[Dave Birch] There’s a problem in Korea with the production of counterfeit whiskey, so the legitimate whiskey producers have an application in the Korea Telecom service. When the whiskey is bottled, the caps have an RFID tag added to them. This is coded with a URL and an identifier. When a customer, or a shopkeeper, or a policeman, or in fact anyone else wants to check whether the whiskey is real or not, they touch the cap with their phone and the URL launches a web site that knows the provenance of the identifier and can tell you when and where it was bottled as well as some other information. When the customer opens the bottle, the tag is broken and can no longer be read.

Most cell phones today contain a SIM card, which can be swapped with the ones developed by SKT to read the radio waves emitted by the tags attached to medical supplies, whiskey and other products to ensure its authenticity. SK Telecom recently announced the development of a universal subscriber identity module, or USIM, embedded with a 900 megahertz RFID reader.

[From RFIDNews | Real or fake? Use your cell phone and find out.]

Note the architecture. It’s the enabled USIM that turns the phone into (presumably)an EPC Gen 2 reader.

It was difficult to tell from the machine translation, but I think that Hitachi and KDDI have just announced that KDDI have a new mobile phone for the corporate market that incorporates an ISO/IEC18000-6 Type C RFID reader/writer.

Hitachi installs UHF belt RFID reader of micro and low power consumption that develops the technology/writer in corporate cellular phone “E05SH” of KDDI.

[From RFID by UHF from KDDI & Hitachi by Wireless Watch Japan]

It will be great when this integration is extended to the consumer market. Now, some people find this sort of thing scary. If you don’t believe me, go and have a look at some of the videos on “We, the people, will not be chipped“. But I think a phone that can check up on other people’s stuff might be fun. After all, 900MHz is much longer range than NFC (several metres for industrial readers). So if you’re at a boring party and you’re wondering whether the hostesses dress is a real Chanel or a knock-off, you can find out from across the room. Or if you want to snoop around a neighbour’s house but can’t actually be bothered to go into other rooms, it’s ideal. But, as I pointed out some time ago,

Suppose RFID is used to implement Electronic Product Codes (EPCs) for luxury goods. If I see a Gucci handbag on sale in a shop, I will be able to point my Bluetooth EPC-reading pen (these already exist) at it and read the EPC, which is just a number. My mobile phone can decode the number and then tell me that the handbag is Gucci product 999, serial number 888. This information is, by itself, of little use to me

[From Digital Identity: The Rolex premium]

Indeed. There has to be a database to establish provenance, and it is that database that is at the core of the Korea Telecom business model.

The counterfeiters will inevitably shift their attention to attacking the database. If I were a counterfeiter, I’d put chips in my whiskey that linked to a URL that displayed something that looks like the official Korea Telecom page but says “Sorry, the service is currently down, please try again later” or perhaps even “Sorry, the service is down, please call this number for more information” followed by the number for a reverse-charge premium-rate call to Surinam at $199 per minute. Just as with smart posters and so on, unless the chip carries a digital signature, you don’t know whether the URL is real or not, so nothing it directs you to can be trusted. There’s no need for a URL here: just have the chip store a digitally-signed identifier and let the “provenance infrastructure” do the rest. Better still, have the chip store a digitally-signed and encrypted identifier so that only the database owner can decrypt it, ensuring that all provenance request have to go through them.

Without an infrastructure that includes end-to-end digital signatures there’s no way round this. The phone needs to know the chip is authentic. The database needs to know who is asking, and the consumer needs to know who is answering.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

1 comment

Leave a Reply

Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
Verified by MonsterInsights