This month there are a series of ISO RFID standards meetings taking place in Sarasota, FL USA. The second meeting was SC 31/WG 7. This committee is responsible for security and file management of the ISO/IEC 18000 series standards. The standard is ISO/IEC 29167 and it is still in the early stages of development.
The meeting was well attended with 25 people from 13 National Bodies and Liaison organizations.
Part 1 of this standard is the overall architecture and this document is already in ballot at the CD stage (see http://www.understandrfidstandards.com/how-does-iso-work/ for details of the process).
The standard is broken into several parts – the first is the general information, but the remainder define the specific methods to implement security and file management in the specific frequency dependent parts of ISO/IEC 18000. The first part of the work is on a method to implement in ISO/IEC 18000-6.
The work of this group on the UHF specific implementations is being kept in step with the work of GS1 EPCGlobal. This has slowed the work a little, but the progress has been good.
The two parts to the work are File Management and Security. For File Management, the goal is to produce a method to provide a standardized way of accessing user memory on a tag that conforms to ISO/IEC 18000-6. The concept can be thought of as similar to a hard drive on a PC where we have a file management scheme that we call folders. The committee is addressing how this can be achieved on a tag.
The second part of the work is on Security. The committee is creating a means to implement encryption based security on a tag. This security option will be presented in a standard fashion with a collection of optional security suites (such as AES, Triple DES etc.). The tag and reader will negotiate a common security method and then communicate through this encryption.
This work will allow for the authentication of tags and readers thus enabling many new applications for RFID. The ability to hide data in an encrypted form gives a RFID the ability to satisfy the needs of the users to effect a scheme that will enable privacy of data.
Feb 18, 2011