The Impact of Consumer Perceptions of Information Privacy and Security Risks on the Adoption of Residual RFID Technologies

In today’s global competitive environment, organizations face a variety of challenges. Continuous improvement in organizational efficiencies and improving the entire supply chain are necessary to stay competitive. Many organizations are adopting radio frequency identification technologies (RFID) as part of their information supply chains. These technologies provide many benefits to the organizations that use them. However, how these technologies affect the consumer and their willingness to adopt the technology is often overlooked. Many of these RFID tags remain active after the consumers purchase them. These RFID tags, placed in a product for one purpose and left in the product after the tags have served their purpose, are residual RFIDs. Residual RFID technology can have many positive and negative effects on consumers’ willingness to buy and use products containing RFID, and thus, on the business’s ability to sell products containing RFID. If consumers refuse to buy products with residual RFID tags in them, the business harm is greater than the business benefit, regardless of any gain in supply chain efficiency. In this study, we outline some of the advantages and disadvantages of Residual RFID from the consumer perspective, then follow up with an in depth survey and analysis of consumer perceptions. Using structural equation modeling (SEM) we demonstrate that consumers’ perceptions of privacy risk likelihood and privacy risk harm negatively impact their intentions to use this technology. The implications of these findings need to be considered before the pending implementation of residual RFID technologies in the supply chain on a mass scale

Tracking RFID

RFID-Radio Frequency Identification-is a powerful enabling technology with a wide range of potential applications. Its proponents initially overhyped its capabilities and business case: RFID deployment is proceeding along a much slower and less predictable trajectory than was initially thought. Nonetheless, in the end it is plausible that we will find ourselves moving in the direction of a world with pervasive RFID: a world in which objects\u27 wireless self-identification will become much more nearly routine, and networked devices will routinely collect and process the resulting information. RFID-equipped goods and documents present privacy threats: they may reveal information about themselves, and hence about the people carrying them, wirelessly to people whom the subjects might not have chosen to inform. That information leakage follows individuals, and reveals how they move through space. Not only does the profile that RFID technology helps construct contain information about where the subject is and has been, but RFID signifiers travel with the subject in the physical world, conveying information to devices that otherwise would not recognize it and that can take actions based on that information. RFID implementations, thus, can present three related privacy threats, which this article categorizes as surveillance, profiling, and action. RFID privacy consequences will differ in different implementations. It would be a mistake to conclude that an RFID implementation will pose no meaningful privacy threat because a tag does not directly store personally identifiable information, instead containing only a pointer to information contained in a separate database. Aside from any privacy threats presented by the database proprietor, privacy threats from third parties will depend on the extent to which those third parties can buy, barter, or otherwise gain database access. Where a tag neither points to nor carries personal identifying information, the extent of the privacy threat will depend in part on the degree to which data collectors will be able to link tag numbers with personally identifying information. Yet as profiling accelerates in the modem world, aided by the automatic, networked collection of information, information compiled by one data collector will increasingly be available to others as well; linking persistent identifiers to personally identifying information may turn out to be easy. Nor are sophisticated access controls and other cryptographic protections a complete answer to RFID privacy threats. The cost of those protections will make them impractical for many applications, though, and even with more sophisticated technology, security problems will remain. This article suggests appropriate government and regulatory responses to two important categories of RFID implementation. It concludes with a way of looking at, and an agenda for further research on, wireless identification technology more generally

セキュアRFIDタグチップの設計論

In this thesis, we focus on radio frequency identification (RFID) tag. We design, implement, and evaluate hardware performance of a secure tag that runs the authentication protocol based on cryptographic algorithms. The cryptographic algorithm and the pseudorandom number generator are required to be implemented in the tag. To realize the secure tag, we tackle the following four steps: (A) decision of hardware architecture for the authentication protocol, (B) selection of the cryptographic algorithm, (C) establishment of a pseudorandom number generating method, and (D) implementation and performance evaluation of a silicon chip on an RFID system.(A) The cryptographic algorithm and the pseudorandom number generator are repeatedly called for each authentication. Therefore, the impact of the time needed for the cryptographic processes on the hardware performance of the tag can be large. While low-area requirements have been mainly discussed in the previous studies, it is needed to discuss the hardware architecture for the authentication protocol from the viewpoint of the operating time. In this thesis, in order to decide the hardware architecture, we evaluate hardware performance in the sense of the operating time. As a result, the parallel architecture is suitable for hash functions that are widely used for tag authentication protocols.(B) A lot of cryptographic algorithms have been developed and hardware performance of the algorithms have been evaluated on different conditions. However, as the evaluation results depend on the conditions, it is hard to compare the previous results. In addition, the interface of the cryptographic circuits has not been paid attention. In this thesis, in order to select a cryptographic algorithm, we design the interface of the cryptographic circuits to meet with the tag, and evaluate hardware performance of the circuits on the same condition. As a result, the lightweight hash function SPONGENT-160 achieves well-balanced hardware performance.(C) Implementation of a pseudorandom number generator based on the performance evaluation results on (B) can be a method to generate pseudorandom number on the tag. On the other hand, as the cryptographic algorithm and the pseudorandom number generator are not used simultaneously on the authentication protocol. Therefore, if the cryptographic circuit could be used for pseudorandom number generation, the hardware resource on the tag can be exploited efficiently. In this thesis, we propose a pseudorandom number generating method using a hash function that is a cryptographic component of the authentication protocol. Through the evaluation of our proposed method, we establish a lightweight pseudorandom number generating method for the tag.(D) Tag authentication protocols using a cryptographic algorithm have been developed in the previous studies. However, hardware implementation and performance evaluation of a tag, which runs authentication processes, have not been studied. In this thesis, we design and do a single chip implementation of an analog front-end block and a digital processing block including the results on (A), (B), and (C). Then, we evaluate hardware performance of the tag. As a result, we show that a tag, which runs the authentication protocol based on cryptographic algorithms, is feasible.電気通信大学201

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Transiently Powered Computers

Demand for compact, easily deployable, energy-efficient computers has driven the development of general-purpose transiently powered computers (TPCs) that lack both batteries and wired power, operating exclusively on energy harvested from their surroundings. TPCs\u27 dependence solely on transient, harvested power offers several important design-time benefits. For example, omitting batteries saves board space and weight while obviating the need to make devices physically accessible for maintenance. However, transient power may provide an unpredictable supply of energy that makes operation difficult. A predictable energy supply is a key abstraction underlying most electronic designs. TPCs discard this abstraction in favor of opportunistic computation that takes advantage of available resources. A crucial question is how should a software-controlled computing device operate if it depends completely on external entities for power and other resources? The question poses challenges for computation, communication, storage, and other aspects of TPC design. The main idea of this work is that software techniques can make energy harvesting a practicable form of power supply for electronic devices. Its overarching goal is to facilitate the design and operation of usable TPCs. This thesis poses a set of challenges that are fundamental to TPCs, then pairs these challenges with approaches that use software techniques to address them. To address the challenge of computing steadily on harvested power, it describes Mementos, an energy-aware state-checkpointing system for TPCs. To address the dependence of opportunistic RF-harvesting TPCs on potentially untrustworthy RFID readers, it describes CCCP, a protocol and system for safely outsourcing data storage to RFID readers that may attempt to tamper with data. Additionally, it describes a simulator that facilitates experimentation with the TPC model, and a prototype computational RFID that implements the TPC model. To show that TPCs can improve existing electronic devices, this thesis describes applications of TPCs to implantable medical devices (IMDs), a challenging design space in which some battery-constrained devices completely lack protection against radio-based attacks. TPCs can provide security and privacy benefits to IMDs by, for instance, cryptographically authenticating other devices that want to communicate with the IMD before allowing the IMD to use any of its battery power. This thesis describes a simplified IMD that lacks its own radio, saving precious battery energy and therefore size. The simplified IMD instead depends on an RFID-scale TPC for all of its communication functions. TPCs are a natural area of exploration for future electronic design, given the parallel trends of energy harvesting and miniaturization. This work aims to establish and evaluate basic principles by which TPCs can operate

RFID: Prospects for Europe: Item-level Tagging and Public Transportation

This report, which is part of the COMPLETE series of studies, investigates the current and future competitiveness of the European industry in RFID applications in general and in two specific cases: item-level tagging and public transportation. It analyses its constituent technologies, drivers and barriers to growth, actual and potential markets and economic impacts, the industrial position and innovative capabilities, and it concludes with policy implicationsJRC.DDG.J.4-Information Societ

Personal Privacy Protection within Pervasive RFID Environments

Recent advancements in location tracking technologies have increased the threat to an individual\u27s personal privacy. Radio frequency identification (RFID) technology allows for the identification and potentially continuous tracking of an object or individual, without obtaining the individual\u27s consent or even awareness that the tracking is taking place. Although many positive applications for RFID technology exist, for example in the commercial sector and law enforcement, the potential for abuse in the collection and use of personal information through this technology also exists. Location data linked to other types of personal information allows not only the detection of past spatial travel and activity patterns, but also inferences regarding past and future behavior and preferences. Legislative and technological solutions to deal with the increased privacy threat raised by this and similar tracking technologies have been proposed. Such approaches in isolation have significant limitations. This thesis hypothesizes that an approach may be developed with high potential for sufficiently protecting individual privacy in the use of RFID technologies while also strongly supporting marketplace uses of such tags. The research develops and investigates the limits of approaches that might be us,ed to protect privacy in pervasive RFID surveillance environments. The conclusion is ultimately reached that an approach facilitating individual control over the linking of unique RFID tag ID numbers to personal identity implemented though a combination of legal controls and technological capabilities would be a highly desirable option in balancing the interests of both the commercial sector and the information privacy interests of individuals. The specific model developed is responsive to the core ethical principle of autonomy of the individual and as such is also intended to be more responsive to the needs of individual consumers. The technological approach proposed integrated with enabling privacy legislation and private contract law to enable interactive alteration of privacy preferences should result in marketplace solutions acceptable to both potential commercial users and those being tracked