Authenticated RFID—The Next Level of Protection for Pharmaceutical Product Verification

To combat the problem of counterfeit and compromised drugs, four seasoned RFID companies are combining their most sophisticated capabilities to create a new level of security in the supply chain and a new level of safety in patient meds. Texas Instruments, 3M, VeriSign, and CCL Label each have an major and integral role in developing a new Authenticated RFID system—nicknamed "RxID"—that benefits from unique digital encoding in RFID silicon chips.

This approach is built on existing industry ISO/EC standards and Public-Key Infrastructure (PKI) technologies, adding a new layer of authentication to drugs at the individual package—and eventually individual item—level. The end result will be elevated confidence in the security of the pharmaceutical supply chain as ultra-secure RFID authentication is combined with validated chain-of-custody transactions.

The Authenticated RFID model has several possible implementation levels, and can grow as supply chain verification systems grow. One of its first applications is "bookending" authentication of pharmaceutical packages from the manufacturer to destination pharmacy or hospital. Supply chain safety is confirmed through real-time, off-network reader verification, and this system can be implemented quickly, without extensive investments in hardware or software systems.

What makes this bookending verification possible is Pharmaceutical Manufacturer ID (PMID) and Unique Identifier (UID) codes that are factory-locked into the RFID silicon chips, and are further encrypted with a manufacturer's private key. Readers that are periodically updated with public keys can verify that any PKI-coded tag is authentic. As the model is subsequently adopted throughout the pharmaceutical supply chain, the robust architecture supports an extensive electronic pedigree (or ePedigree) system with multiple layers of electronic and physical security.

Texas Instruments and VeriSign customized the details of the encoding architecture, 3M developed the reader software and integration technology, and CCL Label will manufacture, encode, and assemble the labels. CCL Label is the dominant manufacturer of labels for the pharmaceutical industry, and VeriSign is responsible for the PKI certification for about 85% of Internet e-commerce transactions.

These four companies each have leading technologies in the industry. Together, they have forged a solution that can be quickly implemented today on a system architecture that will be able to grow as RFID implementations grow. The first tags are being produced for a program being implemented by TAP Pharmaceuticals.

"We're offering something unique," says David Chose, RFID Business Development Manager for CCL Label. Chose says that new readers by 3M will encode tags at the CCL Label facility in Hightstown, NJ. He explains that the entire system is designed to complement and support EPC codes and systems.

Joseph Pearson, Pharmaceutical Business Development Manager at Texas Instruments, explains that the advantages of the technology are that it is a covert solution that cannot be altered, and that it provides an automated solution that doesn't necessarily require an educated user. In addition, the system is built on existing standards and technology that are not proprietary or restricted. "All we are proposing is based on open technology standards," Pearson says. He adds that the companies are not looking to hoard every application of the system, hoping to profit as the system gains acceptance. "Beyond that, we are happy to play in the open market," says Pearson.

The concept is to use the technology for bookending now, or when just starting out, then fill in the middle as time goes on. The system can work without being tied to a network and still achieve the minimal bookending authentication. When networking expands, the authentication and encryption technology by VeriSign will allow additional layers of verification confidence and additional layers of consumer confidence in the pharmaceutical supply chain.

The VeriSign technology allows disparate moments in the supply chain to communicate with each other securely, says Trent Peterson, VeriSign's Senior Manager of Business Development. "We have the capability to connect parties that may not be next to each other in the supply chain," says Peterson. He explains that the factory codes and digital signatures actually reside in different areas of the chip. VeriSign has employed similar verification techniques in other applications, such as cable modems, to prevent piracy of modem technology and cable services.

The Authenticated RFID model enhances item-level product security in real time, independent of a connection to a host network, by creating strong authentication between the factory-coded tag and an Authenticated RFID reader. This model uses well-established ISO/IEC 13.56 MHz standard RFID plus standards-based public key technology, digital signatures, and data encryption.

After initial implementation of RFID and PKI end-to-end item-level authentication, the integration of more and more points in the chain of custody provide ever increasing levels of confidence in the supply chain. Because the Authenticated RFID model is based on proven, open security algorithms, the integrity of the systems does not rely on proprietary security, which runs a greater risk of being compromised. The Authenticated RFID model specifies a 1,024-bit key size that provides an extremely high level of security.

The RFID Transponder's UID and PMID storage of data on an RFID transponder or tag is divided into different blocks or segments of memory. One segment of the RFID chip's memory is reserved for the UID. The UID consists of a RFID tag vendor number and a number unique to the individual chip. It is etched into the silicon and is locked at the point of chip manufacturing so that the chip cannot later be changed.

In addition to the UID, Authenticated RFID transponders are also programmed with a PMID number by the RFID tag manufacturer. The PMID is a new concept introduced by the Authenticated RFID model and equates to the pharmaceutical manufacturer's Labeler Code as found in the National Drug Code (NDC) number or any other manufacturer-selected schema. Similarly to the UID, the PMID is locked by the RFID manufacturer creating an unalterable code.

The Authenticated RFID solution uses a tag digital signature to ensure that the tag is genuine to a specific pharmaceutical manufacturer and is not counterfeit. The UID and PMID are the basis for the message to be encrypted. The steps to generate a tag digital signature are to first read a tag and then condense the data with a SHA-1 Hash algorithm into a few lines which are called the "message digest." The Authenticated RFID reader uses its private key to encrypt the message digest, resulting in the digital signature, which is then written and locked into the tag memory.

Unlike a standard RFID reader, the Authenticated RFID reader is PKI-enabled and is also compliant with ISO/IEC 15693 and ISO/IEC 18000-3 standards. It is used by authorized pharmaceutical supply chain participants, starting with the pharmaceutical manufacturer. Access to the network connection via the Internet for periodic public-private key pair updates will be required for most Authenticated RFID readers.

In a fully rolled out scenario, the Authenticated RFID reader performs the following four functions:

1. Authenticates tags that are presented using digital signature verification techniques.
2. Programs the chain-of-custody event marker to tags that are presented.
3. Authenticates itself with the network.
4. Communicates relevant event information, including digital signatures and event markers, to the local computer system.

The local computer system receives the information about the tag from the Authenticated RFID reader and provides external distributed data network access to the required information about the tag data and the particular supply chain events. PKI and Digital Signatures PKI is a security architecture that combines software, encryption technologies, and services that enable enterprises to protect the security of their communications and business transactions.

In the pharmaceutical supply chain, a PKI infrastructure provides a protected environment for safe information exchange at every stage. PKI relies on public key cryptography that uses a pair of mathematically related cryptographic keys—a public key and a corresponding unique private key. While the keys are mathematically related to each other, it is computationally unfeasible to calculate one key's encryption from the other when using a 1,024-bit key size. The public key is freely distributed; the private key is kept private.

The Authenticated RFID model uses a private key to generate a digital signature for a particular tag, which is authenticated using a public key. A digital signature is a unique "stamp" placed on the data which assures that the originator, and therefore the message or product, is genuine. The PKI methodology applied in the Authenticated RFID model consists of two types of cryptographic security algorithms for digital signatures.

This new solution brings together a combination of hardware and a service-based architecture to provide manufacturers with multiple lines of defense in addressing the issue of product counterfeiting and supply chain diversion. There are several levels of security that can be adopted gradually as the supply chain data collection becomes more robust.

In the future, more verification points will be read throughout the supply chain. Authenticated RFID readers are designed to first authenticate a tag digital signature, and then create event validation information for both the tag and data network. Starting with the production data, supply chain event information is provided via the host application to a network and is associated with the tag information. As the tag moves through the supply chain, the Authenticated RFID reader has the capability to record additional events to the tag.

These events are date/time stamps and are stored on the tag as event markers, and they do not contain any product or location information. This capability allows for another level of authentication when comparing the event data written to the tag to corresponding event data stored in a distributed data network. The Authenticated RFID reader may also have the capability to digitally sign the event data stored in the network to further increase the difficulty of falsifying, modifying, or recreating the network stored events and corresponding markers on the tag.

Technical details of this article were provided by two white papers. "Securing the Pharmaceutical Supply Chain with RFID PKI Technologies" was authored by Joseph Pearson of Texas Instruments, and "Securing the Pharmaceutical Supply Chain — the Authenticated RFID Platform" was authored by Dr. Andrew Dubner of 3M.