Radio Frequency Identification

From Wikipedia, the free encyclopedia

An EPC RFID tag used for Wal-Mart
An EPC RFID tag used for Wal-Mart

Radio Frequency Identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags or transponders. An RFID tag is an object that can be attached to or incorporated into a product, animal, or person for the purpose of identification using radio waves. Chip-based RFID tags contain silicon chips and antennas. Passive tags require no internal power source, whereas active tags require a power source.

Contents

[edit] History of RFID tags

An RFID tag used for electronic toll collection
An RFID tag used for electronic toll collection

In 1946 Léon Theremin invented an espionage tool for the Soviet government which retransmitted incident radio waves with audio information. Soundwaves vibrated a diaphragm which slightly altered the shape of the resonator, which modulated the reflected radio frequency. Even though this device was a passive covert listening device, not an identification tag, it has been attributed as the first known device and a predecessor to RFID technology. The technology used in RFID has been around since the early 1920s according to one source (although the same source states that RFID systems have been around just since the late 1960s).[1][2][3]

A more similar technology, the IFF transponder, was invented by the British in 1939 [1], and was routinely used by the allies in World War II to identify airplanes as friend or foe. Transponders are still used by military and commercial aircraft to this day.

Another early work exploring RFID is the landmark 1948 paper by Harry Stockman, titled "Communication by Means of Reflected Power" (Proceedings of the IRE, pp 1196–1204, October 1948). Stockman predicted that "...considerable research and development work has to be done before the remaining basic problems in reflected-power communication are solved, and before the field of useful applications is explored."

Mario Cardullo's U.S. Patent 3,713,148 in 1973 was the first true ancestor of modern RFID; a passive radio transponder with memory. The initial device was demonstrated in 1971 to the New York Port Authority and consisted of a transponder with 16 bit memory for use as a toll device. The basic Cardullo patent covers the use of RF, sound and light as transmission medium. The original business plan presented to investors in 1969 showed uses in transportation (automotive vehicle identification, automatic toll system,electronic license plate, electronic manifest, vehicle routing, vehicle peformance monitoring), banking (electronic check book, electronic credit card), security (personnel identification, automatic gates, surveillance) and medical (identification, patient history). [3] The first demonstration of today's reflected power (backscatter) RFID tags, both passive and active, was done at the Los Alamos Scientific Laboratory in 1973. [2]

[edit] Types of RFID tags

RFID cards are also known as "proximity", "proxy" or "contactless cards" and come in three general varieties: passive, semi-passive (also known as semi-active), or active.

[edit] Passive

Passive RFID tags have no internal power supply. The minute electrical current induced in the antenna by the incoming radio frequency signal provides just enough power for the CMOS integrated circuit in the tag to power up and transmit a response. Most passive tags signal by backscattering the carrier signal from the reader. This means that the antenna has to be designed to both collect power from the incoming signal and also to transmit the outbound backscatter signal. The response of a passive RFID tag is not necessarily just an ID number; the tag chip can contain non-volatile EEPROM for storing data.

The lack of an onboard power supply means that the device can be quite small: commercially available products exist that can be embedded in a sticker, or under the skin. As of 2006, the smallest such devices measured 0.15 mm × 0.15 mm, and are thinner than a sheet of paper (7.5 micrometers). [2] The lowest cost EPC RFID tags, which are the standard chosen by Wal-Mart, DOD, Target, Tesco in the UK and Metro AG in Germany, are available today at a price of 5 cents each. The addition of the antenna creates a tag that varies from the size of a postage stamp to the size of a post card. Passive tags have practical read distances ranging from about 10 cm (4 in.) (ISO 14443) up to a few meters (EPC and ISO 18000-6) depending on the chosen radio frequency and antenna design/size. Due to their simplicity in design they are also suitable for manufacture with a printing process for the antennas.

Non-silicon tags made from polymer semiconductors are currently being developed by several companies globally. Simple laboratory printed polymer tags operating at 13.56 MHz were demonstrated in 2005 by both PolyIC (Germany) and Philips (The Netherlands). If successfully commercialized, polymer tags will be roll printable, like a magazine, and much less expensive than silicon-based tags. The end game for most item level tagging over the next few decades may be that RFID tags will be wholly printed - the same way a barcode is today - and be virtually free, like a barcode. However, substantial technical and economic hurdles must be surmounted to accomplish such an end: hundreds of billions of dollars have been invested over the last three decades in silicon processing, resulting in a per-feature cost which is actually less than that of conventional printing.

[edit] Active

Unlike passive RFID tags, active RFID tags have their own internal power source which is used to power any ICs that generate the outgoing signal. Active tags are typically much more reliable (e.g. fewer errors) than passive tags due to the ability for active tags to conduct a "session" with a reader. Active tags, due to their onboard power supply, also transmit at higher power levels than passive tags, allowing them to be more effective in "RF challenged" environments like water (including humans/cattle, which are mostly water), metal (shipping containers, vehicles), or at longer distances. Many active tags have practical ranges of hundreds of meters, and a battery life of up to 10 years. Some active RFID tags include sensors such as temperature logging which have been used in concrete maturity monitoring or to monitor the temperature of perishable goods. Other sensors that have been married with active RFID include humidity, shock/vibration, light, radiation, temperature and atmospherics like ethylene. Active tags typically have much longer range (approximately 300 feet) and larger memories than passive tags, as well as the ability to store additional information sent by the transceiver. The United States Department of Defense has successfully used active tags to reduce logistics costs and improve supply chain visibility for more than 15 years. At present, the smallest active tags are about the size of a coin and sell for a few dollars.

Passports

RFID tags are being used in passports issued by many countries. The first RFID passports ("e-passports") were issued by Malaysia in 1998. In addition to information also contained on the visual data page of the passport, Malaysian e-passports record the travel history (time, date, and place) of entries and exits from the country.

Standards for RFID passports are determined by the International Civil Aviation Organization (ICAO), and are contained in ICAO Document 9303, Part 1, Volumes 1 and 2 (6th edition, 2006). ICAO refers to the ISO 14443 RFID chips in e-passports as "contactless integrated circuits". ICAO standards provide for e-passports to be identifiable by a standard e-passport logo [3] on the front cover.

RFID tags are included in new UK and some new US passports, beginning in 2006. The US produced 10 million passports in 2005, and it has been estimated that 13 million will be produced in 2006. The chips will store the same information that is printed within the passport and will also include a digital picture of the owner. The passports will incorporate a thin metal lining to make it more difficult for unauthorized readers to "skim" information when the passport is closed.

Transport payments
  • Upass of Seoul was first introduced for transport payment service in 1996, using MIFARE technology.
  • In the UK, op systems for prepaying for unlimited public transport have been devised, making use of RFID technology. The design is embedded in a creditcard-like pass, that when scanned reveals details of whether the pass is valid, and for how long the pass will remain valid. The first company to implement this is the NCT company of Nottingham City, where the general public affectionately refer to them as "beep cards". It has since then been implemented with great success in London, where "Oyster cards" allow for pay-as-you-go travel as well as passes valid for various lengths of time and in various areas.
  • In Oslo, Norway, the upcoming public transport payment is to be RFID-based all round. The system is to be put into production around spring 2007
  • Since 2002, in Taipei, Taiwan the transportation system uses RFID operated cards as fare collection. The Easy Card is charged at local convenience stores and metro stations, and can be used in Metro, buses, parking lots and taxis. The uses are planned to extend all throughout the island of Taiwan in the future.
  • In Hong Kong, mass transit is paid for almost exclusively through the use of an RFID technology, called the Octopus Card. Originally it was launched in September 1997 exclusively for transit fare collection, but has grown to be similar to a cash card, and can be used in vending machines, fast-food restaurants and supermarkets. The card itself can be recharged with cash at add-value machines or over the counter in shops, and can be successfully read several centimetres from the reader.
  • The "Calypso" RFID pass is used throughout the world for public transport systems such as Paris and Lyon in France, (RATP), Porto and Lisbon in Portugal, Milan and Torino in Italy, Montreal in Canada, Mexico, Pereira in Columbia, etc.
  • RFID tags are used for electronic toll collection at toll booths with Georgia's Cruise Card, California's FasTrak, Illinois' I-Pass, Oklahoma's Pikepass, the expanding eastern states' E-ZPass system (including Massachusetts's Fast Lane, New Jersey Turnpike, and the Maine Turnpike), Florida's SunPass, North Texas NTTA and Houston HCTRA EZ Tag, The "Cross-Israel Highway" (Highway 6), Philippines South Luzon Expressway E-Pass, Brisbane's Queensland Motorway E-Toll System in Australia, Autopista del Sol (Sun's Highway), Autopista Central (Central Highway), Autopista Los Libertadores, Costanera Norte, Vespucio Norte Express and Vespucio Sur urban Highways and every forthcoming urban highway (in a "Free Flow" modality) concessioned to private investors in Chile and all highways in Portugal (Via Verde, the first system in the world to span the entire network of tolls) and France (Liber-T system). The tags, which are usually the active type, are read remotely as vehicles pass through the booths, and tag information is used to debit the toll from a prepaid account. The system helps to speed traffic through toll plazas as it records the date, time, and billing data for the RFID vehicle tag. The plaza- and queue-free 407 Express Toll Route, in the Greater Toronto Area, allows the use of a transponder (an active tag) to account for all billing; this eliminates the need for identifying a vehicle by licence plate and saves the end user a significant cost.
An Electronic Road Pricing gantry in Singapore. Gantries such as these collect tolls in high-traffic areas in the country from active RFID units installed in vehicles.
Enlarge
An Electronic Road Pricing gantry in Singapore. Gantries such as these collect tolls in high-traffic areas in the country from active RFID units installed in vehicles.
  • In Singapore, the public transport network of buses and trains employs passive RFID cards known as EZ-Link cards. Traffic into the crowded downtown areas of the country is regulated by variable tolls imposed using an active tagging system combined with the use of stored-value cards (known as CashCards).
  • The Transperth public transport network in Perth, Western Australia uses RFID technology in the new SmartRider ticketing system.
  • In Rio de Janeiro, "RioCard" passes can be used in buses, ferries, trains and subway. The cards cannot be recharged.
Product Tracking
  • The Canadian Cattle Identification Agency began using RFID tags as a replacement for barcode tags. The tags are required to identify a bovine's herd of origin and this is used for trace-back when a packing plant condemns a carcass. Currently CCIA tags are used in Wisconsin and by US farmers on a voluntary basis. The USDA is currently developing its own program.
RFID tags used in libraries: square book tag, round CD/DVD tag and rectangular VHS tag.
Enlarge
RFID tags used in libraries: square book tag, round CD/DVD tag and rectangular VHS tag.
  • High-frequency RFID tags are used in library book or bookstore tracking, pallet tracking, building access control, airline baggage tracking, and apparel and pharmaceutical item tracking. High-frequency tags are widely used in identification badges, replacing earlier magnetic stripe cards. These badges need only be held within a certain distance of the reader to authenticate the holder. The American Express Blue credit card now includes a high-frequency RFID tag.
  • BGN has launched two fully automated Smartstores that combine item-level RFID tagging and SOA to deliver a tightly integrated supply chain, from warehouse to consumer.
  • UHF RFID tags are commonly used commercially in case, pallet, and shipping container tracking, and truck and trailer tracking in shipping yards.
Automotive
  • Microwave RFID tags are used in long range access control for vehicles.
  • Since the 1990's RFID tags have been used in car keys to prevent theft. Without the correct RFID, the car will not start.
  • In January 2003, Michelin began testing RFID transponders embedded into tires. After a testing period that is expected to last 18 months, the manufacturer will offer RFID-enabled tires to car makers. Their primary purpose is tire-tracking in compliance with the United States Transportation, Recall, Enhancement, Accountability and Documentation Act (TREAD Act).
  • Starting with the 2004 model year, a Smart Key/Smart Start option became available to the Toyota Prius. Since then, Toyota has been introducing the feature on various models around the world under both the Toyota and Lexus brands, including the Toyota Avalon (2005 model year), Toyota Camry (2007 model year), and the Lexus GS (2006 model year). The key uses an active RFID circuit which allows the car to acknowledge the key's presence within approximately 3 feet of the sensor. The driver can open the doors and start the car while the key remains in a purse or pocket.
Animal identification
  • Implanted RFID tags are also used for animal identification. There are several more or less incompatible systems.
Other
  • In August 2004, the Ohio Department of Rehabilitation and Correction (ODRH) approved a $415,000 contract to evaluate the personnel tracking technology of Alanco Technologies. Inmates will wear wristwatch-sized transmitters that can detect if prisoners have been trying to remove them and send an alert to prison computers. This project is not the first such rollout of tracking chips in US prisons. Facilities in Michigan, California and Illinois already employ the technology.
  • Many more applications can be found in the literature[4].

[edit] RFID in inventory systems

An advanced automatic identification technology such as the Auto-ID system based on the Radio Frequency Identification (RFID) technology has two values for inventory systems. First, the visibility provided by this technology allows an accurate knowledge on the inventory level by eliminating the discrepancy between inventory record and physical inventory. Second, the RFID technology can prevent or reduce the sources of errors. Benefits of using RFID include the reduction of labour costs, the simplification of business processes and the reduction of inventory inaccuracies.

[edit] RFID mandates

Wal-Mart and the United States Department of Defense have published requirements that their vendors place RFID tags on all shipments to improve supply chain management [4]. Due to the size of these two organizations, their RFID mandates impact thousands of companies worldwide. The deadlines have been extended several times because many vendors face significant difficulties implementing RFID systems. In practice, the successful read rates currently run only 80%, due to radio wave attenuation caused by the products and packaging. In time it is expected that even small companies will be able to place RFID tags on their outbound shipments.

Since January, 2005, Wal-Mart has required its top 100 suppliers to apply RFID labels to all shipments. To meet this requirement, vendors use RFID printer/encoders to label cases and pallets that require EPC tags for Wal-Mart. These smart labels are produced by embedding RFID inlays inside the label material, and then printing bar code and other visible information on the surface of the label.

[edit] Human implants

Hand with the planned location of the RFID chip
Enlarge
Hand with the planned location of the RFID chip
Just after the operation to insert the RFID tag was completed
Enlarge
Just after the operation to insert the RFID tag was completed

Implantable RFID chips designed for animal tagging are now being used in humans. An early experiment with RFID implants was conducted by British professor of cybernetics Kevin Warwick, who implanted a chip in his arm in 1998. Night clubs in Barcelona, Spain and in Rotterdam, The Netherlands, use an implantable chip to identify their VIP customers, who in turn use it to pay for drinks [5].

In 2004, the Mexican Attorney General's office implanted 18 of its staff members with the Verichip to control access to a secure data room. (This number has been variously mis-reported as 160 or 180 staff members, though the correct number is actually 18. [6])

Many books published about RFID are aimed at medium to large businesses implementing RFID technology to track shipments or livestock; however, until the publication of RFID Toys [7] by Amal Graafstra in 2006 little information was available for the enthusiast. Shortly after the book's publication, the Seattle Center On Contemporary Art [8] hosted a live implant procedure performed on Phillip Beynon, a student from Vancouver Canada.

Security experts are warned against using RFID for authenticating people due to the risk of Identity Theft. For instance a Mafia Fraud Attack would make it possible for an attacker to steal the identity of a person in real-time. Due to the resource-constraints of RFIDs it is virtually impossible to protect against such attack models as this would require complex distance-binding protocols.[citation needed]

[edit] Potential uses

RFID tags are often envisioned as a replacement for UPC or EAN barcodes, having a number of important advantages over the older barcode technology. They may not ever completely replace barcodes, due in part to their higher cost and in other part to the advantage of more than one independent data source on the same object. The new EPC, along with several other schemes, is widely available at reasonable cost.

The storage of data associated with tracking items will require many terabytes on all levels. Filtering and categorizing RFID data is needed in order to create useful information. It is likely that goods will be tracked preferably by the pallet using RFID tags, and at package level with Universal Product Code (UPC) or EAN from unique barcodes.

The unique identity in any case is a mandatory requirement for RFID tags, despite special choice of the numbering scheme. RFID tag data capacity is big enough that any tag will have a unique code, while current bar codes are limited to a single type code for all instances of a particular product. The uniqueness of RFID tags means that a product may be individually tracked as it moves from location to location, finally ending up in the consumer's hands. This may help companies to combat theft and other forms of product loss. Moreover, the tracing back of products is an important feature that gets well supported with RFID tags containing not just a unique identity of the tag but also the serial number of the object. This may help companies to cope with quality deficiencies and resulting recall campaigns, but also contributes to concern over post-sale tracking and profiling of consumers.

It has also been proposed to use RFID for POS store checkout to replace the cashier with an automatic system which needs no barcode scanning. However, this is not likely to be possible without a significant reduction in the cost of current tags and changes in the operational process around POS. There is some research taking place, however, this is some years from reaching fruition.

Active RFID tags also have the potential to function as low-cost remote sensors that broadcast telemetry back to a base station. Applications of tagometry data could include sensing of road conditions by implanted beacons, weather reports, and noise level monitoring.

[edit] Gen 2

GS1 and GS1 US operate the joint venture EPCglobal. EPCglobal is working on international standards for the use of RFID and the EPC in the identification of any item in the supply chain for companies worldwide. The organization's board of governors includes representatives from GS1, GS1 US, The Gillette Company, Procter & Gamble, Wal-Mart, Hewlett-Packard, Johnson & Johnson, Dow Chemical, Checkpoint Systems and Auto-ID Labs and others.

One of the missions of EPCglobal was to simplify the Babel of protocols prevalent in the RFID world in the 1990's. Two tag air interfaces (the protocol for exchanging information between a tag and a reader) were defined (but not ratified) by EPCglobal prior to 2003. These protocols, commonly known as Class 0 and Class 1, saw significant commercial implementation in 2002-2005. In 2004 the Hardware Action Group created a new protocol, the Class 1 Generation 2 interface, which addressed a number of problems that had been experienced with Class 0 and Class 1 tags. The EPCglobal gen 2 standard was approved in December 2004, and is likely to form the backbone of RFID tag standards moving forward. This was approved after a contention from Intermec that the standard may infringe a number of their RFID related patents. It was decided that the standard itself did not infringe their patents, but it may be necessary to pay royalties to Intermec if the tag were to be read in a particular manner. EPC Gen2 is short for EPCglobal UHF Class 1 Generation 2. The Gen 2 standard was adopted with minor modifications as ISO 18000-6C in 2006.

[edit] Patient identification

In July 2004, the Food and Drug Administration issued a ruling that essentially begins a final review process that will determine whether hospitals can use RFID systems to identify patients and/or permit relevant hospital staff to access medical records. Since then, a number of U.S. hospitals have begun implanting patients with RFID tags and using RFID systems, more generally, for workflow and inventory management.[5] The use of RFID to prevent mixups between sperm and ova in IVF clinics is also being considered [9].

In October 2004, the FDA approved the country's first RFID chips that can be implanted in humans. The 134 kHz RFID chips, from VeriChip Corp., a subsidiary of Applied Digital Solutions Inc., can incorporate personal medical information and could save lives and limit injuries from errors in medical treatments, according to the company. The FDA approval was disclosed during a conference call with investors. Shortly after the approval, authors and anti-RFID activists Katherine Albrecht and Liz McIntyre discovered a warning letter from the FDA that spelled out serious health risks associated with the VeriChip. According to the FDA, these include "adverse tissue reaction," "migration of the implanted transponder," "failure of implanted transponder," "electrical hazards" and "magnetic resonance imaging [MRI] incompatibility."

[edit] Regulation and standardization

There is no global public body that governs the frequencies used for RFID. In principle, every country can set its own rules for this. The main bodies governing frequency allocation for RFID are:

  • USA: FCC (Federal Communications Commission)
  • Canada: DOC (Department of Communication)
  • Europe: ERO, CEPT, ETSI, and national administrations (note that the national administrations must ratify the usage of a specific frequency before it can be used in that country)
  • Japan: MPHPT (Ministry of Public Management, Home Affairs, Post and Telecommunication)
  • China: Ministry of Information Industry
  • South Africa: Icasa
  • Australia: Australian Communications and Media Authority.
  • New Zealand: Ministry of Economic Development
  • Singapore: Infocomm Development Authority (see www.ida.gov.sg)

Low-frequency (LF: 125 - 134.2 kHz and 140 - 148.5 kHz) and high-frequency (HF: 13.56 MHz) RFID tags can be used globally without a license. Ultra-high-frequency (UHF: 868 MHz-928 MHz) cannot be used globally as there is no single global standard. In North America, UHF can be used unlicensed for 902 - 928 MHz (+/-13 MHz from the 915 MHz center frequency), but restrictions exist for transmission power. In Europe, RFID and other low-power radio applications are regulated by ETSI recommendations EN 300 220 and EN 302 208, and ERO recommendation 70 03, allowing RFID operation with somewhat complex band restrictions from 865-868 MHz. Readers are required to monitor a channel before transmitting ("Listen Before Talk"); this requirement has led to some restrictions on performance, the resolution of which is a subject of current research. The North American UHF standard is not accepted in France as it interferes with its military bands. For China and Japan, there is no regulation for the use of UHF. Each application for UHF in these countries needs a site license, which needs to be applied for at the local authorities, and can be revoked. For Australia and New Zealand, 918 - 926 MHz are unlicensed, but restrictions exist for transmission power.

These frequencies are known as the ISM bands (Industrial Scientific and Medical bands). The return signal of the tag may still cause interference for other radio users [10].

Some standards that have been made regarding RFID technology include:

  • ISO 11784 & 11785 - These standards regulate the Radio frequency identification of animals in regards to Code Structure and Technical concept
  • ISO 14223/1 - Radio frequency identification of Animals, advanced transponders - Air interface
  • ISO 10536
  • ISO 14443: This standard is a very popular HF (13.56 MHz) standard, which is being used as the basis of RFID-enabled passports under ICAO 9303.
  • ISO 15693: This is also a very popular HF (13.56 MHz) standard, widely used for non-contact smart payment and credit cards.
  • ISO 18000: The 18000 series of standards spans most of the frequency bands used in RFID. 18000-2 operates in the 125 KHz regime, 18000-3 at 13.56 MHz, 18000-4 at 2.45 GHz, and 18000-6 in the 900-MHz bands. ISO18000-7 covers active tags used in asset monitoring and location. Unfortunately, these standards are not completely harmonized or interoperable; for example, ISO18000-6A,B, and C use differing modulations, packet structures, and command sets.


  • EPCglobal - this is the standardization framework that is most likely to undergo International Standardisation according to ISO rules as with all sound standards in the world, unless residing with limited scope, as customs regulations, air-traffic regulations and others. Currently the big distributors and governmental customers are pushing EPC heavily as a standard well accepted in their community, but not yet regarded as for salvation to the rest of the world.

A number of other standards organizations have been active in specialized niches within RFID. ANSI 371.1,2 and 3 cover beacon locating tags (18000-7 above); AAR S918 covers railcar identification in the US; the California state government has promulgated a standard, title 21, for auto tolling transponders. The Institute of Electrical and Electronic Engineers (IEEE) has recently initiated an active low-frequency activity under the name Rubee for asset monitoring in industrial applications.


A primary security concern surrounding RFID technology is the illicit tracking of RFID tags. Tags which are world-readable pose a risk to both personal location privacy and corporate/military security. Such concerns have been raised with respect to the United States Department of Defense's recent adoption of RFID tags for supply chain management [11]. More generally, privacy organizations have expressed concerns in the context of ongoing efforts to embed electronic product code (EPC) RFID tags in consumer products.

A second class of defense uses cryptography to prevent tag cloning. Some tags use a form of "rolling code" scheme, wherein the tag identifier information changes after each scan, thus reducing the usefulness of observed responses. More sophisticated devices engage in challenge-response protocols where the tag interacts with the reader. In these protocols, secret tag information is never sent over the insecure communication channel between tag and reader. Rather, the reader issues a challenge to the tag, which responds with a result computed using a cryptographic circuit keyed with some secret value. Such protocols may be based on symmetric or public key cryptography. Cryptographically-enabled tags typically have dramatically higher cost and power requirements than simpler equivalents, and as a result, deployment of these tags is much more limited. This cost/power limitation has led some manufacturers to implement cryptographic tags using substantially weakened, or proprietary encryption schemes, which do not necessarily resist sophisticated attack. For example, the Exxon-Mobil Speedpass uses a cryptographically-enabled tag manufactured by Texas Instruments, called the Digital Signature Transponder (DST), which incorporates a weak, proprietary encryption scheme to perform a challenge-response protocol.

Still other cryptographic protocols attempt to achieve privacy against unauthorized readers, though these protocols are largely in the research stage. One major challenge in securing RFID tags is a shortage of computational resources within the tag. Standard cryptographic techniques require more resources than are available in most low cost RFID devices. RSA Security has patented a prototype device that locally jams RFID signals by interrupting a standard collision avoidance protocol, allowing the user to prevent identification if desired. [12]. Various policy measures have also been proposed, such as marking RFID tagged objects with an industry standard label.

USA RFID Legislation

  • California – SB1834

PURPOSE: Restrict the way businesses and libraries in California use RFID tags attached to consumer products or using an RFID reader that could be used to identify an individual.

Defeated by members of the California state assembly June 25, 2005.

  • California - SB768 (Identity Information Protection Act of 2006)

PURPOSE: Would establish interim protections to apply to RFID tags used for government mandated forms of identification (but the bill does not apply to RFID tags issued by private entities); it would establish interim civil and criminal penalties for cases in which personal information is collected via RFID without proper disclosure and prior consent. Would also establish a study commission to report on long-term legislative options by 30 June 2007. Full text of the bill is available online at [16] .

Passed by the California Senate with a vote of 30 to 7 on August 31, 2006 (it was already passed by the State Assembly). Vetoed by Governor Arnold Schwarzenegger.

  • Massachusetts – HB 1447, SB 181

PURPOSE: Requires labels regarding use and purpose of RFID on consumer products; requires the ability to remove tags; and restricts info on tags to inventory and like purposes.

  • Maryland – HB 354
    • PURPOSE: Creates a task force to study privacy and other issues related to RFID and report on whether legislation is needed.
    • STATUS: Failed
  • Missouri – SB 128
    • PURPOSE: Requires a conspicuous label on consumer packaging with RFID disclosing existence of the tag and that the tag can transmit a unique ID before and after purchase.
  • Nevada – AB 264
    • PURPOSE: Requires manufacturers, retailers and others to ensure placement of a label regarding existence of RFID on product prior to sale.
  • New Hampshire – HB 203
    • PURPOSE: Requires written or verbal notice of existence of a tracking device on any product prior to sale.
  • New Mexico – HB 215
    • PURPOSE: Requires businesses purveying tagged items to post notices on their premises and labels on the products; requires removal or deactivation of tag at point of sale.
  • Ohio – SB 349
    • PURPOSE: Prohibits an employer from requiring an employee of the employer to insert into the employee's body an RFID tag. [17]
  • Rhode Island – H 5929
    • PURPOSE: Prohibits state or local government from using RFID to track movement or identity of employees, students or clients or others as a condition of a benefit or service.
  • South Dakota – HB 1114
    • PURPOSE: Prohibits requiring a person to receive implant of an RFID chip.
  • Tennessee – HB 300, SB 699
    • PURPOSE: Requires conspicuous labeling of goods containing RFID disclosing existence of RFID and that it can transmit unique information.
  • Texas – HB 2953
    • PURPOSE: Prohibits school district from requiring student to use an RFID device for identification; requires school to provide alternative method to those who object to RFID.
  • Utah – HB 185
    • PURPOSE: Amends computer crime law to include RFID.
  • Wisconsin – Assembly Bill 290
    • PURPOSE: Prohibits anyone, including employers or government agencies, from requiring people to have microchips implanted in them. Violators would face fines of up to $10,000 per day per offense until the chip is removed.
    • Passed May 30, 2006 [18] [19]

[edit] Controversy

How would you like it if, for instance, one day you realized your underwear was reporting on your whereabouts?
— California State Senator Debra Bowen, at a 2003 hearing [13]

The use of RFID technology has engendered considerable controversy and even product boycotts by consumer privacy advocates such as Katherine Albrecht and Liz McIntyre of CASPIAN who refer to RFID tags as "spychips". The four main privacy concerns regarding RFID are:

  • The purchaser of an item will not necessarily be aware of the presence of the tag or be able to remove it;
  • The tag can be read at a distance without the knowledge of the individual;
  • If a tagged item is paid for by credit card or in conjunction with use of a loyalty card, then it would be possible to tie the unique ID of that item to the identity of the purchaser; and
  • The EPCglobal system of tags create globally unique serial numbers for all products.

Most concerns revolve around the fact that RFID tags affixed to products remain functional even after the products have been purchased and taken home, and thus can be used for surveillance and other purposes unrelated to their supply chain inventory functions. [citation needed]

Another privacy issue is due to RFID's support for a singulation (anti-collision) protocol. This is the means by which a reader enumerates all the tags responding to it without them mutually interfering. The structure of some collision-resolution (Medium Access Control) protocols is such that all but the last bit of each tag's serial number can be deduced by passively eavesdropping on just the reader's part of the protocol. Because of this, whenever the relevant types of RFID tags are near to readers, the distance at which a tag's signal can be eavesdropped is irrelevant; what counts is the distance at which the much more powerful reader can be received. Just how far this can be depends on the type of the reader, but in the extreme case some readers have a maximum power output of 4 W, enabling signals to be received from tens of kilometres away.[citation needed] However, more recent UHF tags employing the EPCglobal Gen 2 (ISO 18000-6C) protocol, which is a slotted-Aloha scheme in which the reader never transmits the tag identifying information, are not subject to this particular attack.

Technical note: the anti-collision scheme of ISO 15693 will render this rather implausible. To eavesdrop on the reader part of the protocol - and gather the 63 least significant bits of a uid - would require the reader to send a mask value of 63 bits. This can only happen when the reader detects a collision up to the 63rd bit. In other words: One can eavesdrop on the transmitted mask-value of the reader, but for the reader to transmit a 63 bit mask-value requires two tags with identical least significant 63 bits. The probability of this happening must be near zero. I.e. the eavesdropper needs two virtually identical tags to be read at the same time by the reader in question. [citation needed]

In any discussion of eavesdropping and skimming, it is important to make a distinction between inductively-coupled and radiatively-coupled tags. Protocols like ISO 15693 use 13.56 MHz radio frequencies and inductive coupling between the tag and reader. The signal power falls very rapidly to extremely low levels a few antenna diameters away from the reader when inductive coupling is used, so an attacker must be within a few meters to intercept the reader signal, and closer to read a tag. Protocols like 18000-6C, which use 900 MHz signals, usually use radiative coupling between tag and reader; a wave is launched, whose power falls roughly as the square of the distance. Tag signals can be intercepted from ten meters away under good conditions, and the reader signal can be detected from kilometers away if there are no obstructions. [citation needed]

The potential for privacy violations with RFID was demonstrated by its use in a pilot program by the Gillette Company, which conducted a "smart shelf" test at a Tesco in Cambridge, England. They automatically photographed shoppers taking RFID-tagged safety razors off the shelf, to see if the technology could be used to deter shoplifting. [14] This trial resulted in consumer boycott against Gillette and Tesco. [6]

In another incident, uncovered by the Chicago Sun-Times, shelves in a Wal-Mart in Broken Arrow, Oklahoma, were equipped with readers to track the Max Factor Lipfinity lipstick containers stacked on them. Webcam images of the shelves were viewed 750 miles (1200 km) away by Procter & Gamble researchers in Cincinnati, Ohio, who could tell when lipsticks were removed from the shelves and observe the shoppers in action. [citation needed]

In January 2004 privacy advocates from CASPIAN and the German privacy group FoeBuD were invited to the METRO Future Store in Germany, where an RFID pilot project was implemented. It was uncovered by accident that METRO "Payback" customer loyalty cards contained RFID tags with customer IDs, a fact that was disclosed neither to customers receiving the cards, nor to this group of privacy advocates. This happened despite assurances by METRO that no customer identification data was tracked and all RFID usage was clearly disclosed. [7]

The controversy was furthered by the accidental exposure of a proposed Auto-ID consortium public relations campaign that was designed to "neutralize opposition" and get consumers to "resign themselves to the inevitability of it" whilst merely pretending to address their concerns. [8]

During the UN World Summit on Information Society (WCIS) between the 16th to 18th of November, 2005, founder of the free software movement, Richard Stallman, protested the use of RFID security cards. During the first meeting, it was agreed that future meetings would no longer use RFID cards, and upon finding out this assurance was broken, he covered his card in tin foil, and would only uncover it at the security stations. This protest caused the security personnel considerable concern, with some not allowing him to leave a conference room in which he had been the main speaker, and then the prevention of him entering another conference room, where he was due to speak.[citation needed]

On July 22, 2006, Reuters reported that two hackers, Newitz and Westhues, at a conference in New York City showed that they could clone the RFID frequency from a human implanted RFID chip, showing that the chip is not hack-proof as was previously believed. [9]

[edit] Viruses

Ars Technica Reported in March 2006 an RFID buffer overflow bug that could infect airport terminal RFID Databases for baggage, and also Passport databases to obtain confidential information on the passport holder.[10]

[edit] RFID Shielding

A number of products are available on the market in the US that will allow a concerned carrier of RFID-enabled cards or passports to shield their data. Simply wrapping an RFID card in aluminum foil is claimed to make transmission more difficult, yet not be completely effective at preventing it. [15]

Shielding is again a function of the frequency being used. Low-frequency tags, like those used in implantable devices for humans and pets, are relatively resistant to shielding, though thick metal foil will prevent most reads. High frequency tags (13.56 MHz -- smart cards and access badges) are more sensitive to shielding and are difficult to read when within a few centimetres of a metal surface. UHF tags (pallets and cartons) are very difficult to read when placed within a few millimetres of a metal surface, although their read range is actually increased when they are spaced 2-4 cm from a metal due to positive reinforcement of the reflected wave and the incident wave at the tag. UHF tags can be successfully shielded from most reads by being placed within an anti-static plastic bag.

[edit] Protection against RFID interception

Various methods can be used to protect against RFID data interception[11]:

  • Most RFID chips can be disabled by physical means: for example the RFID chip inside RFID credit cards can be disabled by a sharp tap of a hammer.
  • One can prevent the RFID transponders from receiving power. This is accomplished by obstructing the power supply; one approach is to shield the RFID transponders in a Faraday's cage, intercepting the electromagnetic signal which normally powers them. For RFIDs which couple magnetically, the shield requires a housing of magnetically permeable material such as iron or MU-metal.
  • One can simply damage the antenna. With larger RFID transponders one can recognize the spirals of the antenna clearly by use of a radiograph. If one splits the antenna circuit, the effective range of the RFID transponder will be greatly reduced.
  • An intense electromagnetic impulse applied to the transponders and antenna can induce high currents, interrupting the circuit and rendering the tag useless. A crude way to do this is putting the RFID tag in a microwave oven. Success may vary, depending on the frequency of the microwave and the shape of the antenna.
  • The system can be blocked by sending a spurious signal in conjunction with the inquiry signal, preferably on the RFID frequency. This blocks the relatively weak signals of the RFID transponder.
  • If a simple memory chip is used to confirm the authenticity of the inquiry, then one can record the inquiry and at a later time reverse engineer the signal, allowing replication. For the reader it appears as if the correct RFID transponder were in the field. Modern RFID tags using UHF Class 1 gene 2 developed by the European Working Group of EPCglobal Inc., which protect against such replay attacks by using more complex encodings.
  • Many RFID tags include a built in 'kill' function. When provided with the correct pass-code, a tag can be either reprogrammed or told to 'self destruct', rendering it useless.

[edit] See also

[edit] References

  1. ^ Dargan, Gaurav; Johnson,Brian; Panchalingam, Mukunthan; Stratis, Chris (2004). The Use of Radio Frequency Identification as a Replacement for Traditional Barcoding. Retrieved on 2006-05-31.
  2. ^ Landt, Jerry (2001). Shrouds of Time: The history of RFID (PDF). AIM, Inc.. Retrieved on 2006-05-31.
  3. ^ Intermec Education Services. Understanding RFID - Educational Video. Retrieved on 2006-08-26.
  4. ^ E. Schuster, S. Allen, D. Brock: Global RFID: The Value of the EPCglobal Network for Supply Chain Management, Springer 2007
  5. ^ Fisher, Jill A. 2006. Indoor Positioning and Digital Management: Emerging Surveillance Regimes in Healthcare. In T. Monahan (Ed), Surveillance and Security: Technological Politics and Power in Everyday Life (pp. 77-88). New York: Routledge.
  6. ^ BBC
  7. ^ Spychips
  8. ^ Spy Chips press release
  9. ^ Reuters
  10. ^ RFID chips can carry viruses. Ars Technica. Retrieved on 2006-08-26.
  11. ^ Section translated from the German Wikipedia

[edit] External links