Note: this is the second in a series of blogs that highlight the ways the MIFARE SAM AV3 enhances security in various applications. View the first blog article in this series.
For people living in urban areas around the world, traffic has unfortunately become a normal part of daily life. Whether it’s getting to and from the city itself or traveling within downtown, all kinds of vehicles—private cars, rideshare services, delivery trucks and even public buses—clog roadways throughout the day, not just during rush hour. Round-the-clock congestion makes it harder for people to get where they’re going and also reduces air quality, making city life harder on everyone.
Because traffic is one of the biggest challenges of urban living, it’s a key focus for many smart city initiatives, and one tool that cities are using to address the issue is smart road tolling. In city centers, congestion charges, paid by vehicles entering the city core, limit the number of vehicles on downtown streets, reduce pollution levels and make the area friendlier to pedestrians and bicyclists. Electronic road pricing, which adjusts the toll according to traffic level, uses peak pricing during heavy travel times to encourage the use of alternate routes and alternative modes of transportation thereby reducing congestion.
Smart road tolling can also take the form of upgrading traditional tolling systems so they work more efficiently. Road tolls have always been an important source of revenue for transport agencies since they help pay for maintenance and new construction, but traditional toll-collection methods, which involve stop-and-go plazas, inevitably lead to long lines of cars.
A system for automated toll collection lets vehicles pay tolls without having to stop or even slow down and, as a result, helps keep traffic flowing smoothly, with lower pollution levels and a lot less driver frustration. As one of the various ways to implement automated toll collection, secure passive long range RFID (also called RAIN RFID) offers a particularly compelling combination of security and convenience.
When compared to the other two formats most frequently used for automated toll collection—optical and active RFID—the advantages of secure passive RFID become clear.
A camera is used to read the license plate. Software is then used to extract the plate number and identify the driver so the tolling agency can send a bill. The positive is that the system works with any car carrying a license plate, but the negative is that the system isn’t always right. Humans typically have to check and confirm the readings and the high degree of manual post-processing is inefficient and costly.
Vehicle owners buy and install an active RFID transponder, which then interacts with readers mounted at toll plazas. RFID transponders are more accurate than optical systems, so there’s little, if any manual post-processing required, but the equipment tends to be expensive, bulky, hard to moun and has a limited lifetime because the transponder needs a battery to operate.
With secure passive RFID, toll machines read a tag placed somewhere on the vehicle, such as the license plate, the bumper, inside the windshield or on a motorcycle’s headlamp. The tag can be issued in a sticker format so it’s easy to install. The tag doesn’t contain a battery (it draws power from the reader’s antenna), so it’s relatively inexpensive to produce and doesn’t require upkeep. The tag also works even in harsh weather conditions and perhaps even more importantly, uses encryption to ensure the security and privacy of tag data.
A smart toll-collection system based on secure passive RAIN RFID overcomes the drawbacks of using optical or active RFID. The setup operates automatically without human intervention, is accurate yet inexpensive to implement and uses cryptographic authentication to ensure security and privacy. It also improves tolling by adding new levels of performance and flexibility.
Security is an essential aspect of the setup because the toll-collection system has to process sensitive information, such as the name of the registered car owner and the payment card details associated with the registration. The latest passive RFID tags and especially those based on RAIN RFID (UHF) technology are equipped with special security mechanisms that help ensure that information stored on the tag remains protected from unauthorized access.
NXP’s UCODE DNA IC is based on RAIN RFID technology and designed for this kind of protection. Embedded in a tag for road tolling use cases, it offers security features such as tag authentication, so only an authorized RFID reader can access tag data.
The toll-payment transaction involves two electronic devices, the tag and the reader. Both parts of the equation need to be secure, so it’s not enough for the tag to have built-in security features. For the authentication process to remain trustworthy, the reader has to be equipped with security mechanisms, too. A convenient way to provide maximum security inside the reader is to add a dedicated secure platform, called a secure application module (SAM) inside the reader.
The SAM increases security by storing and processing system access keys and enabling encrypted communication. The SAM is a purpose-built IC that delivers very high levels of security, privacy and speed. The standard microcontroller memories and software implementations, based on crypto algorithms, typically can’t match the level of protection provided by a SAM.
NXP’s MIFARE SAM AV3, for example, is a dedicated, performance-optimized IC and a core element for a secure reader/writer system. Along with securely storing keys inside the RFID reader, the MIFARE SAM AV3 computes unique session keys, uses AES-128 encryption to protect the message and enables secure access and communication with the UCODE DNA tag IC. Upon reception of private data from the RAIN RFID tag, the MIFARE SAM AV3 handles the decryption and processing of the incoming message. Because the MIFARE SAM AV3 is designed to work with the UCODE DNA IC, it simplifies the implementation in a secure reader system and reduces time-to-market for the design.
A UCODE DNA IC is embedded in the tag/label the driver attaches to their windshield or license plate. The MIFARE SAM AV3 is mounted into a slot on the reader terminal at the toll station where it helps to protect keys and enable secure transactions. As part of its role in tag authentication and other privacy use cases, the MIFARE SAM AV3 can store the master keys used to generate tag-specific UCODE DNA keys (called “derived keys”).
One advantage of the UCODE DNA and MIFARE SAM AV3 combination is that road tolling functions can happen offline, without depending on online systems. The combination also supports the introduction of new use cases, since the UCODE DNA tag on a vehicle also supports broader smart city programs. For instance, it can be used for other automatic vehicle identification (AVI) applications, such as access control, to let certain vehicles enter restricted areas like parking spaces and for speed control, to issue citations. The UCODE DNA tag can act as an authentic credential for micropayments so you can pay for gas or access a paid parking garage without reaching for your wallet. The UCODE DNA tag can also be used to track loyalty points at gas station shops as part of a reward system for frequent purchases.
Our next blog will focus on public transport, with a description of how the MIFARE SAM AV3 protects automated fare collection (AFC) systems and other transport ticketing use cases.
For more on NXP’s solutions for smart, secure road tolling, we suggest the following resources:
RAIN RFID for electronic vehicle identification
RFID license plate in action
FEIG Vehicle Access Control System