RSA introduces RFID blocker technology

Although still in its early research stage, RSA Security demonstrated a prototype of the RSA Blocker Tag technology at its data security conference in San Francisco on Tuesday. According to the company, when completed, the tag will enforce consumer privacy when dealing with radio frequency identification (RFID) tags.

RFID technology is much like that of the more familiar bar code data collection technology. It uses electronic tags to store identification data and a wireless transmitter gun to collect it. Unlike the more traditional bar code, however, the RFID tags can hold much more information than just a product or account number.

Without any disruption to normal RFID operation, the Blocker Tag -- which is a form of an RFID tag -- was designed to prevent readers from performing unwanted scanning and tracking of people or goods, according to the company.

RSA said in a statement that "in a naive, RFID-enabled world without technical forethought" RFID blocking technology is essential to disallow anyone that happens to have an RFID reader to gain access to sensitive information.

The blocker technology works by "spamming" any RFID reader that, without the proper authorization, tries to scan the tags, creating a hostile environment for the reader, RSA said. The company added that when the blocker tag is removed from a product, the RFID tags would work normally, but when RFID tags are in the coverage area of a blocker tag, the RFID tag and the information it contains would be shielded from the reader.

Jeff Woods, an analyst with Gartner, said that there are some legitimate concerns in the market with RFID technology. He said the initial response from retailers regarding these worries is that the RFID tags will be killed or disabled once the sale has been made, but according to Woods, this isn't a very good response.

He said that although disabling the tags would eliminate all of the privacy concerns, it also eliminates all of the consumer benefits or post-sale benefits that enterprises were going to get from using RFID tags.

"For example, if I kill all the tags when I sell the customers the products, I can't use the tags to track returns, which actually in consumer electronics was turning out to be one of the more interesting scenarios," Woods said. "And figuring out what is an authorized return versus what is an unauthorized return."

He added that although RSA's blocker technology will be fairly effective at minimizing consumers' concerns about the security issues tied with RFID technology, theoretically, there are exploits in the system.

"What remains to be seen is does it provide enough security, is it workable enough, is it usable enough that people will actually use it?" Woods noted. "There is some degree of user interface that has to worked out in terms of how users will activate the blocker, how they will partition the blocker and how the blocker will coexist with legitimate commercial applications

RFID has been monopolizing headlines since Wal-Mart Stores made public its demand that all of its top 129 suppliers be outfitted with RFID tags by the beginning of 2005. However, the technology itself has been around since 1948, according to Shrouds of time: The history of RFID, published by The Association for Automatic Identification and Data Capture Technologies (AIM) in 2001.

In a breakdown of the timeline of the technology in its report, AIM reported that the "explosion" of RFID development happened between 1970 and 1980, the commercial applications of the technology began entering the mainstream between 1980 and 1990 and the emergence of RFID standards came to market with the turn of the century.

Turkey’s ISPs hijack Google’s DNS service, killing bypass for Twitter, YouTube ban

READ THIS ARTICLE
MORE IN Wireless / Mobile Security
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Get Powerful Protection for All of Your Mobile Devices

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.