What a fortunate day!!! After all the precious time spent in education, you finally graduate with flying colors. You are very happy and anxious to take on all of life’s challenges, look forward to an impressive job in a reputed firm and show the world your achievements. Finally, you get your first interview call and the first thing asked in the communication mode is the valid documents in original, which will be required for verification. You gather all your belongings and enter the interview premises. Alas you see that there are more than a dozen of people being called, of which you are one of them. After the entire interview process, you are asked to wait till the documents are verified by the placement agent / prospective employer. No doubt, either the documents or its copies are with them and they would take about a month or so to get these verified. What happens during this month? There are so many what-ifs going around in that fresher’s minds. There is precious time wasted by the prospective employer and guess what, if there’s a placement agency involved, they will actually be going haywire with all these pending decisions. After all these efforts and time spent, a final what-if about “the prospective employer hires a fresher with fake certificates” is still lurking on everyone’s minds. Ever imagine what RFID can do here?

Here’s where RFID helps all the entities in speeding up this process. Yes, we are talking about smart RFID controllers embedded inside the documents that could self certify, self authenticate and self verify its contents. No internet, no couriers, no waiting, no hassles, on the spot verification and quick decisions taken. Surprised??? With smart cards and RFID already enhanced by several manifolds in last few years, all of this is now possible.

We have come a long way to evolve these secured documents. Initially we had manually written signed & stamped documents, which eventually we switched to electronically printed documents with issuers and document holder’s photograph. With this also being duplicated, we started to put various security features on the physical document like UV inks, micro-prints, security threads, etc., which are comparable to what is being used in currency notes. With these traditional security features like holograms, anti-copy, invisible water-marks, etc being not sufficient enough to prove the authenticity of the document, as a recent and ultimate solution, we now introduce smart RFID controllers, which are highly secured and certified with Common Criteria, embedded into these physical documents. With combined security features which are visible and invisible, electronic chips enhance the protection from all the fake documents. Securing documents is a relative term, and just like selecting the right solution for an application, it is very important to select the right RFID chip for this application. There are several RFID chips available from those that are unsecured or purely free readable, to highly secured controllers that implement the highest level of secured key management systems.
The categories of RFID chips are:
• Pure UID based chips,
• Hardwired memory logic chips,
• Hardwired crypto memory logic chip and
• Smart controllers with crypto co-processors.

So, in order to be fully prepared with the best available security for the documents, one must use the smart RFID controllers and implement a PKI based Key Management System. We are now talking about all the security encryption algorithms and digital keys & signatures available on a tiny chip that could enable self-verification of its data content and authenticate itself as being genuine. As seen above, not all RFID chips can do this. Only the smart RFID controllers that can operate over a standardized radio frequency on standardized protocols with open source crypto algorithms and digital keys & signatures can perform these jobs.

In our case, the entire process of enabling a document with these security features offered by a smart RFID controller consists of embedding this chip into a blank specialized paper with watermarks, then doing security micro prints using specialized inks and processes, including UV threads, electronically personalizing the smart RFID controller, printing the candidate’s details, signing and stamping by an official, plastic lamination of the document for longer life, presenting it folded with a ribbon to the candidate in a ceremony and finally having this self verified by anyone involves various entities right from the RFID to paper embedder, a scheduled security printer, various university department officials, placement agencies, the employer and finally the verifier, in general. If the solution is not open and standardized, the trust factor on the solution dies out immediately with plenty of ifs and buts.

Like in this case study, there are plenty of application areas wherein along with other so-called “cosmetic” security features, a document would be highly secured using the services of embedded smart RFID controllers. There are secured documents everywhere, Government Departments, Documents issued by Special Bureaus, Banking and Financial Undertakings, High Value Investment Instruments, Inter-industry certifications, Permits and Authorizations, Legal Proceedings, Land Record Documents, Title Deeds to name just a few. In other words sky is the limit to this solution.

Coming back to the smart RFID controllers, these are enhanced micro-controllers with strong and fast crypto hardware co-controllers which support all the possible data security encryption technology available as of today. These micro-controllers operate on a standardized radio frequency which it uses to power up the chip as well as for communication. They run an open source operating system that supports high-level application development to use all the security algorithms supported by the chip’s hardware, thereby giving full flexibility to the solution developers. We look upon a particular product offering from NXP Semiconductors i.e., the SmartMX series, and an open source operating system the JavaCard / OpenPlatform or the JCOP. This chip supports symmetrical cryptographic algorithms like 3K-3DES and 128-bit AES along with the well-known asymmetric public key infrastructure based key-pairs like upto 2048-bit RSA and 192-bit ECC. Apart from all this, the SmartMX hardware also supports the SHA-1, SHA-224 and SHA-256 hash algorithm. With data retention time of minimum 20 years and 500K read/write cycle endurance, this chip fits all the requirements of this application at its best. JavaCard / OpenPlatform operating system acts as an icing on the cake, providing all the power to the system integrators to program this chip to function the way they want it to.

However, since you have the power to design and program this chip, certain things should be very well implemented to have the best security possible. They are as follows:
- Use the best available security algorithm provided by the smart RFID controller
- Design a secured Key Management System for the card access and authentication
- Use Hardware Security Module at the backend to encrypt all the processes involved with the personalization of the smart RFID controller in the document and further activation processes
In smart RFID controller embedded documents, the key application requirements here are as follows:
1. To prove that the chip is genuine based on the verification of the self-generated PKI keys,
2. Self-authenticating by verifying the public key from the reader / application,
3. Reading out the hashed and digital signature signed contents for further verification in an encrypted format, and finally
4. Recording a log all the successful verifications done during its life time.
If any of these points are not satisfied, the entire purpose of embedding an RFID chip in the document is a waste of time, efforts and money.



As a part of the personalization process, the document issuing authority generates an RSA Master Key Pair inside its HSM. The smart RFID controller document then generates its own RSA key pair. The content electronically stored on this document is protected with the documents key-pair and encrypted with the issuing authority’s Master Key and finally the data is stored onto the chip.

As a part of the verification process, the application, which is a one-time installation, uses a standard computer with ISO 14443 type A part 4 compliant reader. This application can be made available either from the issuing authority’s website or in an encrypted format via email. This application contains the issuing authority’s public key of its Master Key-pair so that all the documents issued by it can be easily verified. To add more to this, if the verifying authority has an NFC mobile phone, then an application for that mobile phone can also be made available, allowing the verifying authority to perform the necessary verification on the go.

Overall, the cost of implementation of smart RFID controller into a document is very low as compared to the installation and maintenance of huge online data-farms and preventing it from various types of online attacks. Coming back to the secured document, the real world challenges that this document would face consists of the RFID components to resist heat, pressure, bend stress, UV-protection, X-Rays, infrareds, and finally manhandling wherein, they are more prone to damage as compared to a plastic card. However the way these documents are manufactured, makes them as reliable and durable as plastic cards. As a result, we have a long lasting reliable and durable document that has been embedded with a smart RFID controller, that can self verify and certify its own contents. The best part is that we could still print on the top of this smart RFID controller embedded document using any printer just like a normal paper document, either with a LaserJet or with a desk jet printer, considering that dot-matrix printers are completely outdated.

As a benefit to the issuing authority, it gives them the state-of-the-art security technology, a non-replicable solution, reduction in workload with offline verification of its documents, low cost of ownership on its infrastructure and added credibility value to the entire system.
As a benefit to the document holders, on the spot verification saves overall turn-around time for their processes and adds value to them when presented in the market.
As a benefit to the verifying authority, it provides them with hassle-free verification process, no in-transit document losses, quick verification, online lump sum payment of verification charges if any, lower cost of verification if opted for and agreed by the issuing authority and lower cost of ownership for the verification hardware as same hardware can be used to verify other issuing authority’s documents using the same technology.

A sample demo application is going to be demonstrated in the upcoming Cartes show in Paris. Please visit us there.

For more details on the case study, smart RF controllers mentioned, embedding techniques that can be used, physical security measures implemented and derived verification methods please feel free to contact AdvanIDe local sales representative or email us at info@advanide.com.