New Security-Laden RFID Tag Targets Pharma

Friday November 24th, 2006
By Marisa Torrieri

It might be years before the pharmaceutical supply chain relies on RFID to track, trace, and protect against drug counterfeiting, but new technology from high-tech security stalwarts shows promise.

SecureRF, which makes RFID anti-counterfeiting applications based on its secure cryptographic methods, this week announced a new RFID tag with onboard security and cold chain management features for pharmaceutical supply chain applications.

The announcement comes on the heels of the NACDS (National Association of Chain Drug Stores) and HDMA (Healthcare Distribution Management Association) RFID Health Care Industry Adoption Summit in Washington, D.C. There, a number of RFID vendors sought to address the growing concerns among drug manufacturers and pharmaceutical supply chain managers about the growing incidences and increasing sophistication of counterfeiting. Current estimates put the cost of drug counterfeiting at more than $40 billion, according to the World Health Organization. The United States is ranked sixth in the world for counterfeit drug seizures/discoveries, according to the Pharmaceutical Security Institute (PSI) 2005 Situational Report.

"Typically, a drug goes through nine sets of hands before you pick it up at CVS or Rite Aid," SecureRF CEO and founder Louis Parks tells RFID Update.

SecureRF's new, passive UHF-compliant tag uses its own security technology, a patented cryptographic protocol it calls the "Algebraic Eraser", which allows it to put authentication and data protocols directly onto a passive RFID tag. The technology can actively authenticate and encrypt reader/tag communications, and is designed for pharmaceutical manufacturers and distributors who want to provide a tamper-proof record that a particular drug is authentic. The tag also comes with a battery-powered temperature sensor that continuously monitors and securely records an item's temperature history.

The secret to the tag's functionality, says Parks, is in the mutual authentication between tag and reader. Unlike standard applications, the tag isn't simply storing secured information or signatures, which, even if encrypted, may be cloned. With the SecureRF solution, only authorized readers may access the sensitive information.

Anyone can put data -- which may or may not be encrypted -- onto a tag. However, such data is not too difficult for a skilled sleuth to snatch and clone when broadcast into the air, Parks explains. "It can be intercepted and cloned, and when a reader reads it, it thinks it's reading the real tag."

To prevent that from happening, SecureRF's tag includes a protocol "so that when the reader presents itself, the tag authenticates the reader to ensure it is authorized." Only upon successful authorization may the reader access the data within the tag.

"In each session between the reader and the tag, we send uniquely encrypted information, so if you were eavesdropping, what you hear could be different every time you listen," he says.

Security is definitely on the minds of supply chain managers, consumers, and technologists, noted ABI Research analyst Sara Shah, recalling that a handful of companies (most notably Certicom and Texas Instruments) made security-related product announcements during this week's D.C. show.

"Security has been something that hasn't been completely lacking, but definitely lacking from the RFID market -- especially the UHF market," Shah tells RFID Update. "It hasn't been a huge issue in the consumer-goods retail supply chain market, but with the pharmaceutical market, security is a much bigger issue. SecureRF and others have identified this."

The just-released tag is slated for availability in late January. SecureRF plans to license its security methods to other companies who are making RF-based products that work with ZigBee and high frequency (HF) platforms. Although Parks didn't mention any specific partnerships or orders, he said the company is talking to a number of drug manufacturers in the space.

"It could be up and running as soon as next month," says Parks, "but it might be years before the industry figures out how they will use everything as a production system.