by Adi Tedjasaputra

Open-loop RFID applications are still the most challenging RFID applications in different areas of retail supply chain. With the ultimate goal of achieving complete supply chain visibility, open-loop RFID applications are still facing the challenge of 100 percent read rate requirement beyond pilot projects and trials. In addition, the time to achieve full Return on Investment (ROI) in open-loop RFID applications is typically longer than closed-loop applications. The understanding of closed-loop RFID applications can better prepare end-users and vendors to plan RFID adoption strategy while preparing for successful open-loop RFID applications.

Several months ago, a consortium of GS1 Australia and RMIT claimed the achievement of 100 percent read rate during a two-month RFID pilot in Australia. During the pilot of National EPC Network Demonstrator Project (NDP) Extension, the team tagged each pallet to produce electronic proof of deliveries (ePODs).

Last month, the world's fourth largest retailer - Metro Group announced the completion of operational rollout of RFID technology in its 180 stores and warehouses in Germany. The rollout is the largest RFID project in the European retail sector after claiming 98.5 percent read rate in trials across its distribution centers early this year.

While we hear more good news about the successful pilots and rollouts of open-loop RFID applications, some RFID vendors have already shifted their efforts to cater the demand for RFID technology in closed-loop applications, rather than open-loop RFID applications in retail supply chain sector. The change very much reflects the fact that the current demand for RFID technology in supply chain sector is still very much less than expected. On the other hand, the demand for RFID technology in diverse close-loop applications has grown significantly during the past few years.

What is Closed-loop RFID Applications?

Closed-loop RFID applications is the use of RFID technology by an organisation to achieve specific goals or solve specific problems, usually through process re-engineering. Different from open-loop RFID applications that require tight and also often complex cooperation with different stakeholders in different organisations, closed-loop RFID applications benefit from the possibility to execute RFID technology adoption plans according to a time frame decided solely by an organisation - usually the end-user itself.

On the RFID system level, the infrastructure required by closed-loop RFID applications is often simpler than open-loop RFID applications. There is no issue or less issue of data sharing and ownership among different organisations compared to open-loop RFID applications. The RFID system security requirement is usually less complex than open-loop RFID applications.

The second part will provide some examples of closed-loop RFID applications that can deliver values for different end-users.

The writer is the Founder of RFID Asia - The Prominent RFID Community in Asia.


Send your comments and discuss.

Labels: closed-loop, project, rfid, scm, security, technology

Read more »

 

by Adi Tedjasaputra

Recalling RFID is a two-day public program on RFID and things to come. The seminar, workshops and smart opera were held in Amsterdam, Netherlands on 19-20 October 2007. As the fruit of collaboration between De Balie, the Institute for Network Cultures, Rob van Kranenburg and support from the Dutch Ministry of Economic Affairs and the Mondriaan Foundation, this event brought together distinctive conceptions of RFID and its uses, reconfiguring discourses as dialogue.

Reading the programme of the event, I could imagine how the organizer of the event creatively combined a balanced socio-technical event with an art show. Seminar, workshops and opera were put together as a package beyond any traditional event I have ever known.

After reading two reports on the event: Recalling RFID: Full Report and Reporting from Recalling RFID, I am quite sure that I have just missed a milestone in the RFID history.

The followings are several interesting highlights from the reports.

A research conducted by Rathenau Institute on the public perception of RFID revealed that many in the focus groups studied in the research said that it was only natural for personal information to be collected in a central database used by the government.

When asked if travel data should be linked to a specific person, 72% said this was okay for finding suspects of a crime, 61% went a step further and agreed that witnesses of a crime should be found, and a startling 60% said that public transport should be fully personalized - meaning that the transport companies and the government would always know who was where doing what.

When asked about using biometric data from passports, 55% said the photos could be used for investigations, 65% said the fingerprints could be used for investigation, 52% said it could be used for international data exchange, and 62% said it could be used to identify a person via security camera.

In another session, Timo Arnall further explained that the current discourse about RFID is clouded by metaphors because it does not have a single shape. Every medium has its own voice, and with the right design, different RFID hardware would become different expressions, and such visual language is formed culturally.

The writer is the Founder of RFID Asia - The Prominent RFID Community in Asia.


Send your comments and discuss.

Labels: rfid, security, technology

Read more »

 

by Jack Tay

In Part 1, Jack Tay discussed some of the top 10 trends and technologies impacting supply chain operations. In the second part, he will further explain the rest of the trends spanning production, distribution, retail and remote service, such as 2D Bar Code, RFID, Remote Management and Security.

 

2D Bar Code

There are now auto-focus scan engines that can read linear and 2D bar codes alike from 50 feet away and as close as six inches. Complementary developments in illumination technology enable bar codes to be successfully read in dark environments where they couldn’t be read before. With a scanning infrastructure in place to process all types of codes at multiple distances, companies can start building advanced visibility and traceability features into their legacy production, inventory and distribution operations.

RFID

Hundreds of companies around the world are implementing RFID-based shipping, receiving and inventory visibility applications. A sub-trend behind RFID adoption for inventory, warehouse and distribution operations is the use of vehicle-mounted and other mobile RFID readers to enhance or replace stationary models. Forklift-mounted and handheld readers can cover multiple docks, and be used in warehouse aisles and elsewhere throughout the facility, further reducing the required RFID investment. Plus, they put information directly in the user’s hands, so they can prevent errors, rather than just record them after they occur.

RTLS

Real time location systems (RTLS) allow you to expand your wireless local area network into an asset tracking system. Any device connected to the wireless LAN can be tracked and located. One application is to track forklifts via their vehicle-mounted computer’s radio. The Wireless Location Appliance and supporting software can track the radio’s location in real time to support efficient dynamic storage, routing, monitor dwell time, and gather data for productivity and asset utilization analysis. Many other expensive products and assets can be equipped with an RTLS device for real-time monitoring.

Remote Management

Using wireless LANs to track warehouse and factory assets is an example of how a mainstream IT resource has been adapted to benefit industrial environments. Another example, powerful remote management systems have been developed specifically to configure, monitor and troubleshoot bar code readers and printers, RFID equipment, ruggedized computers and other industrial data collection and communications equipment. Such software is also extremely valuable during rollouts and upgrades, because system administrators can use it to set configurations and install software remotely and across groups of devices, instead of having to handle each device individually.

Security

Stronger security is another mainstream business trend and requirement that is supported in supply chain technology. Mobile computers can be locked down so customer information and other data can’t be accessed if the device is lost or stolen. Rugged wireless computers and data collection equipment also support many of the leading securities used to protect enterprise wireless networks, including 802.11i, 802.1x, WPA, WPA2, LEAP, FIPS-140, RADIUS servers, VPNs and more.

Conclusion

Business needs for security, real-time visibility, and up-to-date information don’t stop at the office door. These needs extend throughout supply chain operations, so reliable information systems must extend just as far. Developments in mobile computing, wireless communication, RFID, bar code and other data collection and communications technologies are helping businesses extend visibility and control over more areas of their operations.

The writer is the Regional Marketing Manager of Intermec Asia Pacific.


Send your comments and discuss.

Labels: business, mobile, rfid, rtls, scm, security, technology, tracking

Read more »

 

by Toni Anwar and Chua Teong Kiat

The digital campus project focuses on the design and implementation of RFID system, which will serve as a guideline for upgrading the Universiti of Sains Malaysia network systems in the future. There are five locations taken into consideration in the RFID design and implementation, which are the library, the health unit (clinic), the entrance/guard house, the hostel, the school and lecture halls.

1. Library

The RFID applications for the library include:
a. Entrance access control - The door will only unlock if it detects correct IDs.
b. Visitors Counter - Automatic counter system to count the number of daily library visitors
c. Anti-theft - Alert system to alarm the librarians if there is any book taken from the library without registration and daily books check-in/out system.
d. Book Location Checking System - Using portable reader, we can set the book's ID we are looking for and set the read coverage to find out the books' location.



Currently USM Engineering Campus library has already had a contactless smart card reader at its counter. When a student library card is pointed near the reader, the reader will get the library ID and transfer it to a host PC to access the database and check loaned book status. At the same time, the profile of the student is also updated.

The benefits from RFID implementation are the followings:
1.Enhance library security
2.Replace the guard's work for checking out book status and counting daily visitors
3.Prevent missing books
4.Find lost books inside library

2. Health Unit (Clinic)

The RFID application for health unit at USM is for medicine monitoring and management. The Auto-ID system will update medicine’s data at an interval of time, to make sure their availability, expiry date and location. It can alert the nurse to process an application form and order a new medicine if there is any shortage of medicine or if the medicine is expired. This system will update the medicine data into database automatically and improve the management system of medicine at health unit. We eliminate the patient tracking application because it is an unnecessary application for health unit in our campus.



Currently, USM Engineering Campus Health Unit has already had a contactless smart card reader at its counter. When a student card is pointed near the reader, the reader will get the student's IC number, transfer the information to host PC, access to student database, then check or update student's clinic record.

The benefit from RFID implementation is improved operations and saving time. Accurate and automatic data capture coupled with intelligent control leads to better security of medicine control.

3. Guard House

The RFID applications for the entrance gate at USM include:
a. Entrance access control - The gate will only unlock if it detects a correct tag ID.
b. Asset/Item tracking and tracing – Anti-theft detects whether an asset or item has an authorization to be brought out of campus. If it is not, several actions, such as guard alert, alarm activation and gate/barrier closing can be performed.
c. Vehicle verification – Unique ID for all students', staff' and visitors' vehicle. If there is any unknown vehicle, the guard can do necessary actions. If any vehicle parks at a forbidden area, the guard can record time, date and location of violation and the owner will get a fine.

Currently, USM Engineering Campus has two formal gates, one main gate and one side gate opened for entrance. There are 2 barriers with contactless smart card readers at the main gate, which function from 10:30 pm until 6:30am. Anyone crossing the barriers needs to confirm ID with a reader. The system replaces manual registration for student or staff at USM with auto-ID data recording to the database.

The benefits from RFID implementation are the followings:
1. Enhance campus security
2. Improve operation and management system for guard
3. Anti-theft, reduce criminal
4. Trace unknown vehicle
5. Fine the vehicle rules breaker effectively

4. School, DU (Main Hall) and DK (Lecture Hall)

At school or lab, we can also implement RFID technology to track and trace assets or equipment for a room or lab, to prevent theft or missing equipment, and improve the registration process.

5. Others
For USM hostel, six engineering schools, DU (Main Hall), and DK (Lecture Hall), RFID application like door lock system and auto attendance record system can be implemented using a contactless smart card system. But it is not a cost-effective application that can benefit much from RFID technology. As a result, we eliminate the RFID application on these locations.

In spite of the current excitement, RFID may not be suitable for everyone. There are some hurdles we need to consider seriously before embarking on a real implementation of RFID network system for digital campus, including:

* Price
* Complexity
* Existing solutions
* Advantages
* Applicability

The current state of RFID technology based on a collection of comments and observations is:
* Confusing
* Lacking of expertise
* Still in learning state

Toni Anwar is the Coordinator for Software Systems Engineering Programme at the Sirindhorn International Thai-German Graduate School of Engineering (TGGS), King Mongkut Institute Technology North Bangkok (KMITNB), Bangkok, Thailand.

Teong-Keat Chua is a Design Verification Engineer at Spansion Penang Design Center, Malaysia.



Send your comments and discuss.

Labels: card, malaysia, project, reader, rfid, security, tag, technology, tracking

Read more »

 

by Jack Tay

It’s easy to name "mobility" and "wireless" as trends, but it's less clear exactly what direction these developments are taking and how they can be used to improve business. However, what do the trends mean in terms of transforming business and maximizing profitability and productivity?

Here are the top 10 trends and technologies impacting supply chain operations spanning production, distribution, retail and remote service.

1. Comprehensive connectivity – from 802.11 wireless LAN technologies, cellular networks, Bluetooth
2. Voice and GPS communication integrated into rugged computers
3. Speech recognition
4. Digital imaging
5. Portable printing
6. 2D & other bar coding advances
7. RFID
8. RTLS
9. Remote management
10. Wireless and device security

You're probably familiar with the technologies listed above, but perhaps not with the latest developments and trends. For example, did you know that practically any application can be easily modified to accept speech input because of the recent development of terminal emulation-based speech recognition technology? Did you know that Bluetooth, 802.11b/g, cellular and GPS communication are all available in a single handheld device? Did you know improved optics allow 2D bar codes on paper to be read at greater distances (over 50 feet) than 1D bar codes on retro-reflective labels?

Connectivity

The various forms of wireless connectivity – Bluetooth for personal area networking, 802.11 wireless local area networking, and cellular wide area wireless networks for voice and data communication – are all highly visible and provide compelling business cases for many specific operations.

Smart phones have strong appeal because they provide convenient voice and data access. However they are extremely limited for delivery, field service and other mobile supply chain operations because the computer screens and interfaces aren’t optimized for enterprise applications, and the devices themselves aren’t rugged enough for everyday use in these environments. For operations with intensive data collection or transaction volume, companies have traditionally used ruggedized handheld computers to gain the reliability and performance they need, but these devices lacked cell phone capability.

Advanced Wireless: Voice & GPS

Now leading cellular carriers have certified rugged handheld computers for voice communication, enabling data collection, data communication and cell phone functionality to be converged into one device. Converging data and voice onto an integrated piece of equipment can cut the number of devices system administrators need to support in half, which provides sustainable operating cost savings. Connectivity convergence continues with the integration of GPS communication into mobile computers. Together with the falling costs of wide area wireless coverage (including GPRS, GSM, CDMA and other technologies) and more generous data plans, computing innovations like these make it affordable and practical for many companies to implement real-time data access systems for their delivery drivers, sales and service staff, inspectors and other personnel.

Speech Recognition

Speech recognition helps productivity by reducing the need for users to look at a computer display. Speech synthesis/recognition capability can now be easily embedded into numerous legacy software packages, including warehouse management, picking and putaway, inventory, inspection, quality control and other applications. This simplified integration has been made possible by the recent development of terminal emulation (TE)-based speech recognition technology, which eliminates the need for a separate speech server and a proprietary interface between the speech system and the application software.

Digital Imaging

Like cellular voice, digital imaging is another technology consumers are familiar with that has now found a place in enterprise mobile computing equipment and applications. Transportation and distribution companies are using digital cameras integrated into the mobile computers so their drivers can capture proof of delivery, store stamped invoices, and detail conditions that prevent delivery. Technicians use the technology for proof of service. Other applications include capturing shelf displays and monitoring trade promotion compliance, collecting competitive information, documentation by inspectors, collecting evidence for accident reports, and recording damage and usage conditions for warranty claims.

Portable Printing

Rugged portable printers are routinely used for output when documentation is required. Common applications include providing signed delivery receipts, purchase orders, work orders and inspection reports. Using mobile printers and computers together lets sales, service and delivery personnel give customers the documentation they desire, while creating an electronic record that frees the enterprise from having to process paperwork. Mobile printers remain one of the fastest-growing segments of the entire printing industry. Traditional applications are in field service and distribution, but adoption is growing quickly in warehouses and factories for forklift-based printing for picking, putaway, shipment labeling and other activities. Mobile printing provides proven labor savings in industrial environments by saving workers from having to make an unproductive trip to a central location to pick up labels, pick tickets, manifests and other output.

The Part 2 of this article will detail 2D Bar Code, RFID, RTLS, Remote Management and Security Technology.

The writer is the Regional Marketing Manager of Intermec Asia Pacific.


Send your comments and discuss.

Labels: barcode, business, connectivity, mobile, rfid, rtls, scm, security, technology

Read more »

 

by Adi Tedjasaputra

RFID technology has been called and associated with many things: Barcode on Steroids, Next-generation Barcode Technology, The Internet of Things, Big Brother and even Spy Chips. No matter what people say, when RFID project proposals come to the hands of Chief Financial Officers or Finance Directors, RFID will just become the same thing: TECHNOLOGY, with a potential to bring benefits and also costs to organisations. Starting Small with RFID will help decision makers to justify the cost of RFID investment, while still providing an opportunity for organisations to see the real benefits of RFID.

Most organisations contemplating to embark on RFID initiatives will face a challenge to bring most benefits of the technology, while mitigating the costs and risks associated with it. Think Big, Start Smart and Scale Up with Agility is the key strategy for any successful RFID initiative. Using the strategy, decision makers can harness the potential benefit of RFID technology, justify the cost of investment, while still maintaining the flexibility for changes throughout their business process optimization, thus lowering the risks.

One of the key components in the Agile RFID strategy is Start Small. Here are a few tips to Start Small with RFID:

1. Focus on Existing Infrastructure
Reusing the existing infrastructure can deliver benefits at minimum cost in RFID implementation. However, this aspect is often neglected due to the lack of knowledge in the integration capability and capacity between the existing infrastructure and the new RFID infrastructure. By identifying one or more application areas where you can still use the existing infrastructure, you have reduced the time and cost for RFID infrastructure integration, which usually represents the largest cost component. For example, if you want to use RFID technology to enhance the convenience of access to a room or building, you may want to make sure that the new RFID infrastructure can easily be integrated with your existing access control and security systems. If you plan to print smart labels and currently have barcode printers, contact your barcode printer vendors and ask for upgrade options and plans, before buying some new RFID printers.

2. Focus on Scale
Large projects are prone to delay and failure. Whenever possible, break up a large RFID project initiative into some smaller RFID projects. Identify which small project will deliver the most impact for your organisation at the shortest time frame with the least investment. For example, automatic stock counting in a warehouse using RFID technology usually takes shorter time to implement than real-time asset location tracking, but the value delivered by the stock counting application is significant and less costly than the asset location tracking. By executing your plan properly and showing the benefits of RFID technology through your successful small project, it will be easier to convince your Chief Financial Officer or Finance Director about the value of RFID technology.

3. Focus on RFID Core Values
Understanding the power of RFID technology and its limitations is the key to stay focus on RFID core values. Unrealistic expectations from RFID technology are not only misleading, but also reducing the possibility of unleashing its vast potential. In addition, as any other technology, RFID also has its limitations. For example, the use of RFID technology for real-time asset tracking in asset management over continents will require an integration with other technology, such as Global Positioning Satellite (GPS). Focusing the use of RFID technology for real-time asset tracking in a limited area such as warehouse usually delivers more value than real-time tracking over a great distance.

The writer is the Founder of RFID Asia - The Prominent RFID Community in Asia.

Reference

Tedjasaputra, Adi (2005). RFID Phased Approach Needs Improvement. RFID Asia. Retrieved on September 3, 2007.


Send your comments and discuss.

Labels: business, project, rfid, security, technology, tracking

Read more »

 

by Eunice Sari

While contactless credit card is still a hot issue in the island-country of Singapore, several vendors in the region have started to buzz the concept of contactless mobile payment during a seminar last week.
The keyword is: NFC. The question is: Will it be a killer technology?

Near-Field Communication or NFC is a short-range 13.56 MHz wireless technology that can transfer data up to 424 kbits/s. Using standardized protocols developed by industry-sponsored NFC Forum, inter-device NFC communication is expected to establish two-way link and exchange data among different consumer products, such as mobile phones, televisions, personal computers and digital cameras. Touching and waving are the most common interaction styles that promise convenience as any other contactless technology. Nevertheless, the current usage of NFC technology is still limited to contactless card payment, contactless mobile payment and interactive smart poster.

Thian Yee Chua, the CEO of CASSIS, during a seminar in Singapore last week, emphasized the need to build an NFC ecosystem, an environment for consumer-service, for a wide adoption of NFC technology. Lim Boon Heong, the Marketing and Business Development Director in NFC business of INSIDE Contactless further detailed the importance of NFC handset availability, win-win business models and an open standard.

Contactless mobile payment is one of the applications highlighted during the seminar. Several pilots planned and initiated have involved major credit card companies, banks, merchants, mobile service providers, mobile network operators, such as: VISA, JCB, MasterCard, CCV Holland B.V, KPN, Nokia, PaySquare, Philips and ViVOtech, SK Telecom, Orange, France Telecom, China Fujian Mobile Communications Co. Ltd., Xiamen Branch and Xiamen E-Tong Card Company Ltd, 2-Eleven, Gemplus, CASSIS.

Yet, Bank of America that has conducted an NFC trial in collaboration with Venyon Oy and its 5000 employees at one of its corporate campus in Delaware reported in May 2007 that the NFC portion of the trial has flopped due to variety reasons, including undesirable mobile phone model and problems in downloading payment application to the handsets.

In addition, a security issue in the form of protocol vulnerabilities may become worse if NFC-enabled mobile phones can act as cards or terminals, can be programmed by their users and can communicate with each other (Anderson, Ross. RFID and the Middleman. Retrieved on 06-08-2007).

The writer is an ICT Consultant and Researcher with various affiliations to academic and industry organizations. Her current research interest includes ICT4D, m-Learning, e-Learning, Web 2.0, healthcare, wireless and mobile technology.


Send your comments and discuss.

Your Comments

The current NFC solution, being highly dependent on mobile handset (as far as mobile solution is concerned), is seen as the limitation. Such limitation can be overcame by a solution which will not depend on mobile handset.
- Eric Tan, Watchdata, Singapore, Sunday, August 12, 2007 -

Labels: 2.0, business, card, china, mobile, nfc, payment, rfid, security, singapore, technology, trial

Read more »

 

Like any information technology (IT), radio frequency identification (RFID) presents security and privacy risks that must be carefully mitigated through management, operational, and technical controls in order to realize the numerous benefits the technology has to offer.

When practitioners adhere to sound security engineering principles, RFID technology can help a wide range of organizations and individuals realize substantial productivity gains and efficiencies. These organizations and individuals include hospitals and patients, retailers and customers, and manufacturers and distributors throughout the supply chain.

RFID is a form of automatic identification and data capture (AIDC) technology that uses electric or magnetic fields at radio frequencies to transmit information. An RFID system can be used to identify many types of objects, such as manufactured goods, animals, and people. Each object that needs to be identified has a small object known as an RFID tag affixed to it or embedded within it. The tag has a unique identifier and may optionally hold additional information about the object. Devices known as RFID readers wirelessly communicate with the tags to identify the item connected to each tag and possibly read or update additional information stored on the tag. This communication can occur without optical line of sight and over greater distances than other AIDC technologies. RFID technologies support a wide range of applications—everything from asset management and tracking to access control and automated payment.

Every RFID system includes a radio frequency (RF) subsystem, which is composed of tags and readers. In many RFID systems, the RF subsystem is supported by an enterprise subsystem that is composed of middleware, analytic systems, and networking services. RFID systems that share information across organizational boundaries, such as supply chain applications, also have an inter-enterprise subsystem. Each RFID system has different components and customizations so that it can support a particular business process for an organization; as a result, the security risks for RFID systems and the controls available to address them are highly varied. The enterprise and inter-enterprise subsystems involve common IT components such as servers, databases, and networks and therefore can benefit from typical IT security controls for those components.

Source: Karygiannis, T., Eydt, B., et al. (2007). Guidelines for Securing Radio Frequency Identification (RFID) Systems. Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-98.


Send your comments and discuss.

Labels: business, payment, privacy, rfid, scm, security, tag, technology, tracking

Read more »

 

by Adi Tedjasaputra

With more organisations are considering the use of RFID network technology, it is time to enhance the RFID network security measures.

The Internet seems to be invented just yesterday. It comes as no surprise to many people because the recent statistics show that the total worldwide internet usage penetration was only 16.6% by January 11, 2007. Nevertheless, there is no doubt that the impact of the Internet on society has become more significant with the 202.9% growth of Internet usage since the year 2000.

On the other hand, the Internet of Things, with RFID technology as its key enabler, has only started to become headlines for the past few years. One of the the most popular RFID networks is EPCglobal Network.

The heart of EPCglobal Network lies in the component or service called Object Naming System (ONS) Root, as it was originally designed to anticipate the use of Electronic Product Code (EPC). The design of ONS Root is not completely new, because it is actually derived from the design of Domain Name System (DNS) Root.

The main similarity between ONS Root and DNS Root is the way they both return requests of data that are available in other servers, but not their own servers. DNS Root will return requests for root namespace domain with corresponding Top-level Domain (TLD) nameservers. ONS Root, in comparison, will return the network address of services where the corresponding data of the EPC in request is stored.

The benefits of not re-inventing the wheel, familiarity and easier implementation are naturally the strengths of the EPCglobal network, due to the experience with the Internet infrastructure. However, these benefits also come with some weaknesses. One of the weaknesses is the vulnerability of the ONS Root to Denial-of-Service (DoS) attacks, inherited from DNS Root.

In the history of Internet, there were only two significant incidents recorded on DoS attacks to DNS Root servers, i.e. in 2002 and recently on February 2007. The worst impacts on DoS attacks to DNS Root servers in 2002 were the malfunction of 9 DNS Root servers from 13 servers spread geographically across the globe. The recent attack in February 2007 has resulted in two badly suffered servers and others saw heavy traffic (Wikipedia, DNS Backbone DDoS Attacks). These attacks, however, have provided some insights to one of the main risks in adopting EPCglobal network, i.e. security.

With the current total worldwide internet usage penetration of only about 16.6%, it is already difficult to imagine some major changes to the Internet infrastructure and cope with DoS attacks. Some efforts such as local data caching, server power and bandwidth improvement can only alleviate the impacts of such attacks on DNS Root servers. Egress filtering can significantly prevent from such attacks only when the use is widespread, at the expense of inconvenience for false positive traffic identification and additional measures. There is currently no silver bullet for DoS attacks.

EPCglobal Network, by design, is also susceptible to DoS attacks. Using similar mechanism with DNS in resolving EPC data requests, the ONS Root servers become vulnerable to DoS attacks. Any organisation planning to embark on EPCglobal Network will cringe finding out that the EPCglobal Network infrastructure inherits security weaknesses similar to DNS'.

While it is already difficult for changing the Internet infrastructure with only 16.6% penetration rate, there is still a hope for EPCglobal Network. Different from the Internet infrastructure, the development of ubiquitous RFID networks and sensors, including EPCglobal Network, is still in a very early stage. This state of affairs has provided a second change to design a secure and robust RFID network and sensor infrastructure that can have a significant impact for the worldwide society in the future, especially when it is no longer the Internet of Things, but also the Internet of People.

Send your comments and discuss.

Labels: epcglobal, ons, rfid, security, technology

Read more »

 

by Adi Tedjasaputra

This is the time of the year when we start reading and listening to RFID technology yearly forecasts and slogans such as 1.71 billion tags will be sold, the total RFID market will be $4.96 billion, RFID will change everyday life, RFID is here to stay, 5-cent RFID tag has arrived, etc. The similar things we heard last year, or probably for the past several years, from those who try to sell reports and events in a quiet month.

Don't get me wrong – I applaud the work of credible people and organisations to disseminate knowledge around RFID technology and promote RFID business - but we need to understand that any change or transformation in the real world is evolutionary. There is no such thing as RFID revolution or RFID magic.

Forecasts are probably good to give a sense of direction and motivation, but the real change or transformation lies in wise actions. RFID players who are not aware of this reality have tasted some loss or about to find out the harsh reality of the RFID industry. VeriChip has had a slow sales and its stock has been struggling since its initial public offering. U.S. Homeland Security is abandoning the plans for using RFID tags. EPCglobal Gen 2 UHF tag has failed to meet its 5-cent tag vision. Wal-Mart is yet to succeed in reducing labour and inventory costs using RFID technology.

RFID technology is now at the Slope of Enlightenment in the sense of Gartner's Hype Cycle. RFID community has just started the process of understanding the benefits of practical RFID applications. There is a huge need to bridge RFID knowledge gap and find the right partners for the right RFID projects and applications, particularly in Asia. The emerging markets in Asia, such as Indonesia, have started to show some active signs and enthusiasms.

In the beginning of the new year, I would like to use the opportunity to thank all the RFID Asia Community Members for your continuous support and active participation.

Have a Wireless and Prosperous Lunar New Year.


Send your comments and discuss.

Labels: business, epcglobal, indonesia, rfid, security, tag, technology

Read more »

 

by Adi Tedjasaputra

The aggressive marketing campaign for RFID standards led by EPCglobal has been successful. At least, many who have heard about RFID, most likely have also heard about Electronic Product Code (EPC), EPCglobal standards or EPCglobal. Some even falsely identify RFID with EPC. There is no doubt that the EPC branding is in the mind of many people, for better or for worse.

5-Cent RFID Tags
Ideally, a marketing power should come with a responsibility to fulfil promises advertised in the marketing campaign. Unfortunately, in the real world, promises do not always come true in time and people often get disappointed, and sometimes confused and frustrated.

How many times have you heard or read people talk about 5-cent RFID tags?

Here, instead of discussing whether the 5-cent tag is a myth or a feasible vision, it is necessary to point out that 5-cent price target was originally introduced by Sanjay Sarma and his colleagues, who are also involved in the development of EPC. Riding the 5-cent buzz, EPC, a unique numbering scheme endorsed by EPCglobal, has gained popularity in the recent years, at the expense of RFID technology and industry in general.

We quickly determined that if RFID tags were ever going to have a shot at being widely used, a 5-cent price target was important for both psychological and commercial reasons. In return, though, the volumes would have to be very high—for example, more than 5 billion bar codes are scanned daily today. The problem with RFID tags at the time was that the industry was "stuck" in a higher-margin, lower-volume mind-set. At the Auto-ID Center, we set about flipping it to a high-volume, low-margin approach. (Integrating RFID, Sanjay Sarma, ACM Queue vol. 2, no. 7 - October 2004)

There is no doubt when Sanja Sarma and his colleagues envisioned 5-cent RFID tags, they were comparing RFID tags with barcode labels and referring only to retail supply chain item tagging, instead of the general RFID tags and applications.

Nevertheless, when the news of 5-cent RFID tags was published in the media, many became excited and over-enthusiastic. Some unrealistic expectations started to be unfolded. Many people easily forget or ignore the underlying assumption that an initial large volume purchase is necessary to achieve the 5-cent RFID tag vision.

Is Gen 2 the Silver Bullet?
Realising the shortcomings of the Class 0 and Class 1 UHF Air Interface Protocol Standard, EPCglobal began its work on the second generation of UHF air interface protocol mostly known as Gen 2. The standard was later ratified by the International Organization for Standardization (ISO) last year.

When EPCglobal later realised that the strengths of UHF RFID technology comes with its weaknesses and limitations, the organization started to look into HF RFID technology and formed HF Air Interface Working Group. The Working Group currently works toward the extension of Gen 2 into HF band.

The less known facts are actually the cost for involvement in the EPCglobal and the cost of adopting EPCglobal standards. If you are an end user, you have to pay at least US$750 (EPCglobal North America) for the initial subscription fee, in addition to other fees. Solution providers will have to pay more. The subscription fee schedule for companies outside the United States is less transparent, but since EPCglobal is a joint-venture between GS1 and GS1 US, one may expect similar fees to be collected as well.

Beside the high organisational and infrastructure costs, the design of current Gen 2 protocol standard ironically does not reflect any breakthrough towards the vision of 5-cent RFID tags, especially with added security feature extensions for RFID Supply Chain item-level tagging that will increase the total tag manufacturing cost.

The result of unrealistic expectations is predictable: disappointment. RFID vendors will fail to meet unrealistic expectations already generated by aggressive and unrealistic marketing campaign, including the demand for 5-cent tags. RFID technology and industry will get more bad press, in addition to the current opposition from already flourishing privacy groups. Wait-and-see attitude towards RFID implementations will become more common among potential RFID adopters, including the ones outside the retail supply chain industry. The expectation of large volume purchase that can decrease general RFID tag price will happen in a very slow pace, along with various setbacks.

Fortunately, there are hundreds of RFID applications that are independent from the need to adopt EPCglobal standards. These RFID applications are primarily unrelated to the supply chain industry. Nevertheless, we still urgently need a healthy dosage of marketing campaign that is balanced with rational and realistic expectations and actions to move beyond the current hype. We need to prevent one drop of indigo to stain the whole cauldron of milk (*).

(*) "One drop of indigo stains the whole cauldron of milk" is an Indonesian proverb that means one minor ill behaviour can ruin the whole good things or efforts.


Send your comments and discuss.

Labels: 2.0, epc, epcglobal, iso, privacy, rfid, scm, security, tag, technology

Read more »

 

Edited Press Release.

Savi Technology received official approval this week from the China State Radio Regulation Committee (SRRC) to use its family of active Radio Frequency Identification (RFID) products throughout the country. Savi Technology's tags and readers approved by SRRC, a division of the China Ministry of Information Industry, are compatible with the ISO 18000-7 (International Standardization Organization) standard for active RFID products operating at the 433.92 MHz radio frequency band.

"China’s certification of Savi's hardware products further validates international recognition that active RFID technology standard ISO 18000-7 is the global standard," said Fraser Jennings, vice president of Standards and Regulatory Affairs for Savi Technology, a Lockheed Martin company. "This milestone event facilitates the deployment of our proven RFID-based solutions to improve the real-time visibility, management and security of global shipments within, to and from China – the world’s largest manufacturing center."

By approving Savi's hardware equipment, China has authorized the use of active RFID products compatible with ISO-18000-7. These product approvals in China, combined with similar prior approvals in North America, South America, Europe and Pacific Rim markets such as Australia, Korea, Taiwan, Singapore, and Hong Kong, "clearly show the solid support for the 433 MHz frequency as the worldwide choice for active RFID," Jennings said.

Following extensive testing and document reviews, SRRC has issued Savi Technology a Radio Transmission Equipment Type Approval Certificate and Code for five of the company's flagship hardware products, including tags, readers and signposts.

Send your comments and discuss.

Labels: china, iso-18000-7, rfid, security, singapore, tag, technology

Read more »

 

The 14th APEC Economic Leaders' Meeting scheduled to be held in Ha Noi, Vietnam, 18-19 November 2006, will be attended by leaders and VIPs from the Asia Pacific region.

As a part of the security measure during the event, RFID mobile phones branded APEC Vietnam, will be distributed to the VIPs attending the event, according to the news released by Vinamobi Vietnam Company on their web site,

APEC Vietnam, which is fully manufactured and assembled in Vietnam, integrates Bluetooth, 1.3 megapixel camera, recorder, camcorder, removable card and RFID chip in one package. When the delegates enter and exit the conference area and hotels, the personal information of each delegate will be authenticated and verified from a distance using the mobile phone as an "RFID tag".

The device will also contain some information related to Vietnam, conference material, historical documentation of APEC, APEC members, national flags and the national anthems of all nations attending APEC event. In particular, the conference material contents can be retrieved by voice, so the delegates can listen to conference material contents during the event instead of reading them.


Send your comments and discuss.

Labels: card, mobile, rfid, security, tag, technology

Read more »

 

by Adi Tedjasaputra

Smart Card vendors have realized that some negative perception against RFID technology is not good for them, especially when they are after various large contracts from governments around the world, supplying their Contactless Smart Card Chips for biometric passports and ID cards.

When a defensive approach to distinguish RFID from Contactless Smart Card does not seem to be enough, some Smart Card vendors have decided to invest in a Secure ID Coalition for promoting the smart card technology to achieve enhanced security for ID management systems while maintaining user privacy.

(update 31 May 2007: After the release of this article in 2006, the Smart Card Alliance has removed the article titled "RFID and Contactless Smart Card Technology: Comparing and Contrasting Applications and Capabilities" previously available on their website and also linked in this article . The new version of similar article titled RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards is now available on their website instead.)

Their initiatives to avoid negative perception against smart card deserve an attention. However, there is also a need to set the record straight. Contactless Smart Card technology used for biometric passports and ID cards is RFID.

Contactless Smart Card Chip used in most biometric passports and ID cards is a passive 13.56 MHz RFID transponder incorporating a microcontroller conforming to ISO/IEC 14443 standard that allows for a read range of up to 10 cm, with a memory capacity of at least 32 Kilobytes and data transfer rate of 106 kbps or greater.

Some might argue that contactless smart card biometric passport and ID card applications require a higher degree protection for information privacy due to the sensitive information, compared to most RFID tags that only carry some product identification number. Nonetheless, the fact that they are all used for unique identification by means of radio waves implies that they are RFID.

There are various applications that use different types of RFID technology. It is understandable if the word RFID could trigger some allergic reactions in some people, given many hypes, devastating RFID image. For different reasons, some technology vendors are reluctant to use the word RFID for describing their products and services, eventhough what they actually sell is RFID. It is part of the current challenges and concerns faced by the RFID technology. There is a need to embrace and tackle the RFID challenges and concerns, but before assessing the challenges and concerns, it is essential to have a better understanding of RFID technology in the first place.


Send your comments and discuss.

Labels: card, privacy, rfid, security, tag, technology

Read more »

 

by Adi Tedjasaputra

Biometric passports have recently been touted as cutting-edge technology able to prevent travel document forgery using a secure authentication process. These passports carry digital data about the physical characteristics of their respective holders, such as face shape and fingerprints. These physical characteristics, and their combinations, are the parameters or the determining factors in an authentication process known as biometric authentication.

Before the biometric authentication process can be performed, a recording process that transforms human physical characteristics into digital biometric data, or a biometric signature, is required to set an authentication reference. These digital data are usually encrypted and stored in a Radio Frequency Identification (RFID) chip embedded or inserted into each biometric passport.

During the biometric passport authentication process, a passport-reading machine will read the biometric data stored in the RFID chip. After a successful contactless access, the data retrieved from the chip will then be authenticated against the initial, presumably genuine, biometric data stored in a database. In addition, a physical authentication process can also be integrated to increase the trustworthiness of the authentication process.

Most countries in the world are currently implementing or planning to adopt biometric passports for security purposes, including Indonesia.

As the world's fourth-most populous nation with more than 200 million people, Indonesia has decided to venture into the world of biometrics. Since February 2006, the country has been issuing what the government calls new biometric passports. According to the article, Justice ministry clarifies biometric passport prices, published by The Jakarta Post on July 21, 2006, the government says the biometric system, which scans fingerprints and photographic data into a bar code, has helped it detect 1,800 attempted passport frauds since its introduction in February 2006.

In addition, a press release issued by the sole contractor for the Biometric Indonesian Passport project, Digital Identification Solutions AG of Germany, dated July 12, 2006, from Stuttgart, claims that on average the new biometric passport system processes thousands of on-line passport applications daily and issues the passports in full color, and with numerous security features, on the spot where people apply for the passports.

"Being a German national, I sometimes would love to have my own government provide such user-friendly service to the public". says the CEO of the company in the press release.

Does this sound like an overstatement? I believe so.

However, I agree that the Biometric Indonesian Passport project is indeed one-of-a-kind in the world.

While developed countries are implementing or planning biometric passports with RFID chips embedded or inserted into them, the biometric Indonesian passports resort to bar code technology (the Post, July 21, 2006), which defeats the purpose of anti-counterfeit measures. Basically, it is easier to clone bar codes than the encrypted identification stored in an RFID chip.

Besides the security issue, it is also essential to guarantee that certain information in biometric passports is kept from unauthorized parties and specific privileges granted or assigned to the right people, which is almost impossible with the application of bar code technology. The biometric Indonesian passport system designer apparently forgets that secure authentication is the fundamental assumption for privacy protection and authorization.

In addition, the use of bar code technology also means that there is no unique identification system due to the limitation of the bar code numbering system. Bar code technology was originally designed only to identify a class of generic products, not a unique item, compared to RFID technology, which can support a unique identification system despite the numbering system being used.

Biometric (+RFID) passports and ID cards are definitely better, not having the basic security issues posed by bar code technology.

Nevertheless, the recent demonstration of biometric (+RFID) passport data cloning performed by a security consultant at the Black Hat security conference in Las Vegas could indicate that security risks in the use of biometric (+RFID) passports and ID cards still exist. However, the consultant could not change the information stored in the chip due to cryptographic protection.

In reality, there is no 100 percent security guarantee in this networked world. When you become part of a "network" voluntarily or involuntarily, there is always a chance that your security will be compromised. One sensible action you can take is to assess your state of security continuously, take several appropriate security measures and prepare recovery plans in the event of a security breach (RFID Security Threats: Your Cat is Probably Safe ... for Now, RFID Asia).

During a government forum on national IDs and e-passports for Indonesia held last June in Jakarta, the director for international cooperation at the Directorate General of Immigration unveiled a plan to decentralize the issuing of biometric Indonesian passports throughout Indonesian embassies.

Until now, there has been no country in the world planning or implementing a decentralization plan similar to the one proposed by the Indonesian government. It is certainly not about technological barriers. It is simply based on common sense and the assumption that the security risks of such decentralization outweigh the benefits of such a system in terms of efficiency. There is simply no country in the world that is willing to put its nationals and citizens on the front line of security risks and threats.

This article is featured at The Jakarta Post, Opinion and Editorial - August 15, 2006

Send your comments and discuss.

Labels: biometric, card, indonesia, privacy, project, rfid, security, technology

Read more »

 

by Adi Tedjasaputra

It is always difficult to digest an opinion or article on Radio Frequency Identification (RFID) based on incomplete facts and bias, especially when it comes from a company that considers itself as the world's authority in the field of RFID.

About two months ago, we heard about the draft report titled The Use of RFID for Human Identification published by the DHS Data Privacy and Integrity Advisory Committee, U.S. Department of Homeland Security. The report recommends a careful consideration whether to use RFID to identify and track individuals.

In about the same period, the CEO of Applied Digital is injecting RFID into the immigration mess, literally, by suggesting the implant of RFID chips manufactured by VeriChip Corp., a subsidiary of Applied Digital, into the arms of registered aliens in the U.S.

While the hype is still fresh in our memory, we heard another story that illustrates how easy it is to "clone" a unique identification number from a supposedly secure implanted RFID chip manufactured by the same company.

What was the reaction of VeriChip?

Interestingly, the spokesman could still argue that: "It’s very difficult to steal a VeriChip … it's much more secure than anything you'd carry around in your wallet".

Another hype that results in another setback for RFID.

Technology, including RFID, is only an enabler.
You still need to consider moral and ethical borderlines in applying RFID technology.


Send your comments and discuss.

Labels: privacy, rfid, security, technology, tracking

Read more »

 

Edited Press Release.

HP today announced that its researchers have developed a miniature wireless data chip that could provide broad access to digital content in the physical world.

The tiny chip could be stuck on or embedded in almost any object and make available information and content now found mostly on electronic devices or the Internet.

Some of the potential applications include storing medical records on a hospital patient’s wristband; providing audio-visual supplements to postcards and photos; helping fight counterfeiting in the pharmaceutical industry; adding security to identity cards and passports; and supplying additional information for printed documents.

The experimental chip, developed by the Memory Spot research team at HP Labs, is a memory device based on CMOS (a widely used, low-power integrated circuit design) and about the size of a grain of rice or smaller (2 mm to 4 mm square), with a built-in antenna. The chips could be embedded in a sheet of paper or stuck to any surface, and could eventually be available in a booklet as self-adhesive dots.

"The Memory Spot chip frees digital content from the electronic world of the PC and the Internet and arranges it all around us in our physical world," said Ed McDonnell, Memory Spot project manager, HP Labs.

The chip has a 10 megabits-per-second data transfer rate – 10 times faster than Bluetooth™ wireless technology and comparable to Wi-Fi speeds – effectively giving users instant retrieval of information in audio, video, photo or document form. With a storage capacity ranging from 256 kilobits to 4 megabits in working prototypes, it could store a very short video clip, several images or dozens of pages of text. Future versions could have larger capacities.

Information can be accessed by a read-write device that could be incorporated into a cell phone, PDA, camera, printer or other implement. To access information, the read-write device is positioned closely over the chip, which is then powered so that the stored data is transferred instantly to the display of the phone, camera or PDA or printed out by the printer. Users could also add information to the chip using the various devices.

“We are actively exploring a range of exciting new applications for Memory Spot chips and believe the technology could have a significant impact on our consumer businesses, from printing to imaging, as well as providing solutions in a number of vertical markets,” said Howard Taub, HP vice president and associate director, HP Labs.

The chip incorporates a built-in antenna and is completely self-contained, with no need for a battery or external electronics. It receives power through inductive coupling from a special read-write device, which can then extract content from the memory on the chip. Inductive coupling is the transfer of energy from one circuit component to another through a shared electromagnetic field. A change in current flow through one device induces current flow in the other device.

Memory Spot chips have numerous possible consumer and business-based applications.

Some examples are:

* Medical records: Embed a Memory Spot chip into a hospital patient’s wrist band and full medical and drug records can be kept securely available.
* Audio photo: Attach a chip to the prints of photographs and add music, commentary or ambient sound to enhance the enjoyment of viewing photos.
* Digital postcards: Send a traditional holiday postcard to family and friends with a chip containing digital pictures of a vacation, plus sounds and even video clips.
* Document notes: A Memory Spot chip attached to a paper document can include a history of all the corrections and additions made to the text, as well as voice notes and graphical images.
* Perfect photocopies: A Memory Spot chip attached to a cover sheet eliminates the need to copy the original document. Just read the perfect digital version into the photocopier and the result will be sharp output every time, no matter how many copies are needed, and avoiding any possibility of the originals jamming in the feeder.
* Security passes: Add a chip to an identity card or security pass for the best of both worlds --- a handy card with secure, relevant digital information included.
* Anti-counterfeit tags: Counterfeit drugs are a significant problem globally. Memory Spot chips can contain secure information about the manufacture and quality of pharmaceuticals. When added to a drug container, this can prove their authenticity. A similar process could be used to verify high-value engineering and aviation components.


Send your comments and discuss.

Labels: antenna, business, circuit, rfid, security, technology

Read more »

 

In the spirit of cooperation between government and industry through RFID innovation, we are glad to announce that the upcoming RFID Asia 2nd Meeting 2006 will be held in Kuala Lumpur, 20-21 September 2006.

Following the success of the RFID Asia 1st Meeting 2006 in Singapore, the RFID Asia 2nd Meeting 2006 is expected to attract the attention and participation of the major RFID players, governments and users in the Asia region, including industrial senior executives, researchers, venture capitalists, government official representatives and policy makers.

Several topics of interest during the meeting include the Integration of RFID and Sensor technology, RFID Access Control and Security Systems, RFID Privacy, New RFID Standards and Alternatives, IEEE P1902.1, RFID/USN and the Regional RFID Ecosystem in Asia and Malaysia.

By actively participating in the event, the attendees can expect the opportunities for RFID knowledge exchange, network among the RFID community members in Asia, open up business opportunities, develop RFID skills and participate in Asian RFID projects.

More detail information on the event can be retrieved from http://summit.rfid-asia.info.


Send your comments.

Labels: business, malaysia, privacy, rfid, security, singapore, technology

Read more »

 

Edited News Release.

Ontario ’s Information and Privacy Commissioner, Dr. Ann Cavoukian, yesterday released privacy Guidelines for the growing field of radio frequency identification (RFID).

These Guidelines flow from her earlier work in 2003 when the Commissioner first identified the potential privacy concerns raised by RFID technology. Following a history of ground-breaking work on building privacy into the design of emerging technologies, these Guidelines are a natural progression of this pragmatic approach.

“I have always found it beneficial to assist those working on emerging technologies, and to be proactive whenever possible – to develop effective guidelines and codes before any problems arise,” said Commissioner Cavoukian. “These made-in-Canada Guidelines provide guidance and solutions regarding item-level consumer RFID applications and uses.”

EPCglobal Canada, an industry association that sets standards for electronic product codes, has been collaborating with the IPC in the development of these Guidelines, and will be seeking Board approval by its member companies to signify the association’s endorsement of the Guidelines.

“ This technology offers exciting benefits to consumers and businesses alike. As the trusted source for driving adoption of EPC/RFID technology for increased visibility within the supply chain, privacy is as important as anything else we are doing,” said Art Smith, President and CEO, EPCglobal Canada. “We promote an environment that encourages ongoing innovation while respecting privacy issues.”

RFID tags contain microchips and tiny radio antennas that can be attached to products. They transmit a unique identifying number to an electronic reader, which in turn links to a computer database where information about the item is stored. RFID tags may be read from a distance quickly and easily, making them valuable for managing inventory but pose potential risks to privacy if linked to personal identifiers. RFID tags are the next generation technology from barcodes.

Although RFID technology deployed in the supply chain management process poses little threat to privacy, item-level use of RFID tags in the retail sector, when linked to personally identifiable information, can facilitate the tracking and surveillance of individuals. The goal of these Guidelines is to alleviate concerns about the potential threat to privacy posed by this technology and to enhance openness and transparency about item-level use of RFID systems by retailers.

The Guidelines address key privacy issues regarding the use of RFID technology at an item-level in the retail sector, said Commissioner Cavoukian.

The Guidelines are based on three overarching principles, including:

* Focus on RFID information systems, not technologies: The problem does not lie with RFID technologies themselves, but rather, the way in which they are deployed that can have privacy implications. The Guidelines should be applied to RFID information systems as a whole, rather than to any single technology component or function;

* Build in privacy and security from the outset – at the design stage: Just as privacy concerns must be identified in a broad and systemic manner, so, too, must the technological solutions be addressed systemically. A thorough privacy impact assessment is critical. Users of RFID technologies and information systems should address the privacy and security issues early in the design stages, with a particular emphasis on data minimization. This means that wherever possible, efforts should be made to minimize the identifiability, observability and linkability of RFID data; and

* Maximize individual participation and consent : Use of RFID information systems should be as open and transparent as possible, and afford individuals with as much opportunity as possible to participate and make informed decisions.

A companion piece to the Guidelines – Practical Tips for Implementing RFID Privacy Guidelines, is also being released by the Commissioner to help organizations put the Guidelines into practice.


Send your comments and discuss.

Labels: antenna, business, epcglobal, privacy, reader, rfid, scm, security, tag, technology, tracking

Read more »

 

A simple idea such as button pushing is expected to overcome the privacy issues in using short range RFID solutions such as RFID-enabled ID cards and passports.

This idea was revealed by SmartCode™ Corp. in its recent press release after the DHS Emerging Applications and Technology Subcommittee of the DHS Data
Privacy and Integrity Advisory Committee published a draft report titled “The Use of RFID for Human Identification". The report recommends a careful consideration whether to use RFID to identify and track individuals.


References

(1) SMARTCODE™ CORP. SMARTCODE™ CORP. SOLVES THE PRIVACY ISSUE RELATING to potential unauthorized reading of RFID enabled PASSPORTS AND id cards. http://www.smartcodecorp.com/newsroom/22-05-06.asp (retrieved 25th May 2006)

(2) U.S. Department of Homeland Security. The Use of RFID for Human Identification. http://www.dhs.gov/dhspublic/interweb/assetlibrary/privacy_advcom_rpt_rfid_draft.pdf (retrieved 25th May 2006)


Send your comments and discuss.

Labels: card, privacy, rfid, security, technology, tracking

Read more »

 

(1) CDT-Led Working Group Releases RFID "Best Practices"

A working group led by CDT and made up of some of the nation's largest companies, public interest and consumer advocates earlier this month unveiled a set of "best practices" designed to promote respect for consumer privacy in the growing use of Radio Frequency Identification (RFID) technology in commercial applications.

Released at the RFID Journal Live! conference in Las Vegas, May 1, the document offers guidance for companies that use RFID technology to collect data that can be linked to consumers' personally identifiable information. Drawn from widely accepted principles of "fair information practices," the best practices outline how consumers should be notified about RFID data collection, what choice they should have with regard to the uses and sharing of their own personal information, and how that information should be treated by the companies that collect it.

The document is a milestone in the evolution of RFID technology, offering companies and organizations clear guidance on what steps they should take before putting in place RFID technology that can be linked to personally identifiable information.

In addition to CDT, the American Library Association, aQuantive, Cisco Systems, Eli Lilly and Company, IBM, Intel, Microsoft, the National Consumers League, Procter & Gamble, VeriSign and Visa USA all worked for more than a year to develop the document. Elliot Maxwell, an RFID consultant and fellow with the communications program at Johns Hopkins University also worked on the document.

RFID refers to a broad range of technologies that allow users to track and identify physical items using radio waves. RFID "tags" of various types can be placed on shipping crates, livestock, even clothing, where they can be later identified by RFID readers designed to scan the items at a distance. Many of those applications raise no real privacy concerns, but when the data collected from RFID tags is linked to personally identifiable information, privacy issues can arise. The best practices are geared specifically toward those instances.

The best practices described in the document are based on the fair information principles of notice, consent, access, transfer and security.

RFID Privacy Best Practices: http://www.cdt.org/privacy/20060501rfid-best-practices.php

(2) Best Practices Ideal for Evolving Technology

CDT shares the concern of the privacy community that RFID technology deployed without proper transparency and privacy safeguards could undermine consumer privacy. However, CDT does not believe that passing legislation limiting RFID deployment or imposing privacy rules specific to RFID technology are appropriate responses to those concerns. The best practices document offers a means to address legitimate privacy concerns pertaining to RFID, without hobbling the technology.

Government-imposed mandates on specific technologies can be problematic. Technological advancement typically outpaces the legislative cycle, meaning that technology-specific laws can quickly become obsolete, or worse, become impediments to the natural evolution of technology. Those problems are compounded in the case of newer services or devices, like RFID, that evolve at a much faster pace than more mature technologies.

Although technology-specific legislation is probably not the best way to address the privacy concerns associated with RFID, failing to address those concerns systematically would be equally troubling. As RFID becomes increasingly ubiquitous, the potential for the technology to impinge on personal privacy grows exponentially. As RFID sensors proliferate, the abundance of collection points, and the detail of location data that can be gathered, also increases.

If industry adequately addresses those concerns now, before RFID is widespread in consumer applications, companies may be spared challenge of trying to retrofit RFID systems with appropriate privacy protections after the fact. The best-practices document offers companies a blueprint for those considerations. Drawing on fair information principles, the best practices represent a practical response to the privacy issues that arise when personal information is linked to information collected using RFID.

Of course, the real test of any self-regulatory regime is industry uptake and compliance. But the diversity and size of the organizations that participated in drafting the best practices document gives it a solid basis for widespread discussion and adoption. CDT will encourage all organizations planning to deploy RFID in a consumer context to use the best practices as a starting point.

Because the technology continues to evolve, members of the working group dubbed the first public the release of the best practices an "interim draft." As new technological considerations arise, the RFID working group will review the document to determine whether advances in the technology and its applications require changes to the best practices.

(3) Technology-Neutral Consumer Privacy Legislation Still Needed

While CDT believes that it would not be appropriate to enact legislation specially regulating RFID, technology-neutral consumer privacy legislation should require that uses of the technology in conjunction with personal information be bound by fair information practices.

Many of the privacy concerns that arise from deploying commercial applications of RFID would be eliminated or greatly lessened by the existence of a strong, national consumer privacy law. For many years, the multiple laws to protect personal information held by companies have lagged far behind the technological advances that have allowed those companies to collect, store and share ever greater quantities of their customers' personal data.

State and federal lawmakers have traditionally responded to privacy concerns with laws to address symptomatic problems like data breaches and spyware. But the privacy issues that arise when companies collect personal data, create detailed profiles and use those profiles to track their customers' physical or virtual activities are the same regardless of the technology used. The more appropriate and sustainable solution is legislation that focuses on the information collected rather than the technology used to collect it.