RSA Security Inc. will unveil a finished version of its RFID “Blocker Tag” technology that prevents radio-frequency identification tags from being read.
The technology, which RSA plans to demonstrate at its namesake conference this week in San Francisco, is one of the industrys first attempts to secure the anticipated oceans of consumer tracking data to be gathered by the tiny radio-powered tags. As Wal-Mart Stores Inc. and Gillette Co. press on with massive RFID rollouts, tags are expected to be attached, in increasing numbers, to all kinds of products, including manufactured goods, food and apparel.
According to company researchers and security experts, RSA blocker technology could have a profound and positive effect on the budding RFID industry, which has been drawing intensifying criticism from civil libertarians and consumer advocates over privacy concerns.
“There is a huge privacy issue because you cant ever verify that the tag has been killed when [customers] leave the store,” said Randy Breault, manager of information security services at Hannaford Bros. Co., a grocery chain based in Portland, Maine, that is in the early stages of planning an RFID implementation in its warehouses. “Thats the reason that were starting slow with it and doing it at the pallet level. Youre dealing with a lot of negative potential at the item level.”
RFID tags are little more than small, printed circuits containing a unique identifying number. Special readers query the tags, which respond with their numbers. The numbers can then be used to track the item.
The blocker tag system is software-based and relies on technology developed by RSA researchers that prevents RFID readers from gathering data from other tags in their immediate vicinity. Without it, any RFID reader could query any tag, enabling retailers or other companies to read the tags on any merchandise a customer may be carrying.
Essentially, the blocker tag system works by tricking readers that all the possible RFID tags are present at a given time. Because RFID readers can communicate with only one tag at a time, when multiple tags reply to a single query, the reader detects a collision.
When that happens, the reader tries to communicate with each tag individually, asking each for its next bit, which identifies the portion of a binary tree the tag resides on. However, when queried in the presence of a blocker tag, the blocker tag also responds, but with a “0” and a “1” bit, confusing the reader and preventing it from getting valid responses.
Researchers at RSAs Labs unit see a broad range of applications for the blocker tags. For example, a retail store could place RFID tags on merchandise for inventory management purposes. Upon checkout, however, the retailer would place RFID items in a blocker tag-equipped bag, ensuring customers that those items will go undetected when in the presence of RFID readers elsewhere.
At the RSA Conference, the company will demonstrate an application using a prescription drug bottle equipped with an RFID tag that can be carried in a small paper bag that has a blocker tag.
The company is talking to a variety of parties about licensing the technology, including manufacturers of RFID components, systems integrators and retailers.
“Theres a great need for security and privacy expertise in this area. Security is an afterthought on the Internet, and we dont want to see the same thing happen with RFID,” said Burt Kaliski, chief scientist and director of RSA Labs, based in Bedford, Mass. “Theres no standard way to put security on the reader. This is a way to give customers confidence and enable honest companies to demonstrate respect for privacy.”
Security experts praised RSAs innovation but also cautioned that privacy protection can be a tough sell.
“Its a cool technology and I love seeing cool technologies pressed into service for privacy protection,” said Bruce Schneier, chief technology officer of Counterpane Internet Security Inc. and a well-known cryptographer, in Cupertino, Calif. “The privacy implications are considerable with RFID. But privacy protection technologies tend not to sell. I hope it does. Its a tough market but an important market.”
Kaliski stressed that the blocker tag is just the beginning in terms of the companys research into RFID security and privacy technologies.
“The tag is just the first fruit of the approach were taking to this,” he said. “Theres still a good amount of research to be done. We need security on the protocol, the readers and the back end, too. We need a full set of technologies on the table in order to know whats possible.”