitimate tag and put the device on a pallet of counterfeit goods; an RFID interrogator would be unable to detect that it wasn't a legitimate tag. Such a transmitter would cost a lot to build, but it could make sense on a pallet of expensive items.

A bigger threat against the TID scheme is that a chip vendor could start selling chips with writable TIDs. But until that happens, companies using EPC tags in their supply chains can employ TIDs with unique serial numbers as proof of authenticity of their products.

Florian Michahelles is deputy director of information management at ETH Zurich and associate director of the St. Gallen/ETH Zurich Auto-ID Lab. Mikko Lehtonen is a senior researcher at the lab and a doctoral student of information management at ETH Zurich.
  • Previous Page
  • 1
  • Next Page

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

PREMIUM CONTENT
Case Studies Features Best Practices How-Tos
RFID JOURNAL EVENTS
Live Events Virtual Events Webinars
ASK THE EXPERTS
Simply enter a question for our experts.
TAKE THE POLL
JOIN THE CONVERSATION ON TWITTER
Loading
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations
© Copyright 2002-2016 RFID Journal LLC.
Powered By: Haycco