Technical Guidelines for Implementation and Utilization of RFID-based Systems

  • Cord Bartels
  • Harald Kelter


The last years saw the introduction of contactless smartcard technology in prominent projects like ticketing for WC2006, nation-wide public transport solutions and electronic Passports. Currently major implementations of RFID in logistics and NFC-based ticketing and payment solutions are under preparation.

Especially above mentioned prominent projects have been confronted with significant public criticism. Influential parts of the society and the authorities had and still have the perception that contactless chip technology and RFID may not be secure and mature. This leads to the following situation:
  1. 1.

    Uncertainties concerning public response and customer acceptance are hampering the introduction of RFID systems

  2. 2.

    The data protection authorities are proposing dedicated legal rules for RFID usage.


By launching the project “Technical Guidelines RFID” the German Federal Office for Information Security (BSI) suggests an approach that considers and fulfills the legitimate interest of all involved parties: Citizens resp. customers, service providers and suppliers of RFID systems.

This year BSI will issue 4 Technical Guidelines for usage of contactless chip technology and RFID in major application areas: Event Ticketing, Ticketing in Public Transport, NFC-based Ticketing and Logistics.

These Technical Guidelines will contain technical advice on how to implement a system in a functional, secure and economically viable way. Potential threats for the system owner and the users are depicted, discussed and countered by appropreate security measures. Remaining risks will be described. All proposed solutions are based on standards or open specifications.

Gaining the acceptance from all parties is the most important project goal. An open discussion and integration of all potential contributors is a corner stone of BSI’s concept.

Therefore the Technical Guidelines are currently being drafted in close cooperations with leading companies from the respective application domains. These drafts have been discussed in dedicated expert workshops where all relevant groups -incl. the critics- were present. The final versions will include the comments gathered in these sessions.

In future BSI and probably also accredited evaluation facilities will offer a certification service / quality seal for implementations that follow the guidelines.

The Technical Guidelines will serve as comprehensive and neutral information source for German citizens, service providers and industry. This will build transparency and trust.

NXP Semiconductors is working the project on behalf of BSI.


Public Transport Technical Guideline Security Assessment Customer Acceptance Security Target 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BSI04]
    Britta Oertel, Michaela Wölk, Lorenz Hilty, Andreas Köhler, Harald Kelter, Markus Ullmann, Stefan Wittmann: RFID — Security Aspects and Prospective Applications of RFID Systems. In: http://www. Bundesamt für Sicherheit in der Information-stechnik (BSI), SecuMedia Verlag Ingelheim, 2004Google Scholar
  2. [BSI05]
    Bundesamt für Sicherheit in der Informationstechnik (BSI): BSI Standard 100-3 — Risk Analysis based on IT Grundschutz, Version 2.0. In: standard_1003_e.pdf 2005.Google Scholar
  3. [NIST07]
    Tom Karygiannis, Bernard Eydt, Greg Barber, Lynn Bunn, Ted Phillips: Guidelines for Securing Radio Frequency Identification (RFID) Systems. In: National Institute of Standards and Technology, 2007.Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlag | GWV Fachverlage GmbH, Wiesbaden 2007

Authors and Affiliations

  • Cord Bartels
    • 1
  • Harald Kelter
    • 2
  1. 1.NXP SemiconductorsCanada
  2. 2.German Federal Office for Information Security (BSI)Germany

Personalised recommendations