Friday, April 08, 2005

fyi RFID moves beyond supply chain mandates


Pointer to article:,10801,100886,00.html?source=NLT_ERP&nid=100886

Kobielus kommentary:
Complying with mandates….such a Y2K-plus concern. Interesting how the Internet economy sprung up spontaneously in the late great 90s without any such mandates. By contrast, this current decade has been pure crackdown, lockdown, whip-cracking, hatch battening.

RFID is a technology that will quickly become ubiquitous, with or without supply chain mandates. This article notes the trend toward ongoing, widespread, horizontal, general-purpose implementation of RFID across diverse use cases, application domains, vertical markets, and business processes. The grand test of any new technology is, as the article points out with RFID, its rapid adoption for tactical, closed-loop, quick-payback applications.

By pressing digital identities more deeply into the everyday fabric of things—-and of people’s personal possessions—-RFID carries forward the revolution that began with the invention of the URL. The rapid worldwide adoption of the URL (and its brethren: the URI, URN, etc.) in the mid 90s was the true turning point in the rise of the Internet economy. For the first time, it became feasible to implement an “all points addressable” world within which all entities were uniquely identified.

RFID brings all points addressable closer to its ultimate realization. However, all points addressable has its obvious downside. As the article notes, RFIDs are essentially visible/exposed to anybody/thing in their immediate vicinity. That’s why it’s critical, if we’re going to rely so heavily on this technology in all spheres of our existence, to adopt the following RFID implementation guidelines widely:

• Store as little identity information as absolutely necessary on the RFID tag;
• Configure the tag to broadcast a pointer to a secure firewalled identity repository, for RFID-relying applications that require further identity information on the tagged entity;
• Harden the tag-resident ID, so that it can’t be overwritten by unauthorized third parties;
• Configure the tag with a private key and the crypto algorithms necessary to digitally sign and encrypt the broadcast ID, so that it can only be read by authorized third parties, and can ’t be spoofed;
• Issue digital certificates for all RFID-tagged objects, or, more manageably, for the owners/holders/platforms of RFID-tagged objects, to support the requisite digital signatures and encryption

All points can become addressable only if we have the means to retrofit old things for this new identification scheme. I predict that, before long, we’ll be able to go to stores to pick up pads or rolls of RFID-bearing “post-it”-type adhesive tags. We’ll apply those tags to any and all of our personal possessions. We’ll also be able, when we purchase those RFID tags at the store, to automatically purchase the requisite digital certificates and RFID “base station” allowing us to set up, configure, and administer all RFID tags in our household (including those that will come embedded in all new movable electronic and other possessions). We’ll be able to plug our RFID base station into our home security system (or, preferably, the security system will automatically recognize and configure the RFID base station over WiFi or whatever home wireless network we have installed). When one of our RFID-tagged possessions leaves our home, the security system/RFID base station will notify us, or send an alarm to the police, or update our home property inventory. Or all of the above.

This is not a far-fetched RFID mass-market scenario, and I expect it will become commonplace by the end of this decade. This isn’t a supply-chain application of RFID, and nobody will mandate that we implement tighter surveillance over our personal possessions. It’s just gut-level, personal-protection common sense.

And it’ll bring PKI into the mass market in a major way too.