Slashdot Mirror

← Back to Stories (view on slashdot.org)

Open Source RFID Project

Posted by michael on from the rfidstumbler dept.

Anonymous Coward writes "With all the press RFID is getting, I was looking for an open source solution to Wal-Mart's RFID compliancy mandate. I stumbled open the RadioActive project. I think these guys have the right idea. Eventually, RFID will be everywhere. Could an open source project like this bring rapid deployment of RFID like Apache did to the net?"

8 of 21 comments (clear)

  1. Re:Um correct me if I'm wrong by Jahf · · Score: 3, Interesting

    2 reasons, both predicated on the idea that it will happen with or without us.

    1) If Open Source is a major player in the software for such things, we all have a better understanding of it.

    For instance, do you really trust proprietary software to say "yes, I fried your tag, you may leave in peace" and actually do it, or do you wonder if it said that, but really just threw a "be silent when this guy walks out the door" to the tracking station that goes off if you leave without paying?

    2) If Open Source is a major player, then the community has a much higher visibility for things like standards boards and oversight commities.

    If GNU, Apache, Linux, etc and the very vocal proponents of such did not exist, I strongly doubt you'd see geeks and unix beards sitting at as many of the various levels of these things as you do now. It would be back to the backroom anticompetitive negotiations.

    So do we just cave and accept RFID (or monopolistic software) wherever and whenever and however it creeps in? No, we continue to be active. But the world is grey. Good and Bad happens. Better than we are involved both ways than to give an inch.

    --
    It is more productive to voice thoughtful opinions (reply) than to judge (moderate) others.
  2. Same technology as proximity cards... by stienman · · Score: 4, Insightful

    RFID is ther same technology as proximity cards used to access many buildings.

    And here - also cached at - is a proximity/rfid copier and spoofer. It can read cards passively (while another reader interrogates them) or actively, and can later pretend it's the card when interrogated.

    Of course, this can be defeated by a challenge/response system, which is available, but lower costs will probably dictate the cheaper ID only rfid.

    I've known it can be done, and have had a desire to do it, but this guy already did. Now if this becomes common enough then the manufacturers will be forced to use more secure RFID mechanisms.

    -Adam

    1. Re:Same technology as proximity cards... by swillden · · Score: 2, Informative

      RFID is the same technology as proximity cards used to access many buildings.

      Not really, because there isn't one technology used for these things, except at the most abstract level of "small devices that use radio to communicate".

      Some prox cards have no intelligence at all. They're essentially just a coil with a "tuned" resistor. When you hit them with a signal, they reflect that back, somewhat shifted due to the presence of the resistor in the circuit. Other prox cards are more sophisticated and more similar to RFIDs (of which there are also several types, see below). Others are more sophisticated yet and fall into a category more accurately described as contactles smart cards, which have full-blown microprocessors (4, 8, 16 or even 32-bit) with some RAM, some EEPROM or FLASH, a bunch of ROM and even a tiny operating system.

      RFIDs come in various types also, based on capability, range and security features. Most are simple read-only devices that do nothing other than respond with their ID number. Others are read-write, but with varying amounts of storage and varying levels of security against unauthorized writing. Different tags use different radio frequencies, which impacts their range and usability in various environments.

      And that's just passive devices. There is also a large field of active devices, tags that have their own power supply, rather than being powered by the field generated by a reader. The EZ-Pass devices used for automated toll collection on toll roads are a widely-recognized example. Active tags also come in a wide variety of capabilities, from simple "beacon" tags that just periodically transmit a signal (possibly with timing data, to permit location), to devices that are essentially a small, solid state PC in a different form factor. Some even have integrated cellular telephones and GPS receivers so they can identify their current location even without any kind of tag sensor in range (unless you consider a cell tower a "tag sensor").

      RFID is more of a general concept than a specific technology.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    2. Re:Same technology as proximity cards... by stienman · · Score: 2, Informative

      You seem to have placed heavy focus on my mis-statement, where I should have written,"Many prox card systems are simple RFID." and then pointed out that a huge variety of generic RFID read only or read/write systems could be read and spoofed by this simple system.

      RFID is not just a general concept, but a relatively narrow field of wireless communications. I would take issue with your claim that a cell phone and GPS unit could be considered RFID, though I'm sure many companies will purposefully mis state that something is RFID when it is not, such as your example.

      RFID does come in many 'flavors' and capabilities as you have otherwise well summarized.

      Regardless of the definiton of RFID, my primary point was that most cheap tags are read only or read write with no intelligence, and that they can easily be copied and spoofed. My hope is that manufacturers will not choose cheap where security should be used. If they use better challenge response tags then they will become cheap and there won't be a reason or need to use the easily spoofed tags.

      -Adam

  3. Re:Please Explain by Anonymous Coward · · Score: 2, Informative

    Not necessarily... Some rfid tags do only store a serial number, but there also exist tags that store data on them... for that matter, most 2d barcodes store a lot more on them than just a number. For instance, there is this tool that slashdot mentioned earlier that'll let you keep track of what's recorded on the barcode you have on the back of your drivers license...Barcodes are used a lot more places than just on the upc, and they often store a lot more information...

    Anyhow, back to what this software does (and forgive me, I'm familiar with some RFID stuff, but not the EPCGlobal standards work)...more than likely the enterprise system that's keeping track of your inventory doesn't have the faintest idea how to ask a reader for information about tags or how to read the information that comes out. Nor is the information you get back going to be exactly set up to be dumped directly into your database. That' s what this is supposed to do (?).

    Feel fee to correct me if I"m wrong...

  4. This would be really neat... by Ayanami+Rei · · Score: 2, Informative

    except that RadioActive seems to be mostly dead, and all the links to the involved standards are broken.

    Not a good start!

    Frankly there isn't very much to an RFID system. You have your reader, which is just some XYZ device with a serial interface (or USB-serial interface) that spits out data like a barcode reader. You don't have to think about things like modulation schemes or frequency unless you're building your own reader, otherwise you're buying a kit with reader and tags.

    So then you just have to map those serial numbers into an index in a SQL table, and uh, go from there...
    SQL, application servers, USB-serial device drivers, all that's done already.

    Maybe what they're saying is there isn't any good open-source inventory/point-of-sale packages that sit on top of an inventory database for the user (besides some kind of thrown-together PHP deal and web interface), or that are used to feed is present at location/is not present into said database in real time.

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
  5. Re:Um correct me if I'm wrong by Rick+the+Red · · Score: 2, Interesting
    do you really trust proprietary software to say "yes, I fried your tag, you may leave in peace" and actually do it, or do you wonder if it said that, but really just threw a "be silent when this guy walks out the door" to the tracking station that goes off if you leave without paying?
    Actually, the latter is exactly how it's going to work. We've had posts to earlier stories with links to experts claiming their RFID chips cannot be "fried."

    RFID is simply a radio readable (proximity, contactless) serial number. When you buy that item at Wallwart the scanner at the cash register just identifies the item. The central computer then tells the cash register how much to charge, and when the cash register says it's been paid for the computer then tells the inventory control system to remove it from the inventory. When you get to the door, the RFID scanner will tell the computer everything you've got -- including the underwear you bought there six months ago, the shoes you got from LL Bean, and the pack of gum in your pocket from the 7-11 down the block -- and the computer will check it all against inventory to see if you're stealing anything.

    They pointedly do NOT want to fry the RFID because they need it for returns, to verify that you really bought it and what to pay you. They can tell not only what store sold it and when it was sold but also who bought it, how they paid for it, and what they paid. So if you bought it on sale you won't get a full refund; if you bought it with a credit card you won't get a cash refund; if you didn't buy it you get to explain yourself to the police. How they plan to handle gift returns I don't know. But I do know they have no plans to "fry" the RFID chips, and some RFID chips claim to be "un-friable."

    Since all the code that does the grunt work is totally separate from reading the RFID, I don't understand how making any of this "Open" is going to do anything except potentially lower Wallwart's costs.

    If you really want to fight RFID tags, start a rumor that they're radioactive and cause cancer.

    --
    If all this should have a reason, we would be the last to know.
  6. Re:I don't see how... by RadioActiveHq · · Score: 2, Insightful

    There are lots of details about RFID that most people don't see.

    The way in which Walmart, DOD and the EPC wants to deploy RFID is very similar to the internet. In a sense, each item will have its own IP address (unique id) and data can be resolved from that ip (information about the package).

    The standards set are full of specific software and services that companies need to have to deploy a EPC compliant system.

    Just like how Apache uses standards to communicate with browsers, the RFID world is heavily based on standards. Also the fact that RFID will most likley be everywhere in the next decade or so i think there will be a need for open source systems analogous to how there is a great need for apache.