NXP Releases IC for Secure Encrypted UHF Reads

The company's Ucode DNA chip, which can be read via most standard UHF readers, transmits a dynamic, encrypted password that prevents a tag from being read without authorization, as well as precludes it from being cloned.
Published: April 27, 2015

Global semiconductor company NXP has released its Ucode DNA integrated circuit—a passive EPC Gen 2 UHF RFID chip that the company says is the first to provide cryptographic authentication. By using a dynamic password that changes with each read event, and requiring verification of each password from a server, the Ucode DNA is aimed at preventing eavesdropping and tag cloning.

Each tag made with the Ucode DNA chip is secured with a unique and tag-specific crypto key, and can operate in a mode in which tag response changes every time it receives a new read request from an RFID reader. These security features allow end users to adopt passive EPC Gen 2 UHF tags for applications where previously such tags might not have been secure enough, explains Ralf Kodritsch, NXP’s RFID segment manager. The Ucode DNA IC, which comes with 3 kilobits of memory, is intended for purposes such as electronic road tolling, vehicle registration, access control, asset tracking and brand protection, as well as parking and vehicular license-plate authentication.

Ralf Kodritsch

The new IC is designed in accordance with the GS1 UHF RFID Gen2v2 standard, and the cryptographic authentication it uses is designed in accordance with ISO/IEC 29167-10 for proof of origin based on AES (Advanced Encryption Standard). Each time the tag made with the Ucode DNA chip is read, it generates a new AES calculation based on its unique crypto key, which the reader receives and then needs to verify via either online (by accessing some cloud-based service) or offline mode (by using its own firmware to verify crypto key).

The new IC supports the encoding of two 128-bit keys onto the chip. If the tag cannot demonstrate to the reader that it has been encoded with its assigned crypto keys, the system will be alerted that the tag is a clone.

When the IC is used in privacy mode, the tag ID can be obtained only based on AES decryption. In this case, the tag will always respond with a randomized response (each time different in every RF transaction), which the reader must decrypt in order to receive the tag ID and to get access to the rest of the tag’s user memory.

Because the tag responses are encrypted and always changing, eavesdropping of tag reads is impossible. Thus the tag prevents someone from creating cloned tags for attaching to counterfeit consumer products.

NXP announced the Ucode DNA at RFID Journal LIVE! earlier this month, and received subsequent interest from parties interested in tracking vehicles and high-value items and managing documents such as passports.

Historically, Kodritsch says, passive 13.56 MHz tags have been typically used for scenarios where security is essential such as with passports, banking cards or transportation tickets. That’s because HF RFID tags are very secure because of their short read distance, he explains. For that reason, the HF tags are read only when placed directly in front of the reader, and eavesdropping with another reader would be practically impossible.

Passive UHF tags don’t offer that same security, by virtue of having a long read range that can extend 40 feet or more. Vendors of passive UHF tags have developed some security measures, including encryption and passwords, however it could still be possible to clone tags with their encrypted data or static passwords, and those wishing to eavesdrop could still find ways around any existing security measures, explains Kodritsch.

Tags made with the Ucode DNA chip, however, are not vulnerable to eavesdropping, or cloning, he says, since the dynamic password makes it impossible to read, or copy a tag’s ID without authorization.

To use the Ucode DNA, companies would need to purchase tags with the IC built into them, as well as a piece of NXP hardware that connects to their server that stores each tag’s encryption keys and password. Most off-the-shelf UHF readers can be used with the new tag IC’s, assuming they are compliant with the EPC Gen 2v2 standard. If users prefer, they can opt to purchase a service from NXP known as Trust Provisioning, that consists of the encryption keys and password data stored on NXP’s server that the user could access with each read as a Software as a Service (SaaS) solution.

Kodritsch says that all the major tag manufacturers are developing tags made with the Ucode DNA chip, and he expects such tags to be commercially available by the third quarter of this year

Multiple end users are testing the system, Kodritsch says, although he declines to name them or indicate specifically how they were being used in those pilots. A few use cases, however, center on vehicle tracking. For instance, government motor vehicle agencies could attach a DNA-based tag on a vehicle windshield at the time of registration, and a DNA tag integrated in each of the car’s two metal license plates (front and rear). The unique ID encoded to the three tags could be linked in a server, together with details about the vehicle and its owner. The tags could be read on roadways or at tolling stations to ensure the proper license plates are attached to the vehicle. The tags could also be used for toll collection if they are read by the toll-collecting agency. The tags embedded in the license plates can be typically read at a distance of up to 45 feet at up to 100 miles per hour. The windshield tag can be read at the same speeds at up to 30 feet distance. Several countries are interested in using the technology for either toll collection or vehicle and license identification, says Kodritsch.

There are other uses as well, related to authentication of high-value products or brands. The tag could be read securely not just by a product manufacturer or a store manager, but also at a distance for inventory tracking.

“We’ve found that document tracking is also of interest,” Kodritsch says. For instance, with the UHF RFID’s long read range, border-crossing officials could read DNA-based tags built into passports at a distance without creating any risk of eavesdropping by others. At sports events stadium staff could read DNA-based tags embedded in attendees’ tickets to better manage crowd control by understanding how many people are in any given area.

The Ucode DNA will be more expensive than a standard UHF IC, Kodritsch says, because of the additional functionality, though NXP has yet to announce pricing. The company intends to begin shipping the ICs in large numbers by the end of Q2 (around the end of June).

“It’s a completely new area we’re opening up,” says Kodritsch, referring to high-security RFID applications that were previously dominated by the HF RFID sector. “That’s why we’re so excited about this product.”