New offering from RSA® Professional Services helps organizations navigate risk factors in order to successfully deploy RFID technology
BEDFORD, Mass— RSA Security Inc. (NASDAQ: RSAS) today announced that its RSA® Professional Services division has developed a radio frequency identification (RFID) services offering to help companies assess RFID application security design for a successful deployment of RFID technology, a form of next-generation item-identification technology used to cut costs and improve supply-chain efficiency. The RSA Professional Services team, in collaboration with RSA Laboratories, the research center of RSA Security, will provide these services to benefit early adopters of RFID technology – such as consumer packaged goods manufacturers, logistics and transport providers, and retailers, as well as infrastructure suppliers and systems integrators.
Built around RFID tags — small silicon microchips attached to an antenna that emits a unique serial number via radio over short distances — RFID technology aims to replace the traditional printed barcode in supply-chain management systems. RFID technology expands the security perimeter to include a new class of devices that include RFID tags, readers, middleware and application servers. Similar to an unencrypted wireless network, for example, a person with a parabolic dish antenna could potentially snoop on RFID readers, stealing sensitive information such as the type and quantity of goods a company has shipped or received. Plus, security and trust problems are greatly increased by the need for sharing large volumes of internal RFID data with trading partners.
Another major challenge of RFID technology is personal privacy protection. Information stored on RFID tags can potentially be read by anyone with an RFID reader, and this information can range from personal buying habits in a retail environment, to the tracking of a driver’s location using automatic toll collection systems like E-Z Pass and FastTrack. These threats have already triggered a wave of protest among privacy advocates.
“RFID technology has remarkable potential and should not be dismissed by those who do not understand its overall commercial value,” said Dan Bailey, RFID solutions architect at RSA Laboratories, the research center of RSA Security. “At the same time, it introduces new security concerns, such as corporate-espionage, and raises questions about consumer privacy. Given its pioneering work in RFID innovation and security, RSA Security will help companies understand these issues and strike the necessary balance between business and consumer interests.”
The new RSA Professional Services offering centers on an RFID application security design assessment. The package includes an in-depth review of a company’s RFID deployment plans that pinpoints security risks and clearly defines impact. In addition, the design assessment includes audit capabilities that help articulate the security goals of an organization and determine if they are being met. The end result of this work is a report that includes a high-level security evaluation, architectural recommendations and specific design changes — information that can help companies benefit from RFID technology, and mitigate security and privacy concerns at the same time.
These services build upon RSA Security’s ongoing work in the field of RFID security. The company has recently demonstrated the prototype of its RSA® Blocker Tag at key industry and government conferences in San Francisco and Washington, D.C., including a forum sponsored by the U.S. Department of Commerce. The RSA Blocker Tag is a special RFID tag designed to prevent readers from performing unwanted scanning and tracking of people or goods, without any disruption to normal RFID operation. Devised by RSA Laboratories, in conjunction with Professor Ronald Rivest (the `R’ in RSA), the patent-pending RSA Blocker Tag is one of several RFID innovations under development at RSA Security.
RSA Security also is a founding member of EPCglobal Inc., the leading developer of RFID standards, and a successor to the Auto-ID Center. EPCglobal is a joint venture of the Uniform Code Council (UCC) and EAN International, the two organizations overseeing barcode standards in the U.S. and Europe respectively. In addition, RSA Security executives will address RFID issues at industry and government events throughout the year. This includes a keynote address by RSA Security CEO Art Coviello at a forum on RFID business and policy considerations hosted by the Information Technology Association of America (ITAA) on June 15, 2004, in Washington, D.C. (for more information, see the June 14, 2004, RSA Security media advisory). “The business world is rapidly embracing RFID technology because of its potential to cost-effectively streamline the supply chain. But little attention is being paid to security,” said John Worrall, vice president of worldwide marketing at RSA Security. “Organizations are starting to recognize the risks, however, and are turning to companies like RSA Security to help bridge the gap between an efficient, secure business model and consumer privacy.”
For more information on RFID privacy and security, and RSA Security’s activity in this space, visit http://www.rsasecurity.com/go/rfid/.
About RSA Security Inc.
RSA Security Inc. helps organizations protect private information and manage the identities of people and applications accessing and exchanging that information. RSA Security’s portfolio of solutions — including identity & access management, secure mobile & remote access, secure enterprise access and secure transactions - are all designed to provide the most seamless e-security experience in the market. Our strong reputation is built on our history of ingenuity, leadership, proven technologies and our more than 14,000 customers around the globe. Together with more than 1,000 technology and integration partners, RSA Security inspires confidence in everyone to experience the power and promise of the Internet. For more information, please visit www.rsasecurity.com.
