Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Adasa Plans Launch of Encryption System for EPC Tags

The company hopes its proprietary solution will gain acceptance as a way to secure tag data, as well as authenticate tags and the products to which they are attached.
By Claire Swedberg
Dec 08, 2010Adasa, a Eugene, Ore., provider of mobile EPC Gen 2 RFID tag encoders designed to facilitate in-process RFID tagging in remote or non-centralized locations, is preparing to commercially launch an encryption solution that it says can be used for existing EPC Gen 2 RFID inlays.

The U.S. Patent and Trademark Office recently granted Adasa a patent for its EPC tag-encryption solution, which the company hopes to make commercially available by January 2011. The commercial product is intended to combat both privacy concerns and counterfeiting, the firm reports, by ensuring that a tag can not be read or killed by an unauthorized interrogator, nor cloned by a counterfeiter.

Clarke McAllister, ADASA's president and founder
The system enables users to encode each RFID inlay with access and kill passwords, encrypted and hidden within the publicly readable EPC tag data, using a periodically changing encryption key. Downstream in the supply chain, in order to authenticate, kill or alter the inlays' password, or to read an EPC number or other data encoded to those inlays, the users would query an encryption module—a device the size of hockey puck, embedded or plugged into an EPC reader.

A tag's encryption key is used to generate a password necessary either to read the data encoded to that tag, or to kill that tag. To prevent unauthorized individuals from identifying the password and using it to access information on RFID tags, the encryption keys are designed to be changed by the encryption module at periodic intervals. Therefore, says Clarke McAllister, Adasa's president and founder, users of the company's inlay-encryption system can provide security and anticounterfeiting protection to their customers—such as brand owners and retailers—by ensuring that the tags can not be read or altered by clandestine readers, as well as proof that a product and its RFID inlay has not been counterfeited. The inlays could be utilized by retailers and brand owners, as well as by government customs and border patrol, to protect personal data encoded to tags embedded in identity documents.

Typically, EPC tag users either do not implement the password-protection function to deny access to data for those lacking the proper password, or have passwords that are encrypted on the tag and must be verified at the time of an RFID read—in some cases, with information on a remote server, which would require accessing the Internet. However, McAllister says, there are potential security risks inherent to the Internet, since data can be captured or diverted by individuals. "EPC chips work fine as they are," he states. "The tag has some security [assuming its built-in password feature is activated], but it can be cracked with brute force (such as by using a computer to search for passwords until the correct one is randomly produced), or by eavesdropping on transmissions." In that case, he says, an individual could use the Internet to capture transmission data. Internet transmission can be encrypted as well, he notes, and there are many commercial solutions for this, but "we adopted our techniques from former NSA [National Security Agency] cryptographers that design and audit bank-security systems," that he says make Internet connection with the encryption module safer than most commercial encryption solutions.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations