The New Killer App

By Kevin Ashton

RFID has the potential to give physical objects security levels that today are available only to electronic information.


I always thought the best thing about RFID was how autonomous it is. No scanning, swiping or typing; just pass a tagged object near a reader and data is captured with no need for human help.

Now I’m not so sure. There may be another aspect of RFID that is equally compelling: security. Not security in the sense of making sure RFID data is protected, but security as an application of RFID—as a reason to use it in the first place.

The pharmaceutical industry has wrestled for decades with security problems. Counterfeit drugs can be indistinguishable from real ones, except they may kill patients instead of curing them. RFID looks like it may be the solution. One reason is RFID’s autonomy: Tagged packages of drugs can be tracked automatically as they move through the supply chain from manufacturer to pharmacy, making it harder to pass off fakes as originals. But there’s something else, too. Those RFID tags mean medicine can come with digital security.

Security technology relies on an exchange of secrets. From passwords and PINs to keys in locks, security systems depend on the exchange of restricted information. Modern digital security takes this to a new level. For example, a four-number padlock will be opened by one of 10,000 possible combinations. A 32-bit digital password, on the other hand, has more than four billion possibilities. That degree of protection isn’t practical in a mechanical device like a padlock, but it’s fairly straightforward in a computer system.

And RFID tags are computers, albeit very simple ones. Add an RFID tag to something that needs security—say, a package of high-priced cancer medicine—and it could provide digital security to determine that it is genuine, even if there is no track-and-trace information available because it wasn’t captured, it’s confidential or the network is offline.

Another concept in digital security is non-repudiation: the ability to provide irrevocable proof that a transaction has taken place. Imagine using RFID to prove beyond any doubt that something was shipped or received.

Proof of delivery is one application; proof of ownership may be another. Today it is almost impossible to prove that stolen goods are stolen. Embedding an RFID tag with digital security into property—say, antiques or paintings or even razor blades—would be a great way to prove ownership or purchase, and therefore theft as well. The possibilities are endless.

These capabilities don’t exist in low-cost RFID tags today. But they could and soon, providing a host of benefits that have little to do with supply-chain efficiencies or automatic data capture. All that needs to happen is some good research into cost-effective, RFID-appropriate security technologies. That research is already happening at leading universities as well as in industry, inspired in part by the knowledge that security features can command premium prices. In the next few years, the best of this work will be commercially available. And then, security—currently RFID’s Achilles’ heel—could become its killer app.

Kevin Ashton was cofounder and executive director of the Auto-ID Center. He is the author of a soon-to-be published book about RFID. Illustration by Stephen Barnwell.