Slashdot Mirror
RSA Creating RFID Blocker Tag
burgburgburg writes "RSA is introducing a new RFID cloaking system to guard secret data. The RSA Blocker Tag technology uses a jamming system designed to confuse RFID readers and prevent those devices from tracking data on individuals or goods outside certain boundaries. At its security conference, RSA demonstrated the blocking technology in a pharmacy setting. The pharmacist provides your prescription in a special bag with the Blocker tags. When the drugs are in the bag, RFID readers are blocked. Take them out, they're readable. The tags work by emitting radio frequencies that fool RFID readers into thinking they're receiving unwanted data, causing them to shun data from that source. RSA promises that this new technology will not interfere with the normal operation of RFID systems or allow hackers to use security technology to bypass theft-control systems or launch denial-of-service attacks." Maybe it's just me, but this seems to not address any of the important RFID issues at all.
RSA promises that this new technology will not interfere with the normal operation of RFID systems or allow hackers to use security technology to bypass theft-control systems.
I think this kind of technology is asking to be abused. Just like the cell fone signal jammers.
Consensus is good, but informed dictatorship is better
So once stores are using automated RFID-reading-Visa-charging tills instead of employing humans, you be able to get one of these bags, fill it with goodies, and walk out without paying?
Sounds good to me.
SteveB.
I probably would wind up getting sued. I guess you have to have a business plan to be able to jam signals without fear of prosecution (mostly kidding here).
It does seem like a reasonable application but, as the story says, isn't intended to address the broad range of objections. Still, protecting privacy of medical information is a step in the right direction... and what's to prevent me from applying it elsewise?
Why not simply make the bag out of a material that simply dampens radio signals, opposed to sending out additional, confusing signals? It's a technique used to keep security sensors from detecting RFID security tags. And the substances that work are ..reasonably commonplace.
Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: General Protection Fault. [Paroty Error.]
Why not just pull out the RFID?
What I want is to be able to disable the damm tags on anything I've already purchased and taken home!
-MattT *** Not speaking for my employer, or any other sentient beings ***
The same thing that keeps them from doing it now (hint: it's not RFID).
Stupid sexy Flanders.
Essentially, the blocker tag system works by tricking readers that all the possible RFID tags are present at a given time. Because RFID readers can communicate with only one tag at a time, when multiple tags reply to a single query, the reader detects a collision.
When that happens, the reader tries to communicate with each tag individually, asking each for its next bit, which identifies the portion of a binary tree the tag resides on. However, when queried in the presence of a blocker tag, the blocker tag also responds, but with a "0" and a "1" bit, confusing the reader and preventing it from getting valid responses.
So couldn't you just always have a blocker tag with you at all times? Say you build one of these into your watch, for instance. Wouldn't that make a store's entire RFID system useless for the items you're carrying?
Also, blocker tags in bags don't do anything to protect your privacy once you take the item out of the bag; so if the RFID tag is on clothing, it would still be active while you're wearing it, but not while you're walking out of the store with it. Something about that definitely doesn't seem right.
Not to mention a whole host of other problems. Seems RSA is looking for a new business model, seeing as their compression patent expired.
The most important things that keeps the vast majority of shoppers from stealing DVDs, or anything else for that matter, are honesty and morals.
Stupid sexy Flanders.
we like to call it the microwave
[Fuck Beta]
o0t!
...I'm sure that they'll find some law, like the DMCA, to use against anyone who dares try to assert this bizarre "privacy right". If no law can currently be manipulated into supporting their agenda, they'll write a new one and pay Congress to enact it.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Maybe it's just me, but this seems to not address any of the important RFID issues at all.
Why would this address any of the important issues. The important issues are based in policy, not technology. Technology enforces policy.
And I claim my RFID tag is for rights management and you go to jail. Easily solved. Come to think of it if you look suspicious I'm sure something like "going equipped to steal" would do for the carrier or nonsense like "accessory to a crime" to the manufacturer 8)
Strange how DVD copying software is being ruled illegal as it might be used to commit a crime while high velocity rifle rounds that penetrate police armour and kill people are not.
I guess Mickey Mouse is worth more than a pile of dead fbi men.
"Combine that with RFIDs scanned as they leave the store, returning to the car, and I think we will have an incredible insight into the nature of those people's purchases."
You think that's bad? Imagine a bomb which explodes when it detects the RFID tag in an American passport nearby.
somebody goes and patents anti-static bags as a means to block the RFID signals?
Maybe it's just me, but this seems to not address any of the important RFID issues at all.
First, enlighten us and tell us what the "important RFID issues" are.
Then, tell us why this device was supposed to resolve them, and didnt.
I don't need no instructions to know how to rock!!!!
Merely a pacifier in the mouths of consumers. "Oh we are safe now, back to living/enjoying RFID as per the norm". Tell them whatever they want to hear, they will believe you and be happy.
RFID and/or barcodes on drugs can prevent errors in hospitals which cause many deaths per year in the US (dont have actual stats handy). In fact, it will soon be a requiremen that all drugs be barcoded in hospitals. If a drug is scanned before it is administered, and that scan is compared with a scan of the patients hospital wristband, incorrect drug and dosages can easily be caught. Prescription orders can be entered into the computer and verified by electronic signature, also eliminating mistakes due to sloppy handwriting.
RFIDs arent meant to solely deter shoplifting. Hell, you can rip the security tags off.
They're more about inventory and process control. Store managers want to be able to walk down the aisle with their RFID-scanning laptop and instantly know how many of each item are there. Or, misplaced items can shout "hey, I'm on the wrong shelf!"
Or honest shoppers can take their stuff up to the self-checkout area, and the screen shows you whats in your bag and you sign off on it, rather than having to scan and rebag everything.
And, of course, the paranoid will tell you its so the CIA can scan you from a plain white van and know what kind of deoderant you use.
Shoplifters and thieves will always find a way around the system, so it doesn't matter.
I don't need no instructions to know how to rock!!!!
The problem with all of this stuff is that I have no way to check any of it for myself. How do I know that the "blocker bag" they gave me works? How do I know that someone won't start a business of supplying cheap substitutes, for businesses that want to pacify their customers, that look like real blocker bags but don't do anything? What do I look for? The genuine RSA seal? What if the pharmacist hands me a bag that has some other company's seal on it? Do I trust it?
Will there be a TRUSTe seal on the bag to tell me that I can trust the company that made the bag... just like the TRUSTe seal that certified that eToys would never sell their customer list?
Suppose I have a genuine RSA-branded blocker bags with an authentic non-counterfeitable TRUSTe hologram on it. How do I know it's working properly? Will the pharmacy supply a "blocker bag scanner," like the price-checking guns in Walmart, that let me verify that the blocker bag is actually working? Will the blocker bag scanner have a Commonwealth of Massachusetts weights-and-measures sticker on it to assure me that it's working properly?
If the answer is that I should just trust the pharmacist to be telling the truth when he says it's a blocker bag... well, why shouldn't I just trust the pharmacy not to do anything bad with the data they are capturing from all the RFID tags I'm wearing?
Just because CVS/Pharmacy gave a marketing firm a list of diabetic customers to sell to companies marketing products for diabetics doesn't mean they'd ever do such a thing again. Heck, that was way way back in dark ages... 1998.
These companies are all like Lucy holding the football for Charlie Brown. Trust us, trust us, trust us... even though we've betrayed your trust over and over again in the past, we'll never do it again.
"How to Do Nothing," kids activities, back in print!
All we need now is for the courts to rule that tin foil is somehow a violation of the DMCA under the "circumvention" provision.
When tin foil is outlawed, only the outlaws will have tin foil!
In Soviet Russia, RFID Blocks you!
This comment is fully compliant with RFC 527.
Perhaps I'm missing something here, but aren't the tags in question used for tracking inventory and such? It's not like this blocker is intended to be used against RFID tags that the makers explicitly don't want to have disabled, so why don't the RFID tags themselves have a "disable code" that turns them off?
The majority of people are greedy. Fear of getting caught stops them from stealing.
This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
Strange? No. The firearms industry has lots of money, the movie industry has lots of money, and politicians want lots of money. It makes perfect sense to me.
In the meantime, I'll continue buying both as I damn well see fit (although to date I've not seen fit to buy either).
Alito: A vote for Alito is a punch in the eye to put that bitch back in her place!
The DVD copying software (DVD Xcopy i presume, as thats the one that was in the news recently) was ruled illegal because it circumvented copy protection measures, and under current statutes (DMCA) its an open-and-shut case, there isnt much else the Judge could have done. It didnt make 1:1 backup copies, because it did two things: transcoded the contents to make it fit, and allowed you to choose what you wanted copied. If it could make 1:1 copies, and that was all it did, then it would probably have passed ok, as it didnt surcumvent any acts. Dont blame me, dont blame the judge, blame the person who signed the law.
I wish I could have a gizmo that would disale cell-phones withing ten or so feet. It would be very useful in movie theaters, on the bus, in restaurants, etc.
Conceivably, RFID tags could be constantly tracked in store and raise a red flag to security if they disappear.
Not sure if that would do any good. Someone goes into a store and grabs something with an RFID, places it in their foil lined hidden inner pocket in their jacket, and walks out. When the item goes off the RFID master radar image, it maybe sets off an alert, so then someone has to physically walk to the shelf to see what happened. By then, the thief is long gone. Plus, they aren't exactly super high-power devices, I'm sure they occasionally don't hear the query or respond back in time, so you'd get lots of false alarms.
If you can read this then I forgot to check "Post Anonymously"
And high powered rifle rounds pretty have one purpose: piercing armor and thick hides. Not may elephants here in america to hunt. Yet you can easily buy the rounds for guns whos only legitimate purpose could be to shoot large game. It has nothing to do with utility, and everything to do with which lobby has more money. The NRA has lots of money to lobby congress in favor of allowing guns, and the MPAA has lots of money to lobby congress to pass laws banning DVD copying software. The problem is that we don't really have much of a lobby with congress. All we have are our votes. Most people don't bother to use their votes, then complain when the idiots who are elected into office pass laws they don't like. If you don't like the system, change it. Don't just sit there and complain about it.
If you can read this then I forgot to check "Post Anonymously"
Actually they aren't as similiar as you'd think. Psychology studies, indeed even students in basic classes, have proven time and time again that given the option between a completely risk free theft and paying for something reasonably priced, people with "Western Morals" will chose to pay for it in most cases.
It isn't until you cross the price line where people think YOU are being unfair to them that they will prefer to steal it.
This is what allows unattended kiosks to function at all, or displays in front of stores, newspaper stands, and many other things.
Curiously, it seems that only good faith on the part of the seller invokes this response. The more responsibility you put directly on the buyer, the more likely they are to behave ethically. If you establish elaborate security and countermeasures, they are more likely to try and steal it.
Consider online music retailers that attempted to put elaborate restrictions onto the media. All it did was galvanize people to trying to break their format. iTunes, however, only requires you to burn it to a CD, which they'll do with a touch of a button, and then rip it back from the CD to counter their own protections. The big difference is, they don't pretend that it's a huge restriction, they charge what people are willing to pay, and they provided more than enough for the average user: 3 authorizations or 1 for work and 2 home computers. Did people break it? Yep. Did it hurt their bottom line that people broke it? Not at all. Many users are like me, we went and bought copies of the music we had "borrowed" before when the price was at a point we considered unreasonable.
Never confuse volume with power.
IIRC, it *HAS* to be able to decrypt the DVD because standard burners can't write the CCA key. Kinda like how burning bit-perfect copies of PlayStation games is useless for an unmodded system.
I wish these people would get over themselves. They should be THRILLED I want to make backups of their crappy movies. Actually, I don't want backups. I'm looking for DVD-to-MP3 ripping so I can listen to my favorites at work like Office Space, the Simpsons, South Park, Princess Bride, etc.
GTRacer
- I do not think that law means what you think it means...
Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
Radiohead called. You're watching those movies improperly, and you should stop doing so immediately.
What I plan to do is backup all of my 300+DVDs (yes, the MPAA has made, and continues to make, a lot of money off me!) to a RAID, sans FBI warnings (which i've seen plenty of times already), trailers (which i've seen plenty of times already) and other stuff that doesn't work properly on my DVD player (ie. temporarily breaks the "next chapter" and "menu" buttons). Then I can watch any of the movies I have bought on any TV in my house without having to dig through shelves and shelves of discs, and without having to start it up 15 minutes before I actually want to watch (so the non-skip previews will be over by the time i sit down to watch).
I don't understand why the MPAA doesn't want me to enjoy watching the DVDs I buy.
blog
Excuse me, but why would they put RFID tags on items like medicines and then design bags to block them from the view of the RFID system? Why not, uh...just not tag them in the first place?
The more I read about this RFID thing, the more I'm thinking the idea just hasn't come along to the point where it has to be. Obviously, if these issues are getting discussed at a high level, we need to put something in place that's a bit more targetted to the problem: we want to be able to read items for a specific purpose, and no other purpose. Walk out of a store with items, get automatically charged to the credit card = good. Someone sitting in the parking lot with an RFID reader able to tell you just walked out with Preparation H, herpes medication, and a coffee enema kit = bad.
I'm betting that the propeller-heads among us have the capability to solve this problem, technologically I'm talking. Also, do we have to start out tagging everything? Why not just tag the non-controversial items? Let's not start with the Complete Homeopathic Colon Invasion Toolkit (TM), or people themselves. Let's start with something a bit more pedestrian and refine things from there...
sev
but have you considered the following argument: shut up.
Armor piercing rounds generally have steel cores. The main use of steel core ammunition in the US is for cheap surplus rounds sold and mainly used for target practice.The don't make good rounds for hunting (or assassination) as they tend to pass through the target without shedding much energy. Good rounds for hunting are soft-tipped or hollow core and expand and stay in the animal. That way they transmit the most energy and create a more lethal wound channel.
...
If you consider the size of a buck deer, moose, or elk it quickly becomes apparent that if you allow sportsmen to hunt these animals, then you must have appropriate ammunition available that will dispatch them with a high probability with one shot. If you look at the rounds used in the past to hunt elephants you'll see they are huge are in fact not very common, and the rifles that can fire them are quite expensive, and even more uncommon. And, if you disallow hunting, then you have to reintroduce natural predators for game animal population control; look at New Jersy's experiment with elimination of deer hunting. Famine in the deer population as it grew, increase in disease in the deer population and increase in related vectors that directly and adversly affect other animals and humans.
If you want to change the rights of gun ownership in the US have the courtesy to attack the problem head on. Make an attempt to change the 2d amendment. Legislation that violates the 2d Amendment is just an affront to the legal basis that supports all our laws. When you do, remember that over 50% of US housholds own guns, legally. Guns are _so_ easy to manufacture that a plant in NJ was set up by organized crime and operated for years creating blackmarket firearms. We dropped (in WWII) leaflets showing how with simple mechanics tools a reliable fully automatic weapon (the so called "grease guns") could be made my resistance fighters. Make sure you address all the potential avenues for criminal creation of firearms when you try to make a legal ban of them. And then consider what other rights you have to give up to allow enforcement of those provisions to assure crimminals don't have firearms. And consider those who legally use a firearm in self-defense and assure a way to protect all the citizens all the times. I see very large budget increases for the new police state you'll need to implement this.
Feel free to mode this down along with the parent. Now if only he'd have suggested RFIDs in bullets or handguns
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!
Given a sufficient amount of money and technical prowess, I'm sure one can build an RFID scanner to defeat this jamming technology. But this raises the bar somewhat, and gives a modicum of privacy assurance for the cost of a single RFID tag.
Think of it like the safety seal on over-the-counter medications. Is that plastic doohicky ironclad proof that some loony hasn't poisoned your NyQuil? Of course not -- there're always ways to tamper with a bottle. But at least the seal raises the bar, so that only persistent and resourceful loonies need apply.
As you say: for the truly paranoid, an active version of this device could do a much better job. Heck, if you're going to the trouble of carrying around a device with batteries, complicated logic and an RF transmitter, you might as well just jam the region of the spectrum that RFID tags like to use.
When the drugs are in the bag, RFID readers are blocked. Take them out, they're readable... RSA promises that this new technology will not interfere with the normal operation of RFID systems or allow hackers to use security technology to bypass theft-control systems..." What kind of double speak is this? Look, either the technology blocks reading of RFID tags, or it doesn't. If it does block reading, it enables people to bypass theft control systems. If it does not, it does not protect privacy. It's as simple as that! RSA is trying to convince us their technology is smart enough to tell the difference between an honest drug consumer and a shoplifter?!? WTF?!?
"Freedom means freedom for everybody" -- Dick Cheney
Seems to me we are about to be dragged into a consumer privacy Cold War that will make SPAM and computer viruses look like idle fun. How do you want to live?
a) Get used to having your every move recorded in a giant marketing/antiterrorism/conformity database. Ignore little annoyances like being IRS audited every year because you checked the wrong books out of the library.
b) Buy and continuously upgrade your array of privacy-protection technology.
c) Live in a shack in the hills and deal only through barter.
d) Armed revolt.
I don't personally find any of these attractive.