Security Requirements
Security requirements to be imposed on a planned RFID application, i.e. encryption and authentication, should be assessed very precisely to rule out any nasty surprises in the implementation phase. For this purpose, the incentive that the system represents to a potential attacker as a means of procuring money or material goods by manipulation should be evaluated. In order to be able to assess this attraction, we divide applications into two groups:

industrial or closed applications;
public applications connected with money and material goods.
This can be illustrated on the basis of two contrasting application examples. Let us once again consider an assembly line in the automotive industry as a typical example of an industrial or closed application. Only authorised persons have access to this RFID system, so the circle of potential attackers remains reasonably small. A malicious attack on the system by the alteration or falsification of the data on a transponder could bring about a critical malfunction in the operating sequence, but the attacker would not gain any personal benefit. The probability of an attack can thus be set equal to zero, meaning that even a cheap low-end system without security logic can be used.

Our second example is a ticketing system for use in public transport. Such a system, primarily data carriers in the form of contactless smart cards, is accessible to anyone. The circle of potential attackers is thus enormous. A successful attack on such a system could represent large-scale financial damage to the public transport company in question, for example in the event of the organised sale of falsified travel passes, to say nothing of the damage to the company’s image. For such applications a high-end transponder with authentication and encryption procedures is indispensable. For applications with maximum security requirements, for example banking applications with an electronic purse, only transponders with microprocessors should be used.

Memory Capacity
The chip size of the data carrier – and thus the price class – is primarily determined by its memory capacity. Therefore, permanently encoded read-only data carriers are used in price-sensitive mass applications with a low local information requirement. However, only the identity of an object can be defined using such a data carrier. Further data is stored in the central database of the controlling computer. If data is to be written back to the transponder, a transponder with EEPROM or RAM memory technology is required.

EEPROM memories are primarily found in inductively coupled systems. Memory capacities of 16 bytes to 8 Kbytes are available. SRAM memory devices with a battery backup, on the other hand, are predominantly used in microwave systems. The memory capacities on offer range from 256 bytes to 64 Kbytes.