GS1 has ratified a new version of the EPC Gen 2 ultrahigh-frequency RFID standard, which includes features that companies in many industries will find useful (see GSI Ratifies EPC Gen2v2 , Adds Security Features, More Memory). The hardware and firmware RFID vendors are developing to support the new Gen2v2 standard will likely incorporate different features designed for specific applications. In this column, we'll examine the software implications for using the new standard to build security and anticounterfeiting applications, previously available only in active or proprietary passive systems.
The Gen 2 protocol is vulnerable to cloning, because a counterfeiter can read the unique Electronic Product Code in an RFID tag and program it into a different tag that is indistinguishable to the reader. The tag manufacturer's tag identifier (TID) can also be cloned.
To use this feature, companies must consider three new software requirements when procuring or upgrading their RFID applications or middleware. The application that programs the tag must choose a secret key—typically, a random number—and program that along with the EPC and other information. The application reading the tag must instruct the reader to issue a challenge, check the response and signal an error if there is no match. And a new database must manage the keys. The programming application stores the secret key associated with each EPC, and the reading application queries the database to get the key for verification. Obviously, access to this database must be secured.
RFID solution providers say the transportation sector is eyeing the new standard, because it allows operators of electronic highway tolling systems to switch from active tags to less expensive passive tags, with confidence that vehicles have legitimate tags and not unauthorized clones.
Authentication also works in the other direction: The tag can challenge the reader. This approach might be used in an RFID tag subway pass, in which the pass accepts a command only from a kiosk (the reader) to increase the dollar balance if it confirms that the kiosk is legitimate, and not being spoofed by a thief's device.
Ken Traub is the founder of Ken Traub Consulting, a Mass.-based firm providing services to companies that rely on advanced software technology to run their businesses. Send your software questions to email@example.com.
One-year subscription, unlimited access to Premium Content: $189
Gain access to all of our premium content and receive 10% off RFID Reports and RFID Events!
Become A Premium Member
This article contains 490 words and 1 page. Purchase Price: $19.99
Purchase Article Access!
Our in-dept case-study articles show you, step by step, how early adopters assessed the business case for an application, piloted it and rolled out the technology.
Free Sample: How Cognizant Cut Costs by Deploying RFID to Track IT Assets
The best way to avoid pitfalls is to know what best practices early adopters have already established. Our best practices have helped hundreds of companies do just that.
Don’t waste time trying to figure out how to RFID-enable a forklift, or deciding whether to use fixed or mobile readers. Our how-to articles provide practical advice and reliable answers to many implementation questions.
These informative articles focus on adoption issues, standards and other important trends in the RFID industry.
Free Sample: Europe Is Rolling Out RFID
All RFID Journal Premium Subscribers receive our bimonthly RFID Journal print magazine at no extra cost, and also have access to the complete online archive of magazine articles from past years.
Become a member today!