Okay, I realize that this is heresy, but there are
times when you may not want to use accepted
industry or international standards. In other words,
you may want to consider a (gasp!) proprietary system.
Here’s why. And why not.
But first, a brief digression.
During World War II, Navajo “code talkers”
served in the Marine Corps in the Pacific to communicate
critical information via radio—messages
the Japanese were likely to intercept. They used
code words in the Navajo language—a system the
Japanese were never able to break. Why? Because
the Navajo language is not a written language,
is highly complex and was spoken by only about
50,000 people in the entire world. In a sense, the
Navajo language could be viewed as a “proprietary”
system.
If you have sensitive data that must be on a label
or tag, and you need to keep it private, using a proprietary
system may be worth considering.
Let’s
ADVERTISEMENT
|
say you have an RFID-enabled employee
ID badge for access to a secure area. Data on this
card can theoretically be skimmed and cloned (or
spoofed) if it uses a standard protocol. Or, let’s say
data on a tag or label could give access to information
in a database that shouldn’t fall into the wrong
hands but must be accessible to authorized readers.
Or, maybe you have data that you need to be in
plain sight, such as on a secure document, but you
want to be sure it can’t be read or counterfeited.
Certainly, there are various encryption protocols
that can help prevent deciphering the data, but they
cannot prevent copying. In some cases, a copy of
the data is all that’s needed to gain unauthorized access
to a facility or database. Additional safeguards,
such as authentication, are necessary to prevent
copied data from being used by wrongdoers.
Optically encoded data, such as biometric data
in a standard 2D symbol, can also be “broken” and
a counterfeit made.
Admittedly, this is not easy and requires skill and
determination on the part of wrongdoers, but if the
rewards are great enough, they will certainly try.
Here’s where proprietary systems might offer
benefits.
There are a number of proprietary systems
available—from RFID tags to data repositories to
optical codes to encryption protocols—that are
not based on published standards. In other words,
they’re proprietary.
Proprietary systems can offer an additional layer
of security in certain applications because they are
not easily recognizable, have no publicly available
standard or protocol and equipment is not widely
available. A few have actually been around for some
time, quietly doing their jobs, while others are relatively
new to address new concerns.
But, of course, there are caveats.
First, standards-based systems undergo a rigorous
review and revision process. For example, the
barcode standards we rely on today—and those
currently being developed—have benefited from
this review process, which has identified hidden
flaws or ways to improve performance. Proprietary
systems do not typically undergo this type of expert
review and may not be as robust.
Second, proprietary systems may be sole source.
Some proprietary systems are licensed for manufacture
by other companies; others are not. Sometimes,
a sole source is necessary because licensing
would weaken the security of the system, or a single
source, as in the case of a data repository, is the only
viable approach.
Finally, common-sense precautions and additional
back-end system checks should also be
performed. Proprietary systems can provide an
additional level of security, but no single system is
100% secure.
Should you consider a proprietary system? Certainly,
you should be aware of the strengths and
limitations of all available options. Then, you can
decide for yourself.
|
