I'm looking for a low cost RFID solution that will support authentication. There is no need for Write operation in the transponder or to encrypt the data.
All the solutions I found so far are or to simple, only Read with no uC, or to complex that support many more features which I don't need and ,hence cost more.
1) first, there is no authentication without writing
2) second, there is no sensible authentication without encryption.
3) third, whatever selfmade quick solution is definitely more expensive than whatever commercial product
As a token, an RFID tag is a viable option. Authentication requires more, but the tag might form part of a solution.
Even a two-way solution with cryptography (e.g. smart-card) still only proves that the smart-card is present, not that it's in the hands of the correct individual.
A secure transaction system (supporting *legally strong* non-repudiation) requires a device encapsulating three features:
display of the transaction (document being signed)
authentication of the signer (keypad, thumbprint, etc)
private-key signing of the document
If the display is ambiguous or misleading, the contract is non-binding. If the authentication is faulty, the contract is non-binding. If the cryptography is faulty, the contract is non-binding. If the security of the relationship between these three is faulty, the solution fails.
So you see that smart-cards (for example) *cannot* support legal non-repudiation. So much for GWB's showy "signing" a law into effect using a smart-card (a few years back).
Just pointing out that security is as much a human problem as a technological one, and that there is no technological solution which is not susceptible to legal dispute. And because of that, we've developed legal and commercial means of living with low- tech solutions like magstripe credit cards, etc.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.