RFID Tags and Privacy. Dan Bailey, RSA Laboratories August 26, 2004

Similar documents
RFID FAQs, not Fiction

Needs Assessment Report for the A&P Supermarkets

RADIO FREQUENCY IDENTIFICATION (RFID) Anush Kumar,Chandan Kumar Department of ECE Dhronacharya Engineering College,Gurgaon,India

MOBILE PAYMENTS: A Key Opportunity in Today s Business Landscape

VARTECH NATION. EMV Certification for IT Professionals

THE STATE OF CUSTOMER DEVOTION IN RETAIL PART TWO

This Week in the Boardroom 12/04/14 Page 1

1. Understanding Big Data. Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview

Introduction A lot has been written about the level of detail appropriate for the RFID privacy impact assessment. Here we try to explain the evolution

abhisam RFID Discover the power of e-learning!

RFID Product and Brand Protection Finding the privacy and security settlement for the mass market

RFID, for You and Me!

RFID Refrigerator Project Proposal

RFID AS A TOOL FOR SAFETY, SECURITY, PRIVACY AND CONVENIENCE FOR INTELLIGENT TRANSPORT SYSTEMS

THE BEST POS FOR GUN STORES AND RANGES!

OBJECT PERMANENCE AUTHENTICATION AND OBJECT IDENTIFICATION, USING ENCRYPTION AND BLOCKCHAIN TECHNOLOGY. Copyright 2018

Proactive Listening: Taking Action to Meet Customer Expectations

Root Beer Game in Progress

THE ULTIMATE GUIDE TO GENERATE LEADS VIA YOUR WEBSITE

and convenience stores

Time and Attendance Solution

COMMUNICATION & CHANGE MANAGEMENT SUMMIT SEATTLE, WASHINGTON JULY 28 30, 2019 CALL FOR PRESENTATIONS SESSION DESCRIPTIONS

PCI Toolkit

Privacy Challenges in RFID

Instantly-Mobile Kiosks: Security Meets Convenience

MITIGATE THE RISK OF FRAUD AND COMPLIANCE COSTS with EMV mandates. An NCR white paper

P.O. Box 9506 Bakersfield, CA or

Emerging Technologies and the Year in Review

Prevent and Handle No-Shows. A Guide for Hotel Owners and Managers

At the 2005 ALA Midwintel' Meeting, the ALA Council adopted CD#19.1, Radio Frequency Identification (RFID) Technology and Pl'ivacy Principles.

RFID PRIVACY IN EUROPE Implications for Libraries. Paul Chartier Convergent Software Ltd. CILIP Conference, Nov 2012

PROTECT AGAINST A DATA BREACH & ADDRESS PCI DSS COMPLIANCE WITH TRUSTCOMMERCE

readinggroups.org Social Media Guide

Hanging Up Happy: How to Turn Contact Centers into Customer Satisfaction Centers

BMI 3C - E-Commerce. Your Task:

Guidelines for Using RFID Tags in Ontario Public Libraries

Retail 2020 The End of Silent Retailing

Understanding Privacy Policies: Content, Self-Regulation, and Markets

Sridhar Iyer. IIT Bombay

Managing different personalities

ACHIEVING INTEROPERABLE ELECTRONIC TOLL COLLECTION IN SOUTH AFRICA. Alex van Niekerk South African National Roads Agency (SANRAL)

Operational Responsiveness

Employer s Guide To Telehealth. Reshaping Access To Quality Healthcare For Your Employees.

SMART TROLLEY FOR GUIDING CUSTOMERS IN SUPER MARKETS USING AOT

Enhance your Customer Service by Addressing Generational Communication Preferences ROSE SCHAFFER MS, RN

Think of the customer journey Mobile is a must-have POS must get personal Upselling and cross-selling

PEOPLE WATCH MONEY, MONEY, MONEY JUNE 2018 PEOPLE WATCH

RFIDs at Work: Tracking Assets, Managing People, and Controlling Costs. Jack Cook, Ph.D., CFPIM, CSQE, CSCP

Other legal considerations for your website content can include: Using proper company logos and listing trademarks and registered trademarks

Why and How IoT in Retail? Between RoI Modelling and The Need of Transformation

HEAD OFFICE 1004A-C, JMD Megapolis, Sohna Road, Sector-48,Gurugram, Haryana Website :

Our services. Because sometimes you need a helping hand. Inter IKEA Systems B.V. 2016

Summary of Mobile Payments Industry Workgroup (MPIW) Meeting with Merchants and Mobile Payment Start-ups September 25, 2012

Increasing importance of Customer Experience in the Chemical Industry

Mazzitti & Sullivan EAP Services Notice of Privacy Practices

Make payment pain a thing of the past. How mobile point of sale can help boost your business and keep your customers happy

ICT IGCSE Theory Revision Presentation 2.2 Direct data entry and associated devices

RFID Technical Tutorial and Threat Modeling. Presented by: Neeraj Chaudhry University of Arkansas

5 STRATEGIES TO BOOST YOUR RETAIL SALES

bsmart 2 includes major enhancements to the core database to enable the deployment of new technologies and future proof your system

Client Alert. Radio Frequency Identification RFID Technology Implications for Privacy in Europe. Privacy & Data Protection.

A Buyer s Guide to POS

For more information on how Etihad Guest handles your personal information, please see the Etihad Guest privacy policy, available here.

RFID and Privacy Impact Assessment (PIA)

Sage Payment Solutions. Reduce your PCI liability with integrated payment solutions

Not All Machine Learning Systems Are Created Equal

Commission on Marketing and Advertising Task Force on Electronic Product Codes

Phases of RFID projects. Overview of HKU IMSE Retail Smart Shop. Design Overview. Design Overview

Hackathon Privacy, Big data and protection of rights. Plesner Law Firm - Michael Hopp - Henrik Bechgaard. 29 May 2015

Rugged Tablet Solutions: A Technical Buyer s Guide

RFID OVERVIEW. by ADC Technologies Group. Introduction to Radio Frequency Identification (RFID) Certified RFID Provider

Emergency Services Fleet & Equipment Management

WEX s Path To Payments Innovation

Seminar: Communication Infrastructure, RFID Security

UX & ROI. Improving the business value of a service with good UX and good design skills. Frédéric Gaillard - Axance (UXallliance-Paris)

INNOV-6: "RFID Vapor, Fiction and Truths"

Card payment processing for your business

Pharmasave Rewards Program Configuration, Use, & Frequently Asked Questions

THE FUTURE OF ADVERTISING Make every ad dollar count with 1-to-1 customer journeys.

Story - Shop MyWy self-serve Checkout solution

FORGET CHICKEN LITTLE THE SKY IS FALLING: CURRENT ENTERPRISE RISK MANAGEMENT STRATEGIES FOR PRODUCT RECALLS AND CORPORATE COMPLIANCE MATTERS

RETAIL ITEM INTELLIGENCE

Radio-Frequency Identification (RFID) Panorama of RFID Current Applications and Potential Economic Benefits

PRACTICE SOLUTION. 5 Ways to Kill Your Online Reputation.

VisionSoft Point of Sales. Student Information System

SCOOTER S COFFEE MOBILE APP REFERENCE GUIDE

Mobile Point of Sale Solutions: 2019 Easy and Secure Methods

OUR STORY. This one innovation opened the door for the entire prepaid industry.

Drive Insight from Retail Analytic and Leverage Predictive to Change the Game. Greg Wong, Director Analytics, Greater China July 26, 2016

Investigating the myths and realities of contactless payment

Australian Retail RFID Alliance. RFID & IoT What s it all about? GS1 8 Nexus Ct, Mulgrave Unique Micro Design REV 02

COMMISSION OF THE EUROPEAN COMMUNITIES COMMISSION RECOMMENDATION. of

Millennials vs. Boomers Are There Any Differences?

Achieving i total t retail

This document will detail the three biggest mistakes these companies can make in reusable container management.

CSE 303 Concepts and Tools for Software Development. Magdalena Balazinska Winter Lecture 25 Impact of Computer Engineering Solutions: RFID

Prince George s County

DIGITAL MARKETING DATA SHEET CHANNELADVISOR DIGITAL MARKETING ENABLES RETAILERS TO: And many more

AVA Asset Manager with RFID Integration

SESSION 3 Helping FSBOs & Handling Objections

Transcription:

RFID Tags and Privacy Dan Bailey, RSA Laboratories August 26, 2004

Early examples of consumer backlash 42% of Google results on RFID include word privacy CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering) Group discovers Metro AG s loyalty cards contain RFID tags without consumer disclosure http://www.foebud.org/rfid/index-gb.html leading Metro AG to remove RFID tags from future loyalty cards http://www.in-sourced.com/article/articleview/1396/1/1/ National news coverage: NY Times, Time, etc. Even if the consumer hysteria is based on misperception, it s still a major problem Most participants in this debate adopt one of two views. Let s review them in detail

RFID Debate Part One: RFID is Good Proponents of this view tend to embrace the following: RFID technology provides a major benefit to supply-chain efficiency, with the potential to save billions of dollars a year Only extremists care about RFID privacy Informal surveys of general consumer populations show little acknowledgement or concern about RFID privacy Only the misinformed care about RFID privacy some fears about tracking passive tags from satellites, or guns that shoot tags into people are misguided People can already be tracked to some extent by their cellphones and credit card transactions Building an infrastructure to create, store, and transport kill codes is a costly expenditure with questionable ROI for business

RFID Debate Part Two: RFID is Bad Proponents of this view tend to embrace the following: RFID technology provides a major new avenue for certain interest groups (government, big business, etc.) to create dossiers on average citizens locations and affinities If you come near the DNC site with a copy of Adam Smith s The Wealth of Nations, are you a threat? This data can be harvested at a distance, without consumer knowledge or consent Established RFID toll collection (Fast Lane, EZ-Pass, etc) systems collect data which already is subpoenaed by law enforcement or litigants, especially in child-custody lawsuits The potential for abuse by special interests, or rogue insiders within data-collecting organizations is well documented

RFID Debate Part Three: Can Technological Safeguards Help? Rather than advocating either of these positions, we d rather discuss technological safeguards which may provide a middle ground to solve this dilemma: Business benefits without consumer risks It all starts with a bit, but first a bit about consumer RFID applications

Consumer applications are coming Killing/removing tags stifles development of consumer apps Smart appliances Refrigerators that automatically create shopping lists Closets that tell you what clothes you have available, and search the Web for advice on current styles, etc. Ovens that know how to cook pre-packaged food Medicine cabinets that can assist Alzheimer s patients Smart products Clothing, appliances, CDs, etc. tagged for easy store returns Smart paper Library books Business cards

What s our goal here? To allow supply-chain infrastructure to provide business benefits while respecting consumer privacy The privacy bit allows supply-chain infrastructure to selectively communicate with only those tags that are still in the supply chain It also allows retailers an auditable way to assure customers that their privacy will be protected Since anyone listening to the reader can hear its Query command With a special tag for this purpose, anyone can tell if a reader is abiding by a policy that prevents it from scanning private tags

How does the privacy bit work? A tag is originated with Privacy bit set to 0 The tag travels normally through the supply chain Supply-chain readers issue Query commands specifying (say) Passive, Public tags Note that ordinary supply chain operations aren t slowed down At point of sale, POS terminal can set the Privacy bit to 1, as an alternative to killing the tag Tag will now no longer reply to Supply-chain reader Query commands

How does the privacy bit work? After purchase, consumer can take tags home RFID readers for consumer applications issue PrivateQuery commands specifying Private tags This creates two classes of RFID reader, with two classes of policy and consumer disclosure: Supply chain readers promise not to read Private tags Consumer readers say they ll read Private tags Two very different policy and regulatory regimes are in effect Could have a reader certification and branding process to indicate which readers/middleware are for which environment

What does this allow? Retailers have an auditable privacy policy that s on by default to protect consumer privacy Rogue readers can be thwarted by using a Blocker Tag This Blocker Tag listens for PrivateQuery commands and simply mounts a Denial of Service attack on the reader

Questions? Dan Bailey RFID Solutions Architect, RSA Laboratories http://www.rsasecurity.com/go/rfid dbailey at rsasecurity dot com +1 781 515 7253

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback