Key Fob Secures RFID Data with Fingerprints

The $2.5 billion fabless semiconductor giant Broadcom has released a computer chip that integrates RFID capabilities with enhanced security capabilities. The first commercial product that leverages the technology will allow for applications where sensitive data is transmitted via RFID only once the user has "unlocked" it with a fingerprint.
Published: July 6, 2006

This article was originally published by RFID Update.

July 6, 2006—The $2.5 billion fabless semiconductor giant Broadcom has released a computer chip that integrates RFID capabilities with enhanced security capabilities. The first commercial product that leverages the technology will allow for applications where sensitive data is transmitted via RFID only once the user has “unlocked” it with a fingerprint.

Broadcom identified a need to further secure the personal authentication information that is transmitted wirelessly using RFID in applications like physical access and contactless payment. While security and encryption are already a key feature of such applications, the company asserts that significant vulnerabilities persist. As part of its Trusted Authentication Initiative, Broadcom developed the BCM5890, which it calls the world’s first secure processor with integrated RFID capabilities. “IDC sees biometrics and RFID becoming significant technologies in the personal authentication space, yet there are still concerns surrounding vulnerability issues,” said Sally Hudson, research manager of security products and services for research firm IDC. “Broadcom’s BCM5890 is designed to address these problems.”

A number of personal authentication and security products that incorporate the BCM5890 will soon be available on the market, according to Broadcom. The first, called plusID, is from biometrics security firm Privaris, with which Broadcom worked to develop the BCM5890 architecture. The plusID device is a fob that transmits its stored data by radio frequency only when an approved finger touches the fingerprint sensor. This allows for the user to be in full control of when the fob data can be read, hindering would-be snoopers from surreptitiously “skimming” it from a distance. Another key feature is that the approved fingerprint information is stored on the fob, so the authentication is all done “on-board”; the system does not need to transmit the scanned fingerprint to a remote database for verification. This cuts down on processing time and prevents the necessity for a remote database of sensitive biometric data that could also be targeted by hackers.

The plusID is small enough to fit on a key chain, like the fobs popularized by Exxon Mobil’s Speedpass. The authentication is very quick at one second or less, and is energy efficient; the fob can reach approximately 1,000 uses before its battery needs recharging. It works at both low frequency (125 KHz) and high frequency (13.56 MHz) RFID. In addition to RFID, the plusID can transmit via Bluetooth and USB, which could be useful in granting access to secured computers or even websites.

The concept of fingerprint-protected RFID is an intriguing one indeed and, depending on its adoption rate, should serve to further accelerate the ever-increasing popularity of contactless payments. While additional security is attractive to consumers, a well-designed fingerprint fob could gain bonus popularity for its gee-whiz factor. Wide-scale consumer adoption may be a ways off, however. Broadcom’s BCM5890 chip alone costs $15.00 in quantities over 10,000. The plusID will begin shipping in August, with full production in October.