Authentication with RFID

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
Hi All,

I'm looking for a low cost RFID solution that will support
authentication.
There is no need for Write operation in the transponder or to encrypt
the data.

All the solutions I found so far are or to simple, only Read with no
uC, or to complex that support many more features which I don't need
and ,hence cost more.

Does someone have any idea for a solution for me.

Thanks in Advance
roy


Re: Authentication with RFID

Quoted text here. Click to load it

How exactly do you think you'll reach some credible form of
authentication without encryption?

--
Hans-Bernhard Broeker ( snipped-for-privacy@physik.rwth-aachen.de)
Even if all the snow were burnt, ashes would remain.

Re: Authentication with RFID
There is a big different from encryption a data and dual authentication.


Re: Authentication with RFID

Quoted text here. Click to load it

1) first, there is no authentication without writing
2) second, there is no sensible authentication without
    encryption.
3) third, whatever selfmade quick solution is definitely
    more expensive than whatever commercial product

Rene
--
Ing.Buero R.Tschaggelar - http://www.ibrtses.com
& commercial newsgroups - http://www.talkto.net

Re: Authentication with RFID
Quoted text here. Click to load it

Commonly implemented authentication solutions require *two* of:
* something you know (a password)
* something you have (a token)
* something you are (biometrics)

As a token, an RFID tag is a viable option. Authentication requires
more, but the tag might form part of a solution.

Even a two-way solution with cryptography (e.g. smart-card) still
only proves that the smart-card is present, not that it's in the
hands of the correct individual.

A secure transaction system (supporting *legally strong*
non-repudiation) requires a device encapsulating three features:
* display of the transaction (document being signed)
* authentication of the signer (keypad, thumbprint, etc)
* private-key signing of the document

If the display is ambiguous or misleading, the contract is non-binding.
If the authentication is faulty, the contract is non-binding.
If the cryptography is faulty, the contract is non-binding.
If the security of the relationship between these three is
faulty, the solution fails.

So you see that smart-cards (for example) *cannot* support legal
non-repudiation. So much for GWB's showy "signing" a law into effect
using a smart-card (a few years back).

Just pointing out that security is as much a human problem as a
technological one, and that there is no technological solution
which is not susceptible to legal dispute. And because of that,
we've developed legal and commercial means of living with low-
tech solutions like magstripe credit cards, etc.

Clifford Heath.

Site Timeline