by Paul Couderc and Michel Banâtre
The upcoming radio frequency indentification (RFID) revolution will undoubtedly contribute to the blending of the information society with the physical world: while common 'communicating objects' are currently restricted to complex electronic devices such as cell phones, cameras etc, RFID is in fact able to promote anything as a communicating object. In such a new world, data will not necessarily always flow into computers and networks, but may be physically retained by objects moving in real space.
While RFID technology promises many useful applications, such as improved safety, easier and faster interactions, reduced error in data input and automation of tedious processes, it also raises serious concerns in particular the privacy issue. In a world where many personal objects are electronically identified, the activities of individuals could be traceable in a similar, though much more comprehensive, way to 'googling' someone today on the Internet.
An important cause of this issue is that RFID systems are usually based on the concept of global identification, associated directory services or tracking databases. However, technically RFID are just small memory devices that can be addressed by near-field communication, and although identification has been the main application target, these devices provide support for alternative mechanisms.
We will now present such an alternative, through the example of the 'Ubi-Check' service, a solution to a common problem when travelling: it is unfortunately quite easy to forget something. For example, security procedures in airports require that your personal effects are checked separately from you by X-rays. Forgetting one of your items, or mistakenly exchanging a similar item with someone else occurs frequently. Solutions have been proposed for this problem, based on active tags attached to the items that are monitored by an owner tag. This is impractical for several reasons: active tags are expensive, they require batteries (and hence regular maintenance), radio emissions may be restricted by regulations (on planes for example), and temporarily separating an item from its owner would require the alarm to be disabled.
Ubi-Check represents another solution using RFID tags attached to the items. It is possible to write in the memory of the tags the data required to check the integrity of the group of items. One possible implementation is to compute a digital certificate from the identifiers of all the items. An important aspect is that the identifiers associated with each item can be regenerated regularly (eg for each trip): they are only used for a locally computed integrity check, not for identification. The values could be written in the tags at, for example, the airport check-in, the train station, or even when leaving home. Then, at relevant points after the area in which people are vulnerable to item loss or exchange, we deploy checking gates (such as the exit of the security check in airports, or the exit gate of a plane or a train). These gates would ensure the integrity of groups of items crossing them, warning people in the case of a missing item or the presence of someone else's item.
This solution is a distributed system where only local properties are checked in order to ensure a global goal. In fact, it uses a principle similar to the transmission of a file in independent fragments over a packet network, where integrity is verified by checking sequence number coherency or checksums, except that here the data are carried by 'physical' fragments. Such a solution is interesting because while providing a security service, it avoids the privacy concerns of many other RFID approaches. Specifically, tracking of individuals is not easy, since the tags' content may change often for the same person and same set of objects. Further, the system is not based on identification, ensuring greater privacy.
Another interesting aspect is that checkpoints and association points are autonomous and only carry local processing. The system is therefore not dependent on a remote information system. This has important benefits in terms of extensibility, reliability and deployment costs.
This service is an example of a more general usage of near-field communication beyond identification. As mentioned previously, this technology consists of memory devices, a basic and generic support for computing, obviously not limited to storing identifiers. Another application example is to use RFID to build distributed maps for robotic support. In the Roboswarm project we consider very simple robots with limited knowledge and sensors. In order for them to navigate, RFID tags are arranged in the space where the robots are working. Each tag contains relative spatial references pointing to the nearest tags, effectively making a graph. These pointers allow a robot to reach one tag from another, assuming that odometry drift is low enough while moving the distance separating two tags. In this distributed map example, the memory is distributed quite thinly over the physical space. As near-field communication technology gets better and cheaper, denser and more ubiquitous memories are likely to emerge in the environment, with computing applications that we are yet to imagine. While the industrial promoters of RFID/NFC are mostly concentrating on applications based on identification, almost anything can be done with memory devices, including systems that respect privacy. A key question to making this possible is: will there exist completely 'blank' or free-format tags, without any pre-existing and non-rewritable identifier?
Centre de recherche INRIA Rennes - Bretagne Atlantique, France
Tel: +33 2 99 84 72 92