Alliance Activities : Publications : RF Technology Best Practices : FAQ

Frequently-Asked Questions: Best Practices for the Use of RF-Enabled Technology in Identity Management

The Smart Card Alliance Identity Council developed this FAQ to provide additional detail on the best practices that are advocated by the Smart Card Alliance when using RF-enabled technology in identity management systems.

1. What are different forms of radio frequency-enabled technology?

There is a wide range of technologies available that incorporate radio frequency (RF) communications to enable a variety of applications–from product and animal tagging to secure payment and identification. Each RF technology has different operational parameters, frequencies, read ranges and capabilities to support security and privacy features. For example:

RF-enabled smart cards comply with international standards for contact and contactless smart cards (ISO/IEC 7816 and ISO/IEC 14443) and implement security features to protect payment, access and identity applications.

2. Is RF-enabled smart card technology the same as RFID?

No. There is significant confusion in discussions of RF-enabled technologies, with RF-enabled smart card technology often incorrectly categorized as “RFID.” There is a wide range of RF technologies used for a variety of applications–each with different operational parameters, frequencies, read ranges and capabilities to support security and privacy features. For example, the RFID technologies that are used to add value in manufacturing, shipping and object-related tracking operate over long ranges (e.g., 25 feet), were designed for that purpose alone, and have minimal built-in support for security and privacy. RF-enabled smart cards, on the other hand, use RF technology, but, by design, operate at a short range (less than 4 inches) and can support the equivalent security capabilities of a contact smart card chip.

3. Should RFID tag technology be used for identifying people?

No. RFID tag technology was designed to automate the tracking of products and pallets through a supply chain, not to identify people. It is not the appropriate technology for securing human identification systems. The technology does not support the security features necessary to ensure the confidentiality, integrity and validity of identity information or the necessary security safeguards to protect against cloning or counterfeiting the identity credential.

RF-enabled smart card technology, on the other hand, is the correct technology for identity verification systems. RF-enabled smart card technology supports security features that ensure the integrity, confidentiality, and privacy of information stored on or transmitted by the card and that can be used to verify the authenticity of the identity document and its contents.

4. How does an identity application use RF-enabled technology?

An identity application would incorporate RF-enabled technology by building an integrated circuit chip and an antenna into the identity credential, allowing the credential to communicate with readers wirelessly using radio frequencies.

5. Why are identity applications now using or considering the use of RF-enabled technology?

RF-enabled technology can deliver a number of benefits to an identity verification application. For example:

6. What procedures should be followed if personal information is unduly disclosed and compromised?

A redress procedure should always be part of any system dealing with private information; this applies to RF-enabled identity verification systems as well. Redress procedures must define how to modify incorrect data, as well as how to assign new identification numbers when they have been compromised. It is important to design the identification system to allow redress for compromised personal information and not rely exclusively on the security measures that were put in place to protect private information in the first place. For example, if a number attached to an individual is made “permanent” by the identification system, it is very hard to change the number if it has been disclosed to unauthorized parties.

Using a credential number (such as with credit cards) allows the identification number to be changed when something bad happens. In RF-enabled identification systems, it is highly recommended that the identity credential number (personal information called an attribute) be linked to a person’s record but not to use that number as a person’s unique identification number in the architecture of the system.

7. What security techniques can be implemented with RF-enabled smart card technology to improve the privacy and security of an identity verification system?

The following are examples of security techniques that can be implemented with RF-enabled smart card technology.

8. How can identification credentials be verified for integrity and validity?

Verifying the integrity and validity of a credential is essential to ensure that the credential is authentic, has not been tampered with, and is still authorized to be used for identification. Techniques that may be used include:

9. What applications are currently using RF-enabled smart card technology?

RF-enabled smart cards are currently used worldwide for many applications, including financial, transit, access and secure identification. Examples of implementations in the United States include:

About the Smart Card Alliance Identity Council

The Smart Card Alliance Identity Council is focused on promoting the need for technologies, legislation, and usage solutions regarding human identity information to address the challenges of securing identity information and reducing identity fraud, and to help organizations realize the benefits that secure identity information delivers. The Council engages a broad set of participants and takes an industry perspective, bringing careful thought, joint planning, and multiple organization resources to bear on addressing the challenges of securing identity information for proper use.

Click here for additional information about the Identity Council.