Why would anyone consider challenging the status quo? Many airport owner/operators use proximity badges for access control. Just wave the prox badge at the reader, maybe enter a PIN code, and the door opens. Easy to use, familiar to all, and widely installed. Enter RFID — what exactly is it? Is a prox badge just another form of RFID? Following is an analysis of RFID as it pertains to access control and overall security at airports, from a veteran entrenched in the various industry working groups looking at its future application.
It may be better to discuss access control in terms of RF-enabled identity (ID) technologies that provide these capabilities. What exactly is the breadth of RF technology used for ID and access control? It is easy to become confused about RFID when there are different technologies claiming to be RF-enabled ID solutions. What is the threat/risk profile when you make a procurement decision for the RF-enabled ID credential technology used within your facility?
As a quick overview, RFID — radio frequency identification — encompasses a number of technologies. Anything that uses radio frequency to communicate with a reader for ID applications falls into the category of RFID. The challenge is understanding the application environment and understanding the security implications of that application. Typically, an RFID tag uses radio frequency transmission to send an ID number to a reader. Some are more secure than others. All have a place in the airport environment. Our concern is around security and access control, so some do not belong in that application.
RFID is used in many applications:
- logistics and electronic product codes;
- vehicle tracking and toll collection;
- proprietary access control systems;
- standards-based ID documents; and
- standards-based ID and access control.
Logistics tracking - the wal-mart example
The buzzword RFID historically was not associated with secure identity and access control applications. Rather, it was more frequently associated with identifying packages and pallets and tracking them within logistics applications. Wal-Mart made quite a splash with its intention to require all suppliers to deliver products and goods to them with RFID tags. The goal: more efficient inventory management and cost reduction. (The fear: the shirt that I bought will have an RFID tag on it, enabling anyone to track me after I leave the store.)
One of the key players in this view of the RFID industry is EPCglobal. Its website (www.epcglobalinc.org) says that “EPCglobal leads the development of industry-driven standards for the Electronic Product Code (EPC) to support the use of Radio Frequency Identification (RFID) in today’s fast-moving, information rich, trading networks.” EPCglobal’s core standard for this technology is known as the EPC Gen-2 RFID tag.
In response to the Wal-Mart brouhaha, EPCglobal did the right thing. It defined a set of guidelines for the use of its technologies in consumer goods (www.epcglobalinc.org/public/ppsc_guide/). It addresses core issues: notice to consumers about the RFID tags, how to find them, how to disable them. This enables the consumer to avoid being tracked, yet allows the retailer to gain the benefits in logistics to the supplier.
Migration of RFID to ID and Access Control
If RFID tags are for logistics, why even discuss them in the context of airport access control and security? Just look at the Department of Homeland Security (DHS) and you can see why. DHS has announced that it is using the EPC Gen-2 tag for human identification applications to cross the nation’s land and sea borders, via the Western Hemisphere Travel Initiative.
The State of Washington, in partnership with DHS, is piloting this technology for its citizens in a new driver’s license. For that state, this is a critical service to its citizens, enabling ease of access across the northern border.