One of the essential premises of any proof of attendance system that uses RFID and NFC technology is that it proves that known people have visited certain locations at particular times, and carried out pre-defined tasks. The aim of this article is to explain this in layman’s terms, also why I am confident that it pretty much does exactly that. And more.
The first bit is simple. As NFC technology only has a range of about 5cm, and a phone has a unique identifier in the form of an industry standard IMEI number, it is pretty easy to prove that an NFC enabled smartphone (meaning it can read RFID tags) has been to a location where an RFID tag is fixed or mounted.
OK, so I know that my NFC reading mobile device has been close to an RFID tag. So what? Well, it is also relatively straightforward to develop an app that requires a user to be logged in using a unique ID and password. So, if we use said app to read the RFID tag while logged in as a particular person, then we now know that said person has been a maximum of 5cm away from the tag. And with the addition of a few other fairly simple pieces of functionality to the app, we also know exactly what time that person was there.
Just to expand on the last point a little, sometimes we get asked if it wouldn’t be pretty simple for a smart person to adjust the time on a phone thereby making it appear that a tag had been swiped at a different time to what it was in reality. Well in fact no, because as long as you ensure that the activity is ultimately recorded by sending information to a secure remote server, which cannot be tampered with and is constantly synchronising with the atomic clock, it is very easy to know that the phone is either lying, or has been tampered with to make it appear like it is. Adjustments can then AUTOMATICALLY be made, server side, to the activity log. Trust me, we are smart on this one, and there is no way around it!
Alright, so now we know that a particular phone with an identifiable person has been in close proximity to an RFID tag at a certain time… what about the tag itself? How do I KNOW that it is unique, and hasn’t just been cloned so that somebody who is purporting to be doing our firewalks isn’t in fact swiping cloned tags in their front room? Well this is where some further explanation is required relating to the nature of RFID tags and why they are especially appropriate for this kind of solution. Firstly, there are 4 memory banks contained within a (UHF Gen 2) RFID tag memory bank. Each bank is labelled with a number that is assigned by EPCglobal®. In case you are interested, EPC global, is a GS1 initiative to innovate and develop industry-driven standards for the Electronic Product Code™ (EPC) to support the use of Radio Frequency Identification (RFID). A kind of self-appointed regulator, if you like. The memory bank that we at TourTraxUK read to prove attendance is the TID memory. The TID is commonly known as the “Tag Identifier” and is typically 32-80 bits in length, and contains the chipsets type and manufacturer. It is alphanumeric and is almost certainly unique to any RFID tag. The TID number is read only and cannot be rewritten.
We believe that any proof of attendance solution should not be writing information to tags, because this would mean that potentially secure, sensitive information could be stored in an environment that is NOT secure and could be copied or replicated. By this I mean the tag itself. All we do is read the TID of the tag, send it to our servers, and at that point we know that a person has visited the tag and at what time. Giving us our bullet-proof activity log. We may also send instructions down to the phone that things need to be done (checks need to be carried out in that location, or maybe a form needs to be completed), based on functionality that is associated with the TID of the tag. But just to be clear, all of this is done at the server level and no information is stored on the tag itself. The eagle eyed amongst you may have noticed that I said previously that the TID of any RFID tag is almost certainly unique. In fact, it is up to the manufacturer of the tag to generate the TID and therefore there is the remotest possibility that two different manufacturers COULD generate a TID that is the same. But bearing in mind that TID’s are typically 32-80 bits in length and alpha-numeric, this is mathematically bordering on impossible. It’s a bit like that old story that if you tied a monkey to a typewriter and gave it enough paper, eventually it will type a Shakespeare play. Assuming it is immortal, and never inclined to give up, of course. But we are pretty confident that if it came to a court of law, where proving attendance and compliance activity would need to be proven beyond reasonable doubt, RFID technology used correctly in conjunction with NFC PROVES attendance and activity. Combine it with GPS locating, then there is no reasonable doubt.
What is without doubt however, is that it proves it a lot more than writing it down in a log- book. I would also like to point out that it is also completely fire and water resistant!
For more information about how we can help you to prove your compliance activity, mitigate your risk and save you money on insurance premiums… please contact Richard Dickety on 07779 563 678 or 01634 757 088.