Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Access This Premium Content

Options To Access This Article:

What Subscribers Are Saying

  • "Probably the best investment I've ever made."
    Steve Meizlish, President & CEO, MeizCorp Services, Inc.
  • "I have found that RFID Journal provides an objective viewpoint of RFID. It you are looking for a resource that provides insights as to the application and implications of deploying RFID, RFID Journal will meet your needs, It gives you a broad perspective of RFID, beyond the retail supply chain."
    Mike O'Shea, Director of Corporate AutoID/RFID Strategies & Technologies, Kimberly-Clark Corp.
  • "No other source provides the consistent value-added insight that Mark Robert and his staff do. In a world dominated by press release after press release, RFID Journal is developing as the one place to go to make the most sense out of the present and future of RFID in commerce."
    Bob Hurley, Project Leader for RFID, Bayer HealthCare's Consumer Care Division
  • "RFID Journal is the one go-to source for information on the latest in RFID technology."
    Bruce Keim, Director, Hewlett-Packard
  • "RFID Journal is the only source I need to keep up to the minute with the happenings in the RFID world."
    Blair Hawley, VP of Supply Chain, Remington Products Company

Gen2v2 Ensures Tags Are Authentic

Counterfeiters will no longer be able to clone or spoof UHF RFID tags.
By Ken Traub
Feb 19, 2014

GS1 has ratified a new version of the EPC Gen 2 ultrahigh-frequency RFID standard, which includes features that companies in many industries will find useful (see GSI Ratifies EPC Gen2v2 , Adds Security Features, More Memory). The hardware and firmware RFID vendors are developing to support the new Gen2v2 standard will likely incorporate different features designed for specific applications. In this column, we'll examine the software implications for using the new standard to build security and anticounterfeiting applications, previously available only in active or proprietary passive systems.

The Gen 2 protocol is vulnerable to cloning, because a counterfeiter can read the unique Electronic Product Code in an RFID tag and program it into a different tag that is indistinguishable to the reader. The tag manufacturer's tag identifier (TID) can also be cloned.

Gen2v2 solves the cloning issue by providing a secret authentication key that is programmed into the tag. Unlike an EPC or TID, this key cannot be read from the tag. Instead, a reader "challenges" the tag by sending it a random number. The tag encrypts that number using the secret key and sends the response back to the reader. The reader uses the secret key to decrypt the response. If the decrypted response matches the challenge, the tag is genuine. A counterfeiter cannot read the secret key or figure it out by listening in to the conversation between a tag and a reader. Without the key, it's impossible to clone a tag that a reader will authenticate.

To use this feature, companies must consider three new software requirements when procuring or upgrading their RFID applications or middleware. The application that programs the tag must choose a secret key—typically, a random number—and program that along with the EPC and other information. The application reading the tag must instruct the reader to issue a challenge, check the response and signal an error if there is no match. And a new database must manage the keys. The programming application stores the secret key associated with each EPC, and the reading application queries the database to get the key for verification. Obviously, access to this database must be secured.

RFID solution provid­ers say the transportation sector is eyeing the new standard, because it allows operators of electronic highway tolling systems to switch from active tags to less expensive passive tags, with confidence that vehicles have legitimate tags and not unauthorized clones.

Authentication also works in the other direction: The tag can challenge the reader. This approach might be used in an RFID tag subway pass, in which the pass accepts a command only from a kiosk (the reader) to increase the dollar balance if it confirms that the kiosk is legitimate, and not being spoofed by a thief's device.

Ken Traub is the founder of Ken Traub Consulting, a Mass.-based firm providing services to com­panies that rely on advanced software technology to run their businesses. Send your software questions to swsavvy@kentraub.com.

To continue reading this article, please log in or choose a purchase option.

Option 1: Become a Premium Member.

One-year subscription, unlimited access to Premium Content: $189

Gain access to all of our premium content and receive 10% off RFID Reports and RFID Events!

Option 2: Purchase access to this specific article.

This article contains 490 words and 1 page. Purchase Price: $19.99

Upgrade now, and you'll get immediate access to:

  • Case Studies

    Our in-dept case-study articles show you, step by step, how early adopters assessed the business case for an application, piloted it and rolled out the technology.

    Free Sample: How Cognizant Cut Costs by Deploying RFID to Track IT Assets

  • Best Practices

    The best way to avoid pitfalls is to know what best practices early adopters have already established. Our best practices have helped hundreds of companies do just that.

  • How-To Articles

    Don’t waste time trying to figure out how to RFID-enable a forklift, or deciding whether to use fixed or mobile readers. Our how-to articles provide practical advice and reliable answers to many implementation questions.

  • Features

    These informative articles focus on adoption issues, standards and other important trends in the RFID industry.

    Free Sample: Europe Is Rolling Out RFID

  • Magazine Articles

    All RFID Journal Premium Subscribers receive our bimonthly RFID Journal print magazine at no extra cost, and also have access to the complete online archive of magazine articles from past years.

Become a member today!

RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations