Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Certicom and TI Announce Data Security for HF Tags

A system developed by the two companies uses public-key elliptic-curve cryptography (ECC) to encrypt a drug's National Drug Code (NDC). Supply-chain partners can read the encrypted tags to authenticate that the goods are genuine.
By Mary Catherine O'Connor
Certicom's authentication platform cannot be used on existing UHF EPC Gen 2 tags, because Gen 2 chips do not currently offer enough user memory to store the 352 bits required for the 96-bit EPC and 256-bit digital signature. Tony Walters—Certicom's director of business development—says Certicom and TI are actively working with the EPCglobal working group that is currently developing a Gen 2 standard for an item-level tag. Their goal is to persuade the organization to ensure that the item-level Gen 2 standard holds enough user memory to facilitate the Certicom authentication scheme.

Pearson says TI's ISO 15693-compliant HF chips come with different memory sizes, but all offer enough to accommodate the EPC and digital signature—some as much as 2,000 bits of memory.

Pharmaceutical companies are starting to use RFID to track and trace their products at the item level. Some, such as Pfizer, are using HF tags at the item level (and UHF tags for cases and pallets), while others utilize UHF at the item level.

Pearson says the Certicom approach will work for companies falling on either side of another dichotomy among pharmaceutical companies using RFID: whether to encode a drug's NDC directly to the tag, or to encode a pointer on the EPC referring to the NDC in a separate database. Some retailers want the NDC encoded to the tag so they can identify the product without having to link to a separate network to access the code, he says, thus saving time and money. Others worry that putting drug codes on tags might make consumers susceptible to a loss of privacy if a tag were to be read by an unauthorized third party who then identified the drug by looking up its code in the National Drug Code Directory.

Since the Certicom software runs directly on the supply-chain partner's reader, it could be used off-network if the encrypted NDC were encoded directly to the tag. In either case, it would encrypt the NDC to protect consumer privacy more securely. TI and Certicom are demonstrating the solution this week at the RFID Healthcare Industry Adoption Summit in Washington, D.C. The conference ends Wednesday, Nov. 15.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations