RFID playing cards - an interview with Matt Trossen
January 26, 2007
Matt Trossen, the CEO of Trossen Robotics, perhaps more famous as the guys who marketed the now famous Phidgets DYI gadget kits in the USA, mailed me last night to say they'd introduced a pack of RFID playing cards in their product line.
I mailed back with the (obvious?) question: Why?
Matt replied promptly, and provided some pretty good ideas (watch out next time you play texas hold'em with your geek friends - no gadgets on/under the table :-)
A large percentage of our customer base for the RFID products we sell are hobbyists, educational projects, and the DIY crowd. We’ve had people ask about an RFID deck of playing cards on many occasions and we always thought it was a really cool idea. This kit would be purchased by a student for example who was interested in writing a statistics software program for a school project or possibly a hobbyist who wanted to create a fun card game or add a layer of interactivity to an existing game. It could also be used by a teacher that wanted to provide a challenge to a classroom of students. Students would be broken up into groups of four for example and given a reader and the deck of cards and asked to create a program that can track a card game while displaying it on a screen. This is the type intended audience for this product. We have seen a lot of creative uses for RFID over the years and this is along that vein. There are many places RFID can be used besides plain old inventory tracking. We like to help sell low cost RFID technology to those out there who experiment with novel ideas and placements for RFID.
I could also see people doing a proof of concept for real use of RFID cards. Texas holdem is very popular right now and to track the cards the players are holding the players have to show the cards to a mini camera and a human has to read them. This is complex and requires human intervention to accomplish. Imagine instead if the casino used an RFID enabled deck of cards and there was a reader under each players section at the table. A computer system could know instantly what each player was holding even before they looked at the cards themselves. Games could be tracked automatically and the information could be fed to the onscreen display without the need for a human to be watching a dozen cameras trying to read cards and enter them into the system. It would be a huge cost saver to casinos that run competitions and shows. So I see this little DIY RFID playing card kit as a first step in such a direction.
Latest hype: tag your every limb??!
December 06, 2006
This rather bizarre press release appeared in our mailbox this morning - reproduced here in full for the readers to judge whether it's a huge joke or thoroughly misunderstood "helpfulness" (pay particular attention to the quotes toward the end: tagging your every extremity for 'peace of mind' for your closest family if you're blown up??):
LimbID System Proposes that Multiple RFID Tags be Embedded in Human BodiesContinue reading "Latest hype: tag your every limb??!"
HUMANS TO INSTALL RFID CHIPS IN LIMBS FOR EASE OF LIMB RECOGNITION AND RECOVERY IN CASE OF TERRORIST ATTACKS
LimbID System, a technology company based in Albuquerque, NM, is urging consumers to get implanted with RFID chips in multiple limbs. The company is, “dedicated to preventing delayed limb and body identification in the future,” said CEO Morris G. Scheidt.
Scheidt also claims, “LimbID System has aided in the identification process of hundreds of deceased loved ones since our establishment in 2002, and we have prepared countless others for easy identification in emergency situations.”
LimbID System offers two pre-set packages of RFID chips and the option to customize your own RFID placement. The Standard Option (6 chips) includes a chip in the head, torso, each forearm, and each calf. The Deluxe Option (14 chips) adds a chip to each upper arm, each hand, each thigh, and each foot.
New York Times Review Privacy Concerns over Contactless Cards
October 30, 2006
The New York Times investigates privacy concerns about contactless cards.
Contactless Credit Cards
October 30, 2006
Your Credit Advisor reports that by the end of this year, the credit card industry projects that about 50 million credit and debit cards will be coded with RFID chips, allowing users much greater flexability.
Check it out, they have a very imformative and well written article:
Investigating the UK "Biometric" Passport with ISO 14443 contactless chip
June 14, 2006
Adam Laurie has published his first go at reading the new ISO 14443B contactless chip in a new style UK "Biometric" Passport (no fingerprints or iris scans are stored in the "Biometric" Passports , yet, only a digitised photo image)
This standard seems to be the one which will also be used in the UK Identity Cards, especially the ones which are valid for travel within the European Union, according to this Written Answer to Adam Holloway MP
The chip seems to be generating a pseudo-random id number, something which is not specified in the International Civil Aviation organisation's Machine Readable Travel Document specifications, but which companies like Axalto (formerly owned by Schlumberger) also seem to be doing with US "Biometric" Passports.
Unless and until such a feature is agreed internationally as a modified ICAO standard, then these "Biometric" passports will be internationally incompatible, and a waste of time and money.
However since the tests were only on one example Passport, that says nothing about any underlying weaknesses in the collision avoidance protocol, which could still allow individual remote tracking or to be used to target individuals or groups in terrorist attacks. (see "Security and Privacy Issues in E-passports" by Ari Juels, David Molnar, and David Wagner)
This UK "Biometric" passport still appears to be vulnerable to already demonstrated "man-in-the-middle" relay attacks which have already been shown to work with cheap equipment by Gerhard Hancke
Cross posted from Spy Blog
RFID Credit Card Report
April 05, 2006
Jimmy Atkinson of Find Credit Cards has written a six-page research paper on RFID payment systems: Contact less Credit Cards Consumer Report 2006. The report describes the RFID technology behind the new systems being rolled out by American Express, Visa, and MasterCard and also addresses security concerns.
By the end of 2006, it is estimated that between 35 and 50 million credit and debit cards will be contactless and available for use in 25,000-50,000 merchant locations in the United States alone.2 Many experts are anticipating that this new technology could eventually obsolete the magnetic stripe, at which point all of the world's electronic payments would be contactless.
You can also apply for one of these RFID credit cards and download the report as a PDF from their contactless credit card offers page.
RFID Virus dismissed
March 30, 2006
From BoingBoing: Ben Giddings of ThingMagic, who is only speaking as an "annoyed engineer" not a ThingMagic representative, says this is all a bunch of hooey:
The "RFID Virus" is absolutely laughable.
If you read the "paper", here's what they do:
1. Construct an RFID middleware system, intentionally design it to have some really obvious security flaws, ones that even most basic web developers know to avoid, namely the two security no-nos of implicitly trusting external data, and treating data as code.
2. Knowing the exact nature of those two obvious security flaws, including the exact implementation of the flaws, send malicious data that exploits those flaws.
This is so laughably stupid, but somehow it got picked up by the news outlets because it contains buzzwords: "RFID" and "Virus".
Really, what they're doing is the equivalent of:
1. Designing a barcode system to automatically self-destruct if it ever reads a barcode of , for no reason other than to prove it's dangerous.
2. Broadcasting to the world that the barcode system will self-destruct if it ever reads a barcode of .
3. Intentionally reading a barcode of .
4. Claiming that barcodes are dangerous.
RFID Tags, just like barcodes are just data. Nothing more than data. If you intentionally design a system to be vulnerable to certain data, then intentionally expose the system to that data, then yup, you'll have a problem.
I'm surprised the music industry hasn't tried this with MP3s. Design a MP3 player that will format your hard drive if it sees a certain often-downloaded song, download that song, show the drive getting formatted, then claim that MP3s are dangerous because they might format your hard drive.
RFID virus created
March 22, 2006
Radio chips being marketed as a replacement for the barcode threaten consumer privacy and are able to carry a virus, Dutch university scientists revealed on Wednesday. An infected radio frequency identity (RFID) tag is able to disrupt the database that reads information on the chip.See also: RFIDvirus.org
Scientists at Amsterdam's Free University were able to create a chip infected with a virus, and then use it to infect the database. Before this study, supporters of RFID assumed that the technology could not modify the back-end software that reads it.
"In our research, we have discovered that if certain vulnerabilities exist in the RFID software, an RFID tag can be (intentionally) infected with a virus and this virus can infect the backend database used by the RFID software," the researchers wrote in a paper discussing the flaw.
An Internet of Food
March 03, 2006
Innovation Lab coordinates a new pilot demonstrating future uses of RFID in the prepared food sector. RFID tags are poised to replace the traditional bar code, not least because the tags allow producers and retailers to manage inventory and the supply chain more efficiently. But what might this technology mean for consumers? The project, which is funded by the Danish Ministry of Science Technology and Innovation, will explore how RFID tagging of ordinary supermarket purchases will affect how ordinary families experience their food, all the way from the shopping cart to the frying pan.
The project will trial a wide range of the new services which RFID tagging of food products will make possible:
• Expiry management: the refrigerator monitors product expiry dates, helping consumers avoid waste.
• Dietary and nutritional guidance.
• Food safety: direct information to consumers in case of product recall.
• Inspiration: Recipes and suggestions based on actual contents of refrigerator/cupboard.
• Inventory management: the contents of the refrigerator can be ‘seen’ without opening the door, even from the local supermarket.
• Marketing of related and/or complementary producter.
Each of the 20 participating families will be given a ‘kitchen console’ and RFID reader through which the digital product information linked to the RFID tags can be accessed. The console can also be used as an internet terminal (for recipe surfing and downloading, watching movies, playing video games, planning of family activities). Every week each family will receive a shopping basket of groceries in which each item is marked with an RFID ‘bar code’.
The project is a collaboration between Denmark’s leading packaged food producers and both public and private information and communications technology specialists.Continue reading "An Internet of Food"
Night deposit boxes smarten up
February 02, 2006
Automating manual processes such as cash handling and money deposit is the future of the banking sector. A new smart night deposit box developed by the Danish company RFID-Solutions will increase security for bank customers and efficiency for the banks themselves. These deposit boxes feature automatic registration of the deposit bags and automatic calculation of the amount of the deposit. The system, based on RFID tags integrated into the labels on the bags, has already been implemented in a number of night depositories in Copenhagen.
Banking is just as much about security as the bottom line. In the information age, ensuring the security of transactions is crucial for banks and their customers. The Danish branch banks that have installed the new RFID night deposit box have already experienced improved security and efficiency. After these successes, RFID-Solutions is now prepared to market the system to banks in the rest of Europe.
The ICFCS (Intelligent Cash Flow Control System) benefits customers by reducing the amount of time it takes to drop off deposits. At the same time, the system registers valuable information for both the bank and the customer. Instead of having to remember and enter a PIN code to open the deposit box, customers simply hold their deposit bags in front of a unit that reads the bags’ serial numbers. The system thus recognizes the customer and registers the number of bags being deposited. When the deposit is completed, the system prints out a receipt for the transaction, a service that conventional deposit boxes just aren’t smart enough to provide.
The receipt also serves as the customer’s guarantee that the day’s profits won’t just ‘disappear’ in the case of theft, bolts from the blue, or simple human error. Customers can also choose to receive a digital version of the receipt, such as an SMS text message or e-mail to their accountant or the shopmanager. The accuracy and flexibility of the system mean improved record-keeping for even the most complex businesses. All digital information transfers from the system to the customer are encrypted, which keeps unauthorized ‘intruders’ from intercepting or monitoring information about deposits.
RFID-Solutions has collaborated with a number of other Danish companies with complementary expertise. Partners include Cordura (programming), Cell-Point (telecommunications) and Dansk Industri Optimering (automatic data capture).
PAC-LAN - RFID-powered mobile gaming
January 11, 2006
Paul Coulton from Lancaster University got in touch to tell me about their latest invention: a full size human version of the classic PAC-MAN game: PAC LAN
RFID goes mobile
December 31, 2005
The contact less IC chip which can be used for online payments, e-ticketing, identification and also normal shopping is now embedded in more than 8 million mobile phones in Japan.
What's next? Autonomous Aibo-Flashmobs with ad-hoc RFID-based peer-to-peer-coordination?
Sweden considering RFID in their banknotes
December 15, 2005
Due to a number of high profile money transport robberies in recent years, the Swedish national bank (Riksbanken) is considering adding RFID tags to their banknotes, reports digi.no, quoting nyteknik.se
Several types of tags are under consideration: a passive id-tag for tracking stolen banknotes would form a first step; later they are considering tags that are de-activated during transport and storage and only activated once the banknotes are paid out from a cashpoint.