Many applications are now using radio frequency (RF) technology to automatically identify objects or verify the identity of people. These RF-enabled applications range from tracking animals and tagging goods for inventory control to enabling secure payment and identification. While these applications all use radio waves to communicate information, the RF technology used for each has different operational parameters, frequencies, read ranges and capabilities to support security and privacy features. For example:
RFID tags and labels are used to add value in manufacturing, shipping and object-related tracking. They operate over short to long ranges (e.g., from inches to 25 feet), were designed for that purpose alone and have minimal built-in support for security and privacy.
RF-enabled smart cards, on the other hand, use RF technology, but, by design, operate at a short range (less than 4 inches) and support a wide variety of security features for critical applications. This technology is also referred to as “contactless smart card technology.”RF-enabled contactless smart cards comply with international standards for contact and contactless smart card (ISO/IEC 7816 and ISO/IEC 14443) and implement security features to protect payment, access and identity applications.
RF-enabled applications have differing requirements in their use of RF technology, with RFID tag and RF-enabled smart card technologies providing very different capabilities. The figure below illustrates the range of security requirements of different RF-enabled applications and technologies.
RF Technology Security Requirements (click for larger view)
Understanding the differences between RFID and RF-enabled smart card technologies is critical in order to correctly assess each technology’s fit with a specific application’s security and privacy requirements. RFID and RF-enabled smart card technologies comply with different standards, have different operating ranges and widely varying ability to support security features needed by RF-enabled applications. The figure below shows key requirements for common RF-enabled applications and the typical RF technology used for the application.
RFID Standards (click for larger view)
Example applications using RF-enabled contactless smart card technology include:
The U.S. FIPS 201 Personal Identity Verification (PIV) card being issued by all Federal agencies for employees and contractors;
The new U.S. ePassport being issued by the Department of State;
The Transportation Worker Identification Credential (TWIC) being issued by the Transportation Security Administration;
The First Responder Authentication Card (FRAC) being issued in Department of Homeland Security pilots;
Contactless payment cards and devices being issued by American Express, MasterCard and Visa;
Contactless transit fare payment systems currently operating or being installed in such cities as Washington, DC, Chicago, Boston, Atlanta, San Francisco and Los Angeles.
Secure Technology Alliance councils also provide additional reports and resources describing the use of smart card technology for different applications.