RFID: Connecting Users and Devices

Posted on by Christopher Burgess

RFIDRadio-frequency identification (RFID) chips are permeating our life at every level—at work, at home, and on the go. And while there is a important distinction between RFID and near field communications (NFC) chips, the premise is similar. For example, you may carry a dongle which opens your automobile door when it's within 20 feet of the vehicle. Whereas if you have a credit card from a European or Canadian bank, odds are you have an NFC-enabled chip within the credit card that needs to be in very close proximity (no more than 4 centimeters) for the signal to successfully transmit a response to the query from a device reader. An RFID chip can be queried from a considerable distance (some "super-readers" have read RFID chips from more than 1,000 meters, according to the Canadian Credit Card organization).


Couple the ubiquitous nature of these chips with the arrival of the Internet of Things and we have a tremendous opportunity for the integration of technologies to make life easier, improve logistics, lower property losses, and improve security. More and more devices are communicating and transferring data, which can provide us with situational awareness and intelligent decision making.

Whenever the Internet of Things is mentioned, rarely is the refrigerator left out of the discussion—but think, what if you were able to tag every leftovers container, every juice bottle, on the way in and out, via RFID? How about having the door configured to lock upon closure and open upon proximity of an access chip? The information screen on the refrigerator could provide container-presence messaging. The refrigerator could communicate with the freezer in the basement (after all, when both have IP addresses, both can communicate with one another over their common network), and the console could be presented with a daily/hourly inventory.

User Authorized?

A separate scenario may reduce data loss and physical equipment loss by providing real-time notification of a device on the move (think in terms of reducing the number of data breaches due to theft, misplaced hardware, or unauthorized access). If a chip is installed on every digital memory device containing company data, be it a network accessible storage device, an external hard drive, USB stick, tablet, or laptop, the ability to pinpoint the geographic location of the device at any given time is possible by "transmitting" wake-up signals throughout the building and receiving the "identification responses."

Those devices which should never be mobile are continuously surveyed, and if their geolocation adjusts just one iota, an alarmed event occurs, with the response identifying where the device is within the environment and which users are in proximity. Similarly, those devices which are expected to be more mobile, such as the tablet or laptop, will evolve expected patterns of movement and can be expected to move in concert with their owner or authorized user. The same "wake-up" signal sending query signals to the tag chip in the equipment would also trigger the "wake-up" in the employee ID. Protocols could be simply set up which could dictate that the employee may move without his/her laptop, but that laptop should not be moving without the employee (or designee). Imagine the dent that could have been made in the plethora of laptop heists that occurred over the last year. One can imagine the number would have been greatly reduced had the alarm been sounded when the physical chains were cut and the laptops began their journey out of the building.

Think Big

When thinking RFID/NFC, think big—data centers are a treasure trove of equipment and devices that control your network and store your data. Present is the opportunity to establish not only identity of individual users accessing devices, but also the opportunity for device movement to be tracked, tagged, and associated with approved users.

Christopher Burgess

, Prevendra Inc.


data security identity management & governance

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community