"If youre going to secure a network, you need to secure all of it. So were broadening our support," said Tobias England, Columbitechs vice president of technology.
Swedish-based Columbitech isnt alone in trying to plug RFIDs security holes. Others in this emerging space include Shipcom Wireless Inc., Defywire.com and Sybase, Inc., with its iAnywhere software, analysts say.
Columbitechs include high-profile government names such as the U.S. Army, Navy and Marine Corps, in addition to large North American retail chains, England said in an interview.
Specifically, Columbitech has updated its whole WVPN lineup with security framework enhancements for securing RFID readers, so that customers can securely collect information from RFID tags, according to England.
Products in the lineup include the companys Wireless VPN Suite, which is sold to customers through the reseller channel, as well as separate SDKs for Columbitechs hardware and application software partners.
Columbitech is now certifying RFID readers for compliance and interoperability with its WVPN architecture. "Were agnostic as to hardware vendor," England said.
To overcome TCPs limitations in the areas of flow control and recovery, Columbitechs architecture uses a session-based instead of IP-based approach, he said.
Implemented above the transport layer of the application stack, the companys WVPN solution is designed to allow for the use of transport proxy mechanisms at the VPN server in case of momentary network problems caused by TCP breakdown or lack of radio coverage, for instance.
The solution uses the WTLS framework in creating an encrypted tunnel between the WVPN server and client, England said. WTLS—a wireless implementation of TLS—defines a set of protocols for encryption, signing and hashing. Essentially, TLS is an enhanced version of SSL 3.0.
Columbitech is deploying DES (56-bit), 3DES (112-bit) and AES (up to 256-bit) for symmetric encryption of payload data; RSA (up to 15,360-bit) for asymmetric encryption during the initial handshake; and either MD5 (128-bit) or SHA (up to 512-bit) for validating data integrity.
For authentication to the WVPN server, Columbitechs architecture lets customers choose any one—or a combination of—the following mechanisms: X.509 or WTLS client certificates; Windows username/password; RADIUS challenge/response or username/password; RSA SEcurID one-time password; Smartcard/CAT card; or biometric ID.
The system also includes a certificate manager and wireless PKI portal, for creating and distributing digital certificates, and an optional gatekeeper component, for simplifying firewall configuration and helping to prevent exposure of the WVPN server on the Internet.
According to England, extending this security framework to RFID comes naturally to Columbitech, a company that specializes in securing wireless networks of various sorts.
"RFID has emerged as a [security] monster. But for us, RFID is not that different from any other wireless network," he said.
In Europe, Columbitech produces secure GPRS roaming systems for enterprises and telco carriers.