Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on A Secure RFID System

From: David Farber <dave () farber net>
Date: Thu, 24 Aug 2006 16:35:52 -0400


Begin forwarded message:

From: Ross Stapleton-Gray <ross () stapleton-gray com>
Date: August 24, 2006 4:26:05 PM EDT
To: dave () farber net, Brian Randell <Brian.Randell () ncl ac uk>
Subject: Re: [IP] A Secure RFID System
At 11:48 AM 8/24/2006, Brian Randell <Brian.Randell () ncl ac uk> passed along:
So here is what the product is all about: transfer of control to the owner of the tag - when a consumer buys a tagged product, then full control of the tag can be transferred to her at the POS and from that point on it is up to him to decide who is granted access to (the data on) the chip multimodality; the tag can operate in various modes, suited to the needs of the environment of use in the relevant phase of the lifecycle of a tagged product. Therefore, the tag can provide security and control and trust in both B2B and B2C environments. robust security; through encryption, one- step authentication, and a specific protocol for communications with reader devices.
But... this then requires that the retailer maintain a knowledge of corresponding passwords for each and every tag, in order to ensure that it and only it can make that handshake to transfer control; that that knowledge needs to passed along, from the tagging manufacturer (or whoever first keys the tag) down supply chain; and that such a capability (to rekey the tag/transfer ownership) exists at point of sale.
I'm skeptical that many supply chains will be re-engineered to allow for the close coupling of physical goods and encryption keys, in ways that aren't then rife for exploitation. But the more immediate issue is that lots of points of sale won't have the technology (or inclination... these processes ain't free) to transfer custody. Every mom & pop retailer, for example. And anywhere that the process will take any time/impose any clerk inconvenience. 

Ross



----
Ross Stapleton-Gray, Ph.D.
Stapleton-Gray & Associates, Inc.
http://www.stapleton-gray.com
http://www.sortingdoor.com






-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: