Radio-frequency identification

Radio Frequency IDentification (RFID) is a method of storing and remotely retrieving data using devices called RFID tags or transponders. An RFID tag is a small object that can be attached to or incorporated into a product, animal, or person. RFID tags contain antennas to enable them to receive and respond to radio-frequency queries from an RFID transceiver. Passive tags require no internal power source, whereas active tags require a power source.

It has been suggested that the first known device was an espionage tool invented by Léon Theremin for the Russian Government in 1945. This is not quite the case: Theremin's device was a passive covert listening device, not an identification tag. The technology used in RFID has been around since the early 1920's according to one source (although the same source states that RFID systems have been around just since the late 1960s). [1]

A similar technology, the IFF transponder, was invented by the British in 1939 [2], and was routinely used by the allies in World War II to identify airplanes as friend or foe.

Another early work exploring RFID is the landmark 1948 paper by Harry Stockman, entitled "Communication by Means of Reflected Power" (Proceedings of the IRE, pp1196-1204, October 1948). Stockman predicted that "...considerable research and development work has to be done before the remaining basic problems in reflected-power communication are solved, and before the field of useful applications is explored." It required thirty years of advances in many different fields before RFID became a reality.

RFID tags can be either active or passive.

Passive RFID tags have no internal power supply. The minute electrical current induced in the antenna by the incoming radio frequency signal provides just enough power for the tag to transmit a response. Due to limited power and cost, the response of a passive RFID tag is brief — typically just an ID number (GUID). Lack of an onboard power supply means that the device can be quite small: commercially available products exist that can be embedded under the skin. As of 2005, the smallest such devices commercially available measured 0.4 mm × 0.4 mm, which is thinner than a sheet of paper; such devices are practically invisible. Passive tags have practical read distances ranging from about 10 mm up to about 6 metres.

Active RFID tags, on the other hand, have an internal power source, and may have longer range and larger memories than passive tags, as well as the ability to store additional information sent by the transceiver. At present, the smallest active tags are about the size of a coin. Many active tags have practical ranges of tens of metres, and a battery life of up to 10 years.

Because passive tags are cheaper to manufacture and have no battery, the majority of RFID tags in existence are of the passive variety. As of 2004, these tags cost from US$0.40 at high volumes. Universal RFID tagging of individual products will become commercially viable at very large volumes of 10 billion units per year, driving production cost to less than US$0.05 according to one manufacturer. Current demand for RFID integrated circuit chips is not close to supporting that price. Analysts from independent research companies Gartner and Forrester Research agree that a price less than $0.10 (production volume of one billion units) is achievable in 6–8 years, thus limiting near-term prospects for widespread adoption of passive RFID. Other analysts believe such prices are achievable within 10-15 years.

While the cost advantages of passive tags over active tags are significant, other factors including accuracy, performance in certain environments such as around water or metal, and reliability make the use of active tags very common today.

There are four different kinds of tags commonly in use. They are categorized by their radio frequency: low frequency tags (125 or 134.2 kHz), high frequency tags (13.56 MHz), UHF tags (868 to 956 MHz), and microwave tags (2.45 GHz). UHF tags cannot be used globally as there aren't any global regulations for their usage.

There are some transponder devices and contactless chip cards which deliver a similar function.

An RFID system may consist of several components: tags, tag readers, edge servers, middleware, and application software.

The purpose of an RFID system is to enable data to be transmitted by a mobile device, called a tag, which is read by an RFID reader and processed according to the needs of a particular application. The data transmitted by the tag may provide identification or location information, or specifics about the product tagged, such as price, color, date of purchase, etc. The use of RFID in tracking and access applications first appeared during the 1980s. RFID quickly gained attention because of its ability to track moving objects. As the technology is refined, more pervasive and possibly invasive uses for RFID tags are in the works.

In a typical RFID system, individual objects are equipped with a small, inexpensive tag. The tag contains a transponder with a digital memory chip that is given a unique electronic product code. The interrogator, an antenna packaged with a transceiver and decoder, emits a signal activating the RFID tag so it can read and write data to it. When an RFID tag passes through the electromagnetic zone, it detects the reader's activation signal. The reader decodes the data encoded in the tag's integrated circuit (silicon chip) and the data is passed to the host computer for processing.

Take the example of books in a library. Security gates can detect whether or not a book has been properly checked out of the library. When users return items, the security bit is re-set and the item record in the Integrated Library System is automatically updated. In some RFID solutions a return receipt can be generated. At this point, materials can be roughly sorted into bins by the return equipment. Inventory wands provide a finer detail of sorting. This tool can be used to put books into shelf-ready order.

• Low-frequency RFID tags are commonly used for animal identification. Pets can be implanted with small chips so that they may be returned to their owners if lost. Beer kegs are also tracked with LF RFID. Two RFID frequencies are used in the United States: 125 kHz (the original standard) and 134.2 kHz (the international standard).

• High-frequency RFID tags are used in library book or bookstore tracking, pallet tracking, building access control, airline baggage tracking, and apparel item tracking. High-frequency tags are widely used in identification badges, replacing earlier magnetic stripe cards. These badges need only be held within a certain distance of the reader to authenticate the holder. The American Express Blue credit card now includes a high-frequency RFID tag, a feature American Express calls ExpressPay.

• UHF RFID tags are commonly used commercially in pallet and container tracking, and truck and trailer tracking in shipping yards.

• Microwave RFID tags are used in long range access control for vehicles.

• RFID tags are used for electronic toll collection at toll booths with California's FasTrak, Illinois' I-Pass, the expanding eastern state's E-ZPass system, and the Philippines South Luzon Expressway E-Pass. The tags are read remotely as vehicles pass through the booths, and tag information is used to debit the toll from a prepaid account. The system helps to speed traffic through toll plazas.

• Sensors such as seismic sensors may be read using RFID transceivers, greatly simplifying remote data collection.

• In January 2003, Michelin began testing RFID transponders embedded into tires. After a testing period that is expected to last 18 months, the manufacturer will offer RFID enabled tires to car makers. Their primary purpose is tire-tracking in compliance with the United States Transportation, Recall, Enhancement, Accountability and Documentation Act (TREAD Act).

• Some smart cards embedded with RFID chips are used as electronic cash, e.g. Octopus Card in Hong Kong and the Netherlands and United Kingdom (In the form of the London Underground Oyster Card) to pay fares in mass transit systems and/or retails.

• Starting with the 2004 model year, a Smart Key option is available to the Toyota Prius and some Lexus models. The key fob uses an active RFID circuit which allow the car to acknowledge the key's presence within 3 feet of the sensor. The driver can open the doors and start the car while the key remains in a purse or pocket.

• In August 2004, the Ohio Department of Rehabilitation and Correction (ODRH) approved a $415,000 contract to evaluate the personnel tracking technology of Alanco Technologies. Inmates will wear wristwatch-sized transmitters that can detect if prisoners have been trying to remove them and send an alert to prison computers. This project is not the first such rollout of tracking chips in US prisons. Facilities in Michigan, California and Illinois already employ the technology.

Wal-Mart and the United States Department of Defense have published requirements that their vendors place RFID tags on all shipments to improve supply chain management. [3]. Due to the size of these two organizations, their RFID mandates impact thousands of companies worldwide. The deadlines have been extended several times because many vendors face significant difficulties implementing RFID systems. In practice, the successful read rates currently run only 80%, due to radio wave attenuation caused by the products and packaging. In time it is expected that even small companies will be able to place RFID tags on their outbound shipments.

Since January, 2005, Wal-Mart has required its top 100 suppliers to apply RFID labels to all shipments. To meet this requirement, vendors use RFID printer/encoders to label cases and pallets that require EPC tags for Wal-Mart. These smart labels are produced by embedding RFID inlays inside the label material, and then printing bar code and other visible information on the surface of the label.

Implantable RFID chips designed for animal tagging are now being used in humans as well. An early experiment with RFID implants was conducted by British professor of cybernetics Kevin Warwick, who implanted a chip in his arm in 1998. Applied Digital Solutions proposes their chip's "unique under-the-skin format" as a solution to identity fraud, secure building access, computer access, storage of medical records, anti-kidnapping initiatives and a variety of law-enforcement applications. Combined with sensors to monitor body functions, the Digital Angel device could provide monitoring for patients. The Baja Beach Club [4] in Barcelona, Spain uses an implantable Verichip to identify their VIP customers, who in turn use it to pay for drinks [5]. The Mexico City police department has implanted approximately 170 of their police officers with the Verichip, to allow access to police databases and possibly track them in case of kidnapping.

Amal Graafstra, a Washington state native and business owner, had a RFID chip implanted in his left hand in early 2005. The chip was 12 mm long by 2 mm in diameter and has a basic read range of two inches (50 mm). The implant procedure was conducted by a cosmetic surgeon, although the name of the doctor was not released. When asked what he planned to do with the implant Graafstra responded: Because I’m writing my own software and soldering up my own stuff, pretty much anything I want. Well, more accurately, anything I have the time and inspiration to do. Ultimately though, I think true keyless access will require an implantable chip with a very strong encryption system; right now I’m only looking at this type of thing in a personal context.1

RFID tags are often envisioned as a replacement for UPC or EAN barcodes, having a number of important advantages over the older barcode technology. They may not ever completely replace barcodes, due in part to their relatively higher cost. For some lower cost items the ability of each tag to be unique may be considered to be overkill, though it would have some benefits such as the facilitation of taking inventory.

It must also be recognised that the storage of data associated with tracking goods down to item level will run into many terabytes. It is much more likely that goods will be tracked at pallet level using RFID tags, and at item level with product unique rather than item unique barcodes.

RFID codes are long enough that every RFID tag may have a unique code, while current UPC codes are limited to a single code for all instances of a particular product. The uniqueness of RFID tags means that a product may be individually tracked as it moves from location to location, finally ending up in the consumer's hands. This may help companies to combat theft and other forms of product loss. It has also been proposed to use RFID for point of sale store checkout to replace the cashier with an automatic system which needs no barcode scanning. However this is not likely to be possible without a significant reduction in the cost of current tags. There is some research taking place into ink that can be used as an RFID tag, which would significantly reduce costs. However, this is some years from reaching fruition.

An organization called EPCglobal is working on an international standard for the use of RFID and the Electronic Product Code (EPC) in the identification of any item in the supply chain for companies in any industry, anywhere in the world. The organization's board of governors includes representatives from EAN International, Uniform Code Council, The Gillette Company, Procter & Gamble, Wal-Mart, Hewlett-Packard, Johnson & Johnson, Checkpoint Systems and Auto-ID Labs. Some RFID systems use alternative standards based on the ISO-classification 18000-6.

The EPCglobal gen 2 standard was approved in December 2004, and is likely to form the backbone of RFID tag standards moving forward. This was approved after a contention from Intermec that the standard may infringe a number of their RFID related patents. It was decided that the standard itself did not infringe their patents, but it may be necessary to pay royalties to Intermec if the tag were to be read in a particular manner. EPC Gen2 is short for EPCglobal UHF Generation 2.

In July 2004, the Food and Drug Administration issued a ruling that essentially begins a final review process that will determine whether hospitals can use RFID systems to identify patients and/or permit relevant hospital staff to access medical records. The use of RFID to prevent mixups between sperm and ova in IVF clinics is also being considered [6].

Also, the FDA recently approved the country's first RFID chips that can be implanted in humans. The 134.2 kHz RFID chips, from VeriChip Corp., a subsidiary of Applied Digital Solutions Inc., can incorporate personal medical information and could save lives and limit injuries from errors in medical treatments, according to the company. The FDA approval was disclosed during a conference call with investors.

Some in-home uses, such as allowing a refrigerator to track the expiration dates of the food it contains, have also been proposed, but few have moved beyond the prototype stage.

Another proposed application is the use of RFID as intelligent traffic signals called a Road Beacon System or RBS.

There is no global public body that governs the frequencies used for RFID. In principle, every country can set its own rules for this. The main bodies governing frequency allocation for RFID are:

• USA: FCC (Federal Communications Commission)
• Canada: DOC (Department of Communication)
• Europe: ERO, CEPT, ETSI, and national administrations (note that the national administrations must ratify the usage of a specific frequency before it can be used in that country)
• Japan: MPHPT (Ministry of Public Management, Home Affairs, Post and Telecommunication)
• China: Ministry of Information Industry
• Australia: Australian Communication Authority
• New Zealand: Ministry of Economic Development

Low-frequency (LF: 125 - 134.2 kHz and 140 - 148.5 kHz) and high-frequency (HF: 13.56 MHz) RFID tags can be used globally without a license. Ultra-high-frequency (UHF: 868 MHz-928 MHz) cannot be used globally as there isn't one single global standard. In North America, UHF can be used unlicensed for 908 - 928 MHz, but restrictions exist for transmission power. In Europe, UHF is under consideration for 865.6 - 867.6 MHz. Its usage is currently unlicensed for 869.40 - 869.65 MHz only, but restrictions exist for transmission power. The North American UHF standard is not accepted in France as it interferes with its military bands. For China and Japan, there is no regulation for the use of UHF. Each application for UHF in these countries needs a site license, which needs to be applied for at the local authorities, and can be revoked. For Australia and New Zealand, 918 - 926 MHz are unlicensed, but restrictions exist for transmission power.

Additional regulations exist regarding health and environmental issues. For example, in Europe, the Waste Electrical and Electronic Equipment regulation does not allow for RFID tags to be thrown away. This means that RFID tags in cardboard boxes must be removed before disposing of them. Health regulations exist as well; see EMF (Electromagnetic field).

Some standards that have been made regarding RFID technology include:

• ISO 11784 & 11785 - These standards regulate the Radio frequency identification of animals in regards to Code Structure and Technical concept
• ISO 14223/1 - Radio frequency identification of Animals, advanced transponders - Air interface
• ISO 10536
• ISO 14443
• ISO 15693
• ISO 18000
• EPCglobal - this is the standard that is most likely going to form the basis of a Worldwide standard.

A primary security concern surrounding RFID technology is the illicit tracking of RFID tags. Both personal "location privacy" and corporate/military security may be violated if tags may be read arbitrarily. This is of particularly concern in the context of ongoing efforts to embed Electronic Product Codes (EPC) type RFID tags in consumer products.

Duplication, or "cloning" of RFID tags is another security concern. Because many RFID tags can be scanned at a distance and without the tag-holder's knowledge, they may be vulnerable to unauthorized duplication. This is of particular concern when RFID tags are embedded into "proximity cards" which are used to access buildings. It is also a problem when RFID is used for payment systems, as in the case of contactless credit cards, the ExxonMobil Speedpass, and in RFID-enhanced casino chips. Speedpass in particular used a tag manufactured by Texas Instruments that incorporated a weak, proprietary encryption scheme. In 2005, researchers from RSA Labs and Johns Hopkins University reverse-engineered the algorithm and were able to clone Speedpass tags [7].

One major challenge in securing RFID tags is a shortage of computational resources within the tag. Standard cryptographic techniques require more resources than are available in most low-cost RFID devices. Many security measures have been proposed for RFID in the academic literature. Several "lightweight" cryptography solutions have been proposed, including hash-locks, backward-channel XORing, third-party privacy agents, and LPN authentication [8]. RSA Security has patented a prototype device that locally jams RFID signals by interrupting a standard collision avoidance protocol, allowing the user to prevent identification if desired. [9]. Various policy measures have also been proposed, such as marking RFID-tagged objects with an industry-standard label.

How would you like it if, for instance, one day you realized your underwear was reporting on your whereabouts?

— California State Senator Debra Bowen, at a 2003 hearing [10]

The use of RFID technology has engendered considerable controversy and even product boycotts. The four main privacy concerns regarding RFID are:

• The purchaser of an item will not necessarily be aware of the presence of the tag or be able to remove it;
• The tag can be read at a distance without the knowledge of the individual;
• If a tagged item is paid for by credit card or in conjunction with use of a loyalty card, then it would be possible to tie the unique ID of that item to the identity of the purchaser; and
• The EPCglobal system of tags create, or are proposed to create, globally unique serial numbers for all products, even though this creates privacy problems and is completely unnecessary for most applications.

Most concerns revolve around the fact that RFID tags affixed to products remain functional even after the products have been purchased and taken home, and thus can be used for surveillance and other nefarious purposes unrelated to their supply chain inventory functions. Although RFID tags are only officially intended for short-distance use, they can be interrogated from greater distances by anyone with a high-gain antenna, potentially allowing the contents of a house to be scanned at a distance. Even short range scanning is a concern if all the items detected are logged in a database every time a person passes a reader, or if it is done for nefarious reasons (e.g., a mugger using a hand-held scanner to obtain an instant assessment of the wealth of potential victims). With permanent RFID serial numbers, an item leaks unexpected information about a person even after disposal; for example, items that are resold or given away can enable mapping of a person's social network.

Another privacy issue is due to RFID's support for a singulation (anti-collision) protocol. This is the means by which a reader enumerates all the tags responding to it without them mutually interfering. The structure of the most common version of this protocol is such that all but the last bit of each tag's serial number can be deduced by passively eavesdropping on just the reader's part of the protocol. Because of this, whenever RFID tags are near to readers, the distance at which a tag's signal can be eavesdropped is irrelevant; what counts is the distance at which the much more powerful reader can be received. Just how far this can be depends on the type of the reader, but in the extreme case some readers have a maximum power output (4 W) that could be received from tens of kilometres away.

The potential for privacy violations with RFID was demonstrated by its use in a pilot program by the Gillette Company, which conducted a "smart shelf" test at a Tesco in Cambridge. They automatically photographed shoppers taking RFID-tagged safety razors off the shelf, to see if the technology could be used to deter shoplifting. [11]

In another study, uncovered by the Chicago Sun-Times, shelves in a Wal-Mart in Broken Arrow, Oklahoma, were equipped with readers to track the Max Factor Lipfinity lipstick containers stacked on them. Webcam images of the shelves were viewed 750 miles (1200 km) away by Procter & Gamble researchers in Cincinnati, Ohio, who could tell when lipsticks were removed from the shelves and observe the shoppers in action.

In January 2004 a group of privacy advocates was invited to METRO Future Store in Germany, where an RFID pilot project was implemented. It was uncovered by accident that METRO "Payback" customer loyalty cards contained RFID tags with customer IDs, a fact that was disclosed neither to customers receiving the cards, nor to this group of privacy advocates. This happened despite assurances by METRO that no customer identification data was tracked and all RFID usage was clearly disclosed. [12]

The controversy was furthered by the accidental exposure of a proposed Auto-ID consortium public relations campaign that was designed to "neutralize opposition" and get consumers to "resign themselves to the inevitability of it" whilst merely pretending to address their concerns. [13]

The standard proposed by EPCglobal includes privacy related guidelines for the use of RFID-based EPC. These guidelines include the requirement to give consumers clear notice of the presence of EPC and to inform them of the choice that they have to discard, disable or remove EPC tags. These guidelines are non-binding, and only partly comply with the joint statement of 46 multinational consumer rights and privacy groups.

In 2004, Lukas Grunwald released a computer program RFDump which with suitable hardware allows reading and reprogramming the metadata contained in an RFID tag, although not the unchangeable serial number built into each tag. He said consumers could use this program to protect themselves, although it would also have significant malicious uses.

A number of countries have proposed to implant RFID devices in new passports [14], to facilitate efficient machine reading of biometric data. Security expert Bruce Schneier said of these proposals: "It's a clear threat to both privacy and personal safety. Quite simply, it's a bad idea." The RFID-enabled passport uniquely identifies its holder, and in the proposal currently under consideration, will also include a variety of other personal information. This could greatly simplify some of the abuses of RFID technology, and expand them to include abuses based on machine reading of data such as a person's nationality. For example, a mugger operating near an airport could target victims who have arrived from wealthy countries, or a terrorist could design a bomb which functioned when approached by persons from a particular country.

The US State Department initially rejected these concerns on the grounds that they believed the chips could only be read from a distance of 10 cm (4 in), but in the face of 2,400 critical comments from security professionals, and a clear demonstration that special equipment can read the test passports from 30 feet (10 m) away, as of May 2005 the proposal is being reviewed. [15]

The US state of Virginia has considered putting RFID tags into driver's licenses in order to make lookups faster for police officers and other government officials. The Virginia General Assembly also hopes that by including the tags, false identity documents would become much harder to obtain. The proposal was first introduced in the "Driver's License Modernization Act" of 2002, which was not enacted, but as of 2004 the concept was still under consideration.

The idea was prompted by the fact that several of the September 11 hijackers held fraudulent Virginia driver's licenses. However the American Civil Liberties Union has noted that in addition to being a risk to privacy and liberty, the RFID proposal would not have hindered the hijackers, since the false documents they carried were valid, officially issued documents obtained with other false identification. The weakness in the system is not failure to validate documents in the field, but failure to verify identity before issuing them.

Under the proposal, no information would be stored on the tag other than a number corresponding to the holder's information in a database, only accessible by authorized personnel. Also, to deter identity thieves one would simply need to wrap one's drivers' license in aluminium foil. [16], [17]

There has been discussion within part of the Christian community that RFID tagging could represent the mark of the beast mentioned in the Book of Revelation. Previously, other forms of identification such as credit cards and UPC codes had been suggested as candidates for the mark. Such speculation is not yet taken seriously by most members of the faith. [18] [19] [20]

• Sony FeliCa

• IDTechEx: World of RFIDTechnologies, applications and latest updates from independent analysts.
• Bhattacharya, Shaoni; 2005. "Electronic tags for eggs, sperm and embryos" at New Scientist.com, referenced 2 April 2005
• Roger Smith: RFID: A Brief Technology Analysis, CTO Network Library, 2005.

• Educated Study
• The Future Is Here: A Beginner's Guide to RFID — an RFID Gazette essay.
• RFID Tutorial — Includes information on Technology, Architecture, Standards, Security and Comparisions with other technologies.
• Integrating RFID with UID
• Informed Consent
• Impact of RFID on Supply Chain
• Open source suite of RFID applications
• Business Benefits from RFID

• RFID Asia — RFID Community in Asia
• RFID Tribe — The World's RFID Collaboration Forum
• EPCglobal Inc. — Organization that oversees standards for the EPCglobal Network
• Association for Automatic Identification and Mobility (AIM) — Trade association of providers that manage the collection and integration of data with information management systems.
• RadioActive Software Foundation — Open source software foundation dedicated to producing free and open RFID and supply chain related software.
• Colorado RFID Alliance - CORFIDA — non-profit organization founded by people who are passionate about RFID

• IDTechEx — RFID analysis and commentary.
• RFID Journal — Timely news & features covering RFID (radio frequency identification) technology.
• RFIDetail Complete on the wire feeds. Players,WiFi,RFID,Biometrics,Contactless Payment,RFID News,RFID and the Spins

• RFID Journal LIVE — RFID Journal's annual industry conference.
• RFID Weblog — Implementation and Application of RFID
• RFID Talk — RFID Industry Discussion Forum
• RFID Today — A new blog exploring the impact of radio frequency identification (RFID) on our daily lives.
• Surpriv: RFID Surveillance and Privacy blog — Blog for discussion of RFID-related surveillance and privacy.

• IDTechEx — Analyst Opinion and Comment on RFID.
• RFIDinsights — RFID news from Information Week.
• RFID News — weblog and monthly e-magazine covering the RFID Industry
• RFID Update — The RFID Industry Daily
• MoreRFID — RFID information website, including latest news, articles, vendors, products, and FAQs

• Stop RFID — an activist site specializing in privacy & RFID
• Consumer awareness [ZombieWire information everyone needs to know now]
• Information on, and opinions against, RFID
• EFF position on RFID
• EPIC's work on RFID
• C.A.S.P.I.A.N against RFID

• Loftware, Inc. - Designs and deploys RFID label software and solutions
• Gemini Communication Ltd, India - manufactures RFID Readers and Antennas
• Zebra Technologies - manufactures RFID printers and encoders
• SmartCode Corp. - manufactures RFID tags and Readers
• OAT Systems - manufactures RFID middleware software
• PSC Inc. - manufactures mobile computers with RFID readers
• Intermec - manufactures mobile computers with RFID readers
• Symbol Technologies - manufactures mobile computers with RFID readers
• Barcoding Inc. - Systems integrator markets RFID startup and evaluation kits
• Tagproduct - Systems integrator RFID and manufactures RFID readers
• ActiveWave, Inc. - manufactures Active RFID Tags, Readers, and Software
• Click Commerce, Inc. - provides RFID-enabled supply chain management solutions
• Impinj, Inc. - Key developer of the Gen-2 (reprogrammable) spec, Designs silicon and readers
• Gemini Communication Ltd, India - manufactures RFID Readers and Antennas
• GlobeRanger Corporation - provides RFID platform connecting core systems with real-time information
• WJ Communications - manufactures standalone and embeddable RFID readers
• Alien Technology - manufactures RFID readers and tags

• RFID Destroyer/Zapper Tagzapper disables the RFID chip.