Near Field Communication (NFC) technology, which enables people with NFC-based smartphones to access data via the touch of their phone against a tag, comes with a few drawbacks. For instance, it often requires that an individual download an application, which some consumers may be reluctant to do. In other situations, the tag data can prompt the phone to go directly to a URL, without requiring the user to download an app. However, this process can lack security. What’s more, if someone (such as a consumer) shares that URL with others, for example, the entire purpose of the NFC-enabled campaign—targeting specific shoppers—can be undermined.
To enable secure access only to data, via an NFC read, and without requiring the downloading of an app, HID Global released an NFC high-frequency (HF) passive RFID tag, known as the HID Trusted Tag, that operates with the company’s Trusted Tag Services—the back-end software and server that authenticates each tag read before sharing data with an individual’s phone or other NFC reading device. The tag’s internal software, designed by HID, prompts it to generate a unique URL, as well as a series of trusted additional digits, thereby making every URL unique. The tag then changes that URL the next time it is read, thus serving as a one-time password (OTP). The URL can never be used more than once, making it impossible for someone to share a URL with others who may be located elsewhere.
The new tag is being piloted in two markets: by marketing firms for use in smart posters, and as electronic visitor verification for health-care workers going about their rounds with patients. In both cases, explains Mark Robinton, the company’s manager of technology innovation and strategic innovation, users tap their phones against tags, which provide a connection that cannot be duplicated by others.
Only HID Global’s Trusted Tag, with its own chip and firmware, can operate with the Trusted Tag Services. Therefore, other off-the-shelf HF RFID tags would not work with this system. The tag’s internal software employs HID’s Seos technology, which has the ability to generate a one-time password that amounts to a specific version of a URL that will not be used more than once for that tag. That URL must then be verified during each read, by the Trusted Tag Services software running on HID Global’s cloud-based server, before it transmits data to an NFC reading device.
The tag can be used in multiple ways, Robinton says. In the case of the retail market, it can be embedded in a smart poster to link consumers to specific data, such as free gifts. For example, he explains, the tag could send an NFC phone directly to a website where the user could receive a coupon for a free candy bar. That promotion could be specific to a store in which that poster is located. The store would not want to require consumers to download an app to access that promotion, since most consumers would choose not to bother.
On the other hand, if the system simply directed the phone to a URL, the individual could share that URL with friends not in the store, who could then access the candy bar coupon, without entering the store for which the promotion is intended. In the case of the Trusted Tag and Trusted Tag Services, a user taps his or her phone against the tag, which generates a base URL, as well as a short series of trusted additional digits, making that URL unique. The phone then opens that URL and receives the promotion data automatically.
For electronic visitor verification, the system could be used in two ways. If a company sends employees to provide home health-care visits, an NFC Trusted Tag could be mounted at each location where patients are visited, or it could be embedded in a wristband worn by the patient. Workers would carry NFC phones, but as with the consumer use case, they would not have to download an app. Each time employees visited a new patient, they would tap their phones against the tag once, and then do so again upon leaving. This would bring them to a slightly different URL each time, thereby creating a single, secure record.
The value of security in the home health-care market is the assurance that, because the tag uses HID’s Trusted Tag technology, it could not be cloned and the counterfeit version of the RFID inlay then read to fraudulently claim a visit was made. The tag must run the HID Global Trusted Tag Services software in order to provide the secure functionality.
In 2013, HID Global released its Trusted Tag Services Software Developer Tool Kit (see HID Global Offers Security for NFC), intended to enable businesses to create their own apps for use with NFC technology, using HID’s cloud-based service to verify a tag before it is directed to a website or data. That development kit is still being sold to users for that purpose. According to Robinton, several companies also approached HID Global at the time that the kit was released, indicating they wanted a secure NFC solution that would not require an app. Many consumers, these firms claimed, did not want more apps running on their phones. As a result, HID Global began developing the Trusted Tag to enable the same security functionality without the use of an application.
One home health-care company is presently piloting the technology, Robinton reports, while multiple businesses are testing the tag in the advertising market on smart posters. The pilots are ongoing, he says, and will continue for approximately a month. He declines, however, to provide specific details regarding the pilots or the companies conducting them.
Tag price will vary according to the form factor, Robinton notes, though the tags will be priced equivalently to the cost of a standard NFC HF passive RFID tag, he says. The cost of subscription to the service will vary according to how it is used.
At next week’s RFID Journal LIVE! 2014 conference and exhibition, HID will demonstrate its Trusted Tag, which is a finalist for the Best in Show category at this year’s RFID Journal Awards.