An RFID tag is an object that can be applied to or incorporated into a product, animal, or person for the purpose of identification and tracking using radio waves. Some tags can be read from several meters away and beyond the line of sight of the reader.
Most RFID tags contain at least two parts. One is an integrated circuit for storing and processing information, modulating and demodulating a radio-frequency (RF) signal, and other specialized functions. The second is an antenna for receiving and transmitting the signal. Chipless RFID allows for discrete identification of tags without an integrated circuit, thereby allowing tags to be printed directly onto assets at a lower cost than traditional tags.
Today, RFID is used in enterprise supply chain management to improve the efficiency of inventory tracking and management. However, growth and adoption in the enterprise supply chain market is limited because current commercial technology does not link the indoor tracking to the overall end-to-end supply chain visibility. Coupled with fair cost-sharing mechanisms, rational motives and justified returns from RFID technology investments are the key ingredients to achieve long-term and sustainable RFID technology adoption .
In 1946 Léon Theremin invented an espionage tool for the Soviet Union which retransmitted incident radio waves with audio information. Sound waves vibrated a diaphragm which slightly altered the shape of the resonator, which modulated the reflected radio frequency. Even though this device was a passive covert listening device, not an identification tag, it has been attributed as a predecessor to RFID technology. The technology used in RFID has been around since the early 1920s according to one source (although the same source states that RFID systems have been around just since the late 1960s).
Similar technology, such as the IFF transponder invented by the United Kingdom in 1939, was routinely used by the allies in World War II to identify aircraft as friend or foe. Transponders are still used by most powered aircraft to this day.
Another early work exploring RFID is the landmark 1948 paper by Harry Stockman, titled "Communication by Means of Reflected Power" (Proceedings of the IRE, pp 1196–1204, October 1948). Stockman predicted that "…considerable research and development work has to be done before the remaining basic problems in reflected-power communication are solved, and before the field of useful applications is explored."
Mario Cardullo's in 1973 was the first true ancestor of modern RFID; a passive radio transponder with memory. The initial device was passive, powered by the interrogating signal, and was demonstrated in 1971 to the New York Port Authority and other potential users and consisted of a transponder with 16 bit memory for use as a toll device. The basic Cardullo patent covers the use of RF, sound and light as transmission media. The original business plan presented to investors in 1969 showed uses in transportation (automotive vehicle identification, automatic toll system, electronic license plate, electronic manifest, vehicle routing, vehicle performance monitoring), banking (electronic check book, electronic credit card), security (personnel identification, automatic gates, surveillance) and medical (identification, patient history).
The first patent to be associated with the abbreviation RFID was granted to Charles Walton in 1983 .
To communicate, tags respond to queries generating signals that must not create interference with the readers, as arriving signals can be very weak and must be differentiated. Besides backscattering, load modulation techniques can be used to manipulate the reader's field. Typically, backscatter is used in the far field, whereas load modulation applies in the nearfield, within a few wavelengths from the reader.
Passive tags have practical read distances ranging from about 11 cm (4 in) with near-field (ISO 14443), up to approximately 10 meters (33 feet) with far-field (ISO 18000-6) and can reach up to 600 feet (183 meters) when combined with a phased array. Basically, the reading and writing depend on the chosen radio frequency and the antenna design/size. Due to their simplicity in design they are also suitable for manufacture with a printing process for the antennas. The lack of an onboard power supply means that the device can be quite small: commercially available products exist that can be embedded in a sticker, or under the skin in the case of low frequency (LowFID) RFID tags.
In 2007, the Danish Company RFIDsec developed a passive RFID with privacy enhancing technologies built-in including built-in firewall access controls, communication encryption and a silent mode ensuring that the consumer at point of sales can get exclusive control of the key to control the RFID. The RFID will not respond unless the consumer authorizes it, the consumer can validate presence of a specific RFID without leaking identifiers and therefore the consumer can make use of the RFID without being trackable or otherwise leak information that represents a threat to consumer privacy.
In 2006, Hitachi, Ltd. developed a passive device called the µ-Chip measuring 0.15×0.15 mm (not including the antenna), and thinner than a sheet of paper (7.5 micrometers). Silicon-on-Insulator (SOI) technology is used to achieve this level of integration. The Hitachi µ-Chip can wirelessly transmit a 128-bit unique ID number which is hard-coded into the chip as part of the manufacturing process. The unique ID in the chip cannot be altered, providing a high level of authenticity to the chip and ultimately to the items the chip may be permanently attached or embedded into. The Hitachi µ-Chip has a typical maximum read range of 30 cm (1 ft). In February 2007 Hitachi unveiled an even smaller RFID device measuring 0.05×0.05 mm, and thin enough to be embedded in a sheet of paper. The new chips can store as much data as the older µ-chips, and the data contained on them can be extracted from as far away as a few hundred metres. The ongoing problems with all RFIDs is that they need an external antenna which is 80 times bigger than the chip in the best version thus far developed. Further, the present costs of manufacturing the inlays for tags has inhibited broader adoption. As silicon prices are reduced and new more economic methods for manufacturing inlays and tags are perfected in the industry, broader adoption and item level tagging along with economies of scale production scenarios; it is expected to make RFID both innocuous and commonplace much like barcodes are presently.
Alien Technology's Fluidic Self Assembly and HiSam machines, Smartcode's Flexible Area Synchronized Transfer (FAST) and Symbol Technologies' PICA process are alleged to potentially further reduce tag costs by massively parallel production. Alien Technology and SmartCode are currently using the processes to manufacture tags while Symbol Technologies' PICA process is still in the development phase. Symbol was acquired by Motorola in 2006. Motorola however has since made agreements with Avery Dennison for supply of tags, meaning their own tag production and PICA process may have been abandoned. Alternative methods of production such as FAST, FSA, HiSam and possibly PICA could potentially reduce tag costs dramatically, and due to volume capacities achievable, in turn be able to also drive the economies of scale models for various silicon fabricators as well. Some passive RFID vendors believe that industry benchmarks for tag costs can be achieved eventually as new low-cost volume production systems are implemented more broadly. (For example, see )
Non-silicon tags made from polymer semiconductors are currently being developed by several companies globally. Simple laboratory-printed polymer tags operating at 13.56 MHz were demonstrated in 2005 by both PolyIC (Germany) and Philips (The Netherlands). If successfully commercialized, polymer tags will be roll-printable, like a magazine, and much less expensive than silicon-based tags. The end game for most item-level tagging over the next few decades may be that RFID tags will be wholly printed – the same way that a barcode is today – and be virtually free, like a barcode. However, substantial technical and economic hurdles must be surmounted to accomplish such an end: hundreds of billions of dollars have been invested over the last three decades in silicon processing, resulting in a per-feature cost which is actually less than that of conventional printing.
Active tags, due to their onboard power supply, also may transmit at higher power levels than passive tags, allowing them to be more robust in "RF challenged" environments with humidity and spray or with RF-dampening targets (including humans and cattle, which contain mostly water), reflective targets from metal (shipping containers, vehicles), or at longer distances: Generating strong responses from weak reception is a sound approach to success. In turn, active tags are generally bigger (due to battery size) and more expensive to manufacture (due to price of the battery). However, their potential shelf life is comparable, as self-discharge of batteries competes with corrosion of aluminated printed circuits.
Many active tags today have operational ranges of hundreds of meters, and a battery life of up to 10 years. Active tags may include larger memories than passive tags, and may include the ability to store additional information received from the reader.
Special active RFID tags may include specialized sensors. For example, a temperature sensor can be used to record the temperature profile during the transportation and storage of perishable goods. Other sensor types used include humidity, shock/vibration, light, nuclear radiation, pressure and concentrations of gases such as ethylene.
The United States Department of Defense (DoD) has successfully used active tags to reduce search and loss in logistics and to improve supply chain visibility for more than 15 years (concept of in-transit-visibility ITV, ).
If energy from the reader is collected and stored to emit a response in the future, the tag is operating active.
Whereas in passive tags the power level to power up the circuitry must be 100 times stronger than with active or semi-active tags, also the time consumption for collecting the energy is omitted and the response comes with shorter latency time. The battery-assisted reception circuitry of semi-passive tags leads to greater sensitivity than passive tags, typically 100 times more. The enhanced sensitivity can be leveraged as increased range (by one magnitude) and/or as enhanced read reliability (by reducing bit error rate at least one magnitude).
The enhanced sensitivity of semi-passive tags places higher demands on the reader concerning separation in denser population of tags. Because an already weak signal is backscattered to the reader from a larger number of tags and from longer distances, the separation requires more sophisticated anti-collision concepts, better signal processing and some more intelligent assessment of which tag might be where. For passive tags, the reader-to-tag link usually fails first. For semi-passive tags, the reverse (tag-to-reader) link usually collides first.
Semi-passive tags have three main advantages: greater sensitivity than passive tags; longer battery powered life cycle than active tags; they can perform active functions (such as temperature logging) under their own power, even when no reader is present for powering the circuitry.
Examples of extended capability RFID tag technologies include EPC C1G2 with extended memory (e.g. 64Kb), battery-assisted passive, and active RFID. Battery-assisted passive, also known as semi-passive or semi-active, has the ability to extend the read range of standard passive technologies to well over 50 meters, to read around challenging materials such as metal, to withstand outdoor environments, to store an on-tag database, to be able to capture sensor data, and to act as a communications mechanism for external devices. Also, battery-assisted passive only transmits a signal when interrogated, thus extending battery life. Active RFID, which can have some of the features of battery-assisted passive, is commonly used for even longer distances and real-time locationing. It also actively transmits a signal, which often results in shorter battery life.
Common applications of extended capability RFID include Yard Management, Parts Maintenance and Repair Operations, Cold-Chain Management, Reusable Transport Items tracking, High Value/High Security Asset tracking, and other applications where extended capabilities are needed.
High frequency is 3-30 MHz. At 13.56 MHz, a HFID or HighFID tag, using a planar spiral with 5–7 turns over a credit-card-sized form factor can be used to provide ranges of tens of centimeters. These coils are less costly to produce than LF coils, since they can be made using lithographic techniques rather than by wire winding, but two metal layers and an insulator layer are needed to allow for the crossover connection from the outermost layer to the inside of the spiral where the integrated circuit and resonance capacitor are located.
Ultrahigh-frequency or UHF is 300 MHz-3 GHz. UHFID and microwave passive tags are usually radiatively-coupled to the reader antenna and can employ conventional dipole-like antennas. Only one metal layer is required, reducing cost of manufacturing. Dipole antennas, however, are a poor match to the high and slightly capacitive input impedance of a typical integrated circuit. Folded dipoles, or short loops acting as inductive matching structures, are often employed to improve power delivery to the IC. Half-wave dipoles (16 cm at 900 MHz) are too big for many applications; for example, tags embedded in labels must be less than 10 cm (4 inches) in extent. To reduce the length of the antenna, antennas can be bent or meandered, and capacitive tip-loading or bowtie-like broadband structures are also used. Compact antennas usually have gain less than that of a dipole — that is, less than 2 dBi — and can be regarded as isotropic in the plane perpendicular to their axis.
Dipoles couple to radiation polarized along their axes, so the visibility of a tag with a simple dipole-like antenna is orientation-dependent. Tags with two orthogonal or nearly-orthogonal antennas, often known as dual-dipole tags, are much less dependent on orientation and polarization of the reader antenna, but are larger and more expensive than single-dipole tags.
Patch antennas are used to provide service in close proximity to metal surfaces, but a structure with good bandwidth is 3–6 mm thick, and the need to provide a ground layer and ground connection increases cost relative to simpler single-layer structures.
HFID and UHFID tag antennas are usually fabricated from copper or aluminum. Conductive inks have seen some use in tag antennas but have encountered problems with IC adhesion and environmental stability.
In many cases, optimum power from RFID reader is not required to operate passive tags. However, in cases where the effective radiated power (ERP) level and distance between reader and tags are fixed, such as in a manufacturing setting, it is important to know the location in a tagged object where a passive tag can operate optimally.
Resonance Spot (R-Spot), Live Spot (L-Spot) and Dead Spot (D-Spot) are defined to specify the location of RFID tags in a tagged object, where the tags can still receive power from a reader within specified ERP level and distance .
To read tag data, readers use a tree-walking singulation algorithm, resolving possible collisions and processing responses one by one. Blocker tags may be used to prevent readers from accessing tags within an area without killing surrounding tags by means of suicide commands. These tags masquerade as valid tags but have some special properties: in particular, they may possess any identification code, and may deterministically respond to all reader queries, thus rendering them useless and securing the environment.
Besides this, tags may be promiscuous, attending all requests alike, or secure, which requires authentication and control of typical password management and secure key distribution issues. A tag may also be prepared to be activated or deactivated in response to specific reader commands.
Readers that are in charge of the tags of an area may operate in autonomous mode (as opposed to interactive mode). When in this mode, a reader periodically locates all tags in its operating range, and keeps a presence list with a persist time and some control information. When an entry expires, it is removed from the list.
Frequently, a distributed application requires both types of tags: passive tags are incapable of continuous monitoring and perform tasks on demand when accessed by readers. They are useful when activities are regular and well defined, and requirements for data storage and security are limited; when accesses are frequent, continuous or unpredictable, there are time constraints to meet or data processing (internal searches, for instance) to perform, active tags may be preferred.
Standards for RFID passports are determined by the International Civil Aviation Organization (ICAO), and are contained in ICAO Document 9303, Part 1, Volumes 1 and 2 (6th edition, 2006). ICAO refers to the ISO 14443 RFID chips in e-passports as "contactless integrated circuits". ICAO standards provide for e-passports to be identifiable by a standard e-passport logo on the front cover.
The first RFID passports ("E-passport") were issued by Malaysia in 1998. In addition to information also contained on the visual data page of the passport, Malaysian e-passports record the travel history (time, date, and place) of entries and exits from the country.
In 2006, RFID tags were included in new US passports. The US produced 10 million passports in 2005, and it has been estimated that 13 million will be produced in 2006. The chips will store the same information that is printed within the passport and will also include a digital picture of the owner. The US State Department initially stated the chips could only be read from a distance of 10 cm (4 in), but after widespread criticism and a clear demonstration that special equipment can read the test passports from 10 meters (33 ft) away, the passports were designed to incorporate a thin metal lining to make it more difficult for unauthorized readers to "skim" information when the passport is closed. The department will also implement Basic Access Control (BAC), which functions as a Personal Identification Number (PIN) in the form of characters printed on the passport data page. Before a passport's tag can be read, this PIN must be entered into an RFID reader. The BAC also enables the encryption of any communication between the chip and interrogator .
The new Passport Card also incorporates RFID technology. The Center for Democracy and Technology has issued warnings that significant security weaknesses that the Passport Card could be used to track U.S. travelers are apparent in the specifications of the card design as outlined by the U.S. Department of State.
Security expert Bruce Schneier has suggested that a mugger operating near an airport could target victims who have arrived from wealthy countries, or a terrorist could design an improvised explosive device which functioned when approached by persons from a particular country.
Some other European Union countries are also planning to add fingerprints and other biometric data, while some have already done so.
In 2004, Boeing integrated the use of RFID technology to help reduce maintenance and inventory costs on the Boeing 787 Dreamliner. With the high costs of aircraft parts, RFID technology allowed Boeing to keep track of inventory despite the unique sizes, shapes and environmental concerns. During the first six months after integration, the company was able to save $29,000 in just labor.
Since January 2005, Wal-Mart has required its top 100 suppliers to apply RFID labels to all shipments. To meet this requirement, vendors use RFID printer/encoders to label cases and pallets that require EPC tags for Wal-Mart. These smart labels are produced by embedding RFID inlays inside the label material, and then printing bar code and other visible information on the surface of the label.
Another Wal-Mart division, Sam's Club, has also moved in this direction. It sent letters dated Jan. 7, 2008 to its suppliers, stating that by Jan. 31, 2008, every full single-item pallet shipped to its distribution center in DeSoto, Texas, or directly to one of its stores served by that DC, must bear an EPC Gen 2 RFID tag. Suppliers failing to comply will be charged a service fee.
Implantable RFID chips designed for animal tagging are now being used in humans. An early experiment with RFID implants was conducted by British professor of cybernetics Kevin Warwick, who implanted a chip in his arm in 1998. Night clubs in Barcelona, Spain and in Rotterdam, The Netherlands, use an implantable chip to identify their VIP customers, who in turn use it to pay for drinks.
In 2004, the Mexican Attorney General's office implanted 18 of its staff members with the Verichip to control access to a secure data room. (This number has been variously mis-reported as 160 or 180 staff members. )
Security experts have warned against using RFID for authenticating people due to the risk of identity theft. For instance a man-in-the-middle attack would make it possible for an attacker to steal the identity of a person in real-time. Due to the resource constraints of RFIDs it is virtually impossible to protect against such attack models as this would require complex distance-binding protocols.
Among the many uses of RFID technologies is its deployment in libraries. This technology has slowly begun to replace the traditional barcodes on library items (books, CDs, DVDs, etc.). The RFID tag can contain identifying information, such as a book's title or material type, without having to be pointed to a separate database (but this is rare in North America). The information is read by an RFID reader, which replaces the standard barcode reader commonly found at a library's circulation desk. The RFID tag found on library materials typically measures 50 mm X 50 mm in North America and 50 mm x 75 mm in Europe. It may replace or be added to the barcode, offering a different means of inventory management by the staff and self service by the borrowers. It can also act as a security device, taking the place of the more traditional electromagnetic security strip And not only the books, but also the membership cards could be fitted with an RFID tag.
While there is some debate as to when and where RFID in libraries first began, it was first proposed in the late 1990s as a technology that would enhance workflow in the library setting. Singapore was certainly one of the first to introduce RFID in libraries and Rockefeller University in New York may have been the first academic library in the United States to utilize this technology, whereas Farmington Community Library in Michigan may have been the first public institution, both of which began using RFID in 1999. In Europe, the first public library to use RFID was the one in Hoogezand-Sappemeer, the Netherlands, in 2001, where borrowers were given an option. To their surprise, 70% used the RFID option and quickly adapted, including elderly people.
Worldwide, in absolute numbers, RFID is used most the United States (with its 300 million inhabitants), followed by the United Kingdom and Japan. It is estimated that over 30 million library items worldwide now contain RFID tags, including some in the Vatican Library in Rome.
RFID has many library applications that can be highly beneficial, particularly for circulation staff. Since RFID tags can be read through an item, there is no need to open a book cover or DVD case to scan an item. This could reduce repetitive-motion injuries. Where the books have a barcode on the outside, there is still the advantage that borrowers can scan an entire pile of books in one go, instead of one at a time. Since RFID tags can also be read while an item is in motion, using RFID readers to check-in returned items while on a conveyor belt reduces staff time. But, as with barcode, this can all be done by the borrowers themselves, meaning they might never again need the assistance of staff. Next to these readers with a fixed location there are also portable ones (for librarians, but in the future possibly also for borrowers, possibly even their own general-purpose readers). With these, inventories could be done on a whole shelf of materials within seconds, without a book ever having to be taken off the shelf.. In Umeå, Sweden, RFID is being used to assist visually impaired people in borrowing audiobooks. In Malaysia, Smart Shelves are used to pinpoint the exact location of books in Multimedia University Library, Cyberjaya. In the Netherlands, handheld readers are being introduced for this purpose.
The Dutch Union of Public Libraries ('Vereniging van Openbare Bibliotheken') is working on the concept of an interactive 'context library', where borrowers get a reader/headphones-set, which leads them to the desired section of the library (using triangulation methods, rather like GPS or TomTom) and which they can use to read information from books on the shelves with the desired level of detail (e.g. a section read out loud), coming from the book's tag itself or a database elsewhere, and get tips on alternatives, based on the borrowers' preferences, thus creating a more personalised version of the library. This may also lead them to sections of the library they might not otherwise visit. Borrowers could also use the system to exchange experiences (such as grading books). This is already done by children in the virtual realm at mijnstempel.nl, but the same could be done in physical form. Borrowers might grade the book at the return desk.
However, as of 2008 this technology remains too costly for many smaller libraries, and the conversion period has been estimated at 11 months for an average-size library. A 2004 Dutch estimate was that a library which lends 100,000 books per year should plan on a cost of €50,000 (borrow- and return-stations: 12,500 each, detection porches 10,000 each; tags 0.36 each). RFID taking a large burden off staff could also mean that fewer staff will be needed, resulting in some of them getting fired, but that has so far not happened in North America where recent surveys have not returned a single library that cut staff because of adding RFID. In fact, library budgets are being reduced for personnel and increased for infrastructure, making it necessary for libraries to add automation to compensate for the reduced staff size. Also, the tasks that RFID takes over are largely not the primary tasks of librarians. A finding in the Netherlands is that borrowers are pleased with the fact that staff are now more available for answering questions.
A concern surrounding RFID in libraries that has received considerable publicity is the issue of privacy. Because RFID tags can in theory be scanned and read from up to 350 feet (100 m), and because RFID utilizes an assortment of frequencies (both depending on the type of tag, though), there is some concern over whether sensitive information could be collected from an unwilling source. However, library RFID tags do not contain any patron information, and the tags used in the majority of libraries use a frequency only readable from approximately ten feet. Also, libraries have always had to keep records of who has borrowed what, so in that sense there is nothing new. One simple option is to only let the book transmit a code, that will only mean anything in conjunction with the library's database. Another step further is to give the book a new code every time it is returned. And if in the future readers become ubiquitous (and possibly networked), then stolen books could be traced even outside the library. Removing of the tags could be made difficult if they are so small that they fit invisibly inside a (random) page, possibly put there by the publisher.
An FDA-nominated task force concluded, after studying the various technologies currently commercially available, which of those technologies could meet the pedigree requirements. Amongst all technologies studied including bar coding, RFID seemed to be the most promising and the committee felt that the pedigree requirement could be met by easily leveraging something that is readily available. (More details see RFID-FDA-Regulations)
It is possible that active or semi-passive RFID tags used with or in place of barcodes could broadcast a signal to an in-store receiver to determine whether the RFID tag (product) is in the store.
Low-frequency (LF: 125–134.2 kHz and 140–148.5 kHz) (LowFID) tags and high-frequency (HF: 13.56 MHz) (HighFID) tags can be used globally without a license. Ultra-high-frequency (UHF: 868–928 MHz) (Ultra-HighFID or UHFID) tags cannot be used globally as there is no single global standard. In North America, UHF can be used unlicensed for 902–928& MHz (±13 MHz from the 915 MHz center frequency), but restrictions exist for transmission power. In Europe, RFID and other low-power radio applications are regulated by ETSI recommendations EN 300 220 and EN 302 208, and ERO recommendation 70 03, allowing RFID operation with somewhat complex band restrictions from 865–868 MHz. Readers are required to monitor a channel before transmitting ("Listen Before Talk"); this requirement has led to some restrictions on performance, the resolution of which is a subject of current research. The North American UHF standard is not accepted in France as it interferes with its military bands. For China and Japan, there is no regulation for the use of UHF. Each application for UHF in these countries needs a site license, which needs to be applied for at the local authorities, and can be revoked. For Australia and New Zealand, 918–926 MHz are unlicensed, but restrictions exist for transmission power.
Some standards that have been made regarding RFID technology include:
EPCglobal (a joint venture between GS1 and GS1 US) is working on international standards for the use of mostly passive RFID and the EPC in the identification of many items in the supply chain for companies worldwide.
One of the missions of EPCglobal was to simplify the Babel of protocols prevalent in the RFID world in the 1990s. Two tag air interfaces (the protocol for exchanging information between a tag and a reader) were defined (but not ratified) by EPCglobal prior to 2003. These protocols, commonly known as Class 0 and Class 1, saw significant commercial implementation in 2002–2005.
In 2004 the Hardware Action Group created a new protocol, the Class 1 Generation 2 interface, which addressed a number of problems that had been experienced with Class 0 and Class 1 tags. The EPC Gen2 standard was approved in December 2004, and is likely to form the backbone of passive RFID tag standards moving forward. This was approved after a contention from Intermec that the standard may infringe a number of their RFID-related patents. It was decided that the standard itself did not infringe their patents, but it may be necessary to pay royalties to Intermec if the tag were to be read in a particular manner. The EPC Gen2 standard was adopted with minor modifications as ISO 18000-6C in 2006.
The lowest cost of Gen2 EPC inlay is offered by SmartCode at a price of $0.05 apiece in volumes of 100 million or more. Nevertheless, further conversion (including additional label stock or encapsulation processing/insertion and freight costs to a given facility or DC) and of the inlays into usable RFID labels and the design of current Gen 2 protocol standard will increase the total end-cost, especially with the added security feature extensions for RFID Supply Chain item-level tagging.
EPCglobal Network, by design, is also susceptible to DoS attacks. Using similar mechanism with DNS in resolving EPC data requests, the ONS Root servers become vulnerable to DoS attacks. Any organisation planning to embark on EPCglobal Network may cringe upon discovering that the EPCglobal Network infrastructure inherits security weaknesses similar to DNS'.
A second class of defense uses cryptography to prevent tag cloning. Some tags use a form of "rolling code" scheme, wherein the tag identifier information changes after each scan, thus reducing the usefulness of observed responses. More sophisticated devices engage in Challenge-response authentications where the tag interacts with the reader. In these protocols, secret tag information is never sent over the insecure communication channel between tag and reader. Rather, the reader issues a challenge to the tag, which responds with a result computed using a cryptographic circuit keyed with some secret value. Such protocols may be based on symmetric or public key cryptography. Cryptographically-enabled tags typically have dramatically higher cost and power requirements than simpler equivalents, and as a result, deployment of these tags is much more limited. This cost/power limitation has led some manufacturers to implement cryptographic tags using substantially weakened, or proprietary encryption schemes, which do not necessarily resist sophisticated attack. For example, the Exxon-Mobil Speedpass uses a cryptographically-enabled tag manufactured by Texas Instruments, called the Digital Signature Transponder (DST), which incorporates a weak, proprietary encryption scheme to perform a challenge-response protocol for lower cost.
Still other cryptographic protocols attempt to achieve privacy against unauthorized readers, though these protocols are largely in the research stage. One major challenge in securing RFID tags is a shortage of computational resources within the tag. Standard cryptographic techniques require more resources than are available in most low cost RFID devices. RSA Security has patented a prototype device that locally jams RFID signals by interrupting a standard collision avoidance protocol, allowing the user to prevent identification if desired. Various policy measures have also been proposed, such as marking RFID-tagged objects with an industry standard label.
Shielding is again a function of the frequency being used. Low-frequency LowFID tags, like those used in implantable devices for humans and pets, are relatively resistant to shielding, though thick metal foil will prevent most reads. High frequency HighFID tags (13.56 MHz — smart cards and access badges) are sensitive to shielding and are difficult to read when within a few centimetres of a metal surface. UHF Ultra-HighFID tags (pallets and cartons) are difficult to read when placed within a few millimetres of a metal surface, although their read range is actually increased when they are spaced 2–4 cm from a metal due to positive reinforcement of the reflected wave and the incident wave at the tag. UHFID tags can be successfully shielded from most reads by being placed within an anti-static plastic bag.
The use of RFID technology has engendered considerable controversy and even product boycotts by consumer privacy advocates. Katherine Albrecht and Liz McIntyre, co-founders of CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering),are two prominent critics of the technology who refer to RFID tags as "spychips". The two main privacy concerns regarding RFID are:
Most concerns revolve around the fact that RFID tags affixed to products remain functional even after the products have been purchased and taken home and thus can be used for surveillance and other purposes unrelated to their supply chain inventory functions.
The concerns raised by the above may be addressed in part by use of the Clipped Tag. The Clipped Tag is an RFID tag designed to increase consumer privacy. The Clipped Tag has been suggested by IBM researchers Paul Moskowitz and Guenter Karjoth. After the point of sale, a consumer may tear off a portion of the tag. This allows the transformation of a long-range tag into a proximity tag that still may be read, but only at short range – less than a few inches or centimeters. The modification of the tag may be confirmed visually. The tag may still be used later for returns, recalls, or recycling.
However, read range is both a function of the reader and the tag itself. Improvements in technology may increase read ranges for tags. Having readers very close to the tags makes short range tags readable. Generally, the read range of a tag is limited to the distance from the reader over which the tag can draw enough energy from the reader field to power the tag. Tags may be read at longer ranges than they are designed for by increasing reader power. The limit on read distance then becomes the signal-to-noise ratio of the signal reflected from the tag back to the reader. Researchers at two security conferences have demonstrated that passive Ultra-HighFID tags, not of the HighFID type used in US passports, normally read at ranges of up to 30 feet, can be read at ranges of 50 to 69 feet using suitable equipment.
In January 2004 privacy advocates from CASPIAN and the German privacy group FoeBuD were invited to the METRO Future Store in Germany, where an RFID pilot project was implemented. It was uncovered by accident that METRO "Payback" customer loyalty cards contained RFID tags with customer IDs, a fact that was disclosed neither to customers receiving the cards, nor to this group of privacy advocates. This happened despite assurances by METRO that no customer identification data was tracked and all RFID usage was clearly disclosed.
During the UN World Summit on the Information Society (WSIS) between the 16th to 18th of November, 2005, founder of the free software movement, Richard Stallman, protested the use of RFID security cards. During the first meeting, it was agreed that future meetings would no longer use RFID cards, and upon finding out this assurance was broken, he covered his card with aluminum foil, and would only uncover it at the security stations. This protest caused the security personnel considerable concern, with some not allowing him to leave a conference room in which he had been the main speaker, and the prevention of him entering another conference room, where he was due to speak.
In 2004-2005 the Federal Trade Commission Staff conducted a workshop and review of RFID privacy concerns and issued a report recommending best practices.
RFID was one of the main topics of 2006 Chaos Communication Congress (organized by the Chaos Computer Club in Berlin) and triggered a big press debate. Topics included: electronic passports, Mifare cryptography and the tickets for the FIFA World Cup 2006. Talks showed how the first real world mass application of RFID technology at the 2006 FIFA Soccer World Cup worked. Group monochrom staged a special 'Hack RFID' song.
On July 22, 2006, Reuters reported that two hackers, Newitz and Westhues, at a conference in New York City showed that they could clone the RFID signal from a human implanted RFID chip, showing that the chip is not hack-proof as was previously believed.
A few critics, mostly conservative Evangelical Christians, believe that RFID tagging could represent the mark of the beast, which Revelation 13:16-17 says will be placed by the Antichrist in the right hands or foreheads of humans and necessary for commerce.
1=He forced everyone, small and great, rich and poor, free and slave, to receive a mark on his right hand or on his forehead,
so that no man could buy or sell unless he had the mark, which is the name of the beast or the number of his name.|4=Revelation 13:16-17
Related subjects include eschatology (theology and philosophy concerned with the final events in the history of the world) and dispensationalism (which sees the past, present, and future as a number of successive administrations).
Rev. Irvin Baxter Jr's Website provides his views in a video analysis on the topic titled "Mark of the Beast."