NFC readers are no longer necessary
for many use cases. An Android smartphone with a downloaded app would
put the power of authentication in the
hands of the consumer, or allow a store
owner, distributor, or others in the supply chain to perform authentication of
products. A product-authentication
kiosk (similar to the barcode-scanning
kiosks found in many major U.S. retailers) can also be used to provide PUF
NFC authentication results as well
as pulling information from a cloud
server about a particular product instance’s origin, source of manufacturing, freshness/expiration, provenance,
and other information.
Major progress has been made in
terms of PUF packaging and form factor. The first silicon PUF circuit was a
relatively large research lab prototype
and required wired connections to a
computer for authentication, as shown
in Figure 2.
After a decade of iteration and refinement, PUF NFC tags appeared in
commercial products. Figure 3 shows a
PUF NFC tag on a Canon camera package sold in Asia and an Android off-the-shelf NFC device that can be used to
authenticate the tag.
Figure 4 is a close-up of a PUF-NFC
IC encapsulated in a tag inlay. The area
is taken up mostly by the antenna, and
the actual IC area is extremely small
(shown by the arrow). The antenna size
affects the read range. The tag shown
has a read range of about five centimeters. A small read range is useful for
applications where privacy is an issue
or for item-level tagging applications
where it is desirable to know that a particular item is being interrogated using
an NFC scan, which can be done with a
modern NFC-enabled smartphone.
The lightweight nature of the PUF-
NFC implementation also brings dy-
namic authentication capabilities
to new product types—for example,
secure paper, as shown in Figure 5.
This is a useful means of tracking the
processing of official documents (for
example, when submitted by a private
citizen to a government office for pro-
cessing) and of authenticating them.
An NFC scan made by a government
employee authenticates the document;
the authentication verification server
can also record the geolocation and
timestamp associated with the authen-
ticated document. This allows a citizen
or a government audit agency to more
easily track which processing step the
document is undergoing as well as the
whereabouts of the document.
When applied to an ID card, the
PUF NFC approach not only allows a
public employee to authenticate the
identity of a private citizen, but also
allows a private citizen to make sure
a person who claims to be a public
employee is not a fraud (for example,
a public employee visiting a private
citizen’s house to perform inspection
and possible repairs). An NFC scan
with a smartphone would authenti-
cate the employee’s ID card, and an
image of the card could be accessed
on the homeowner’s smartphone to
make sure the picture and other vital
information on the card have not been
altered. A work order associated with
the task that the visiting public em-
ployee is authorized to perform can
also be displayed. Pervasive authen-
tication by both the public employee
and the private citizen would promote
better public-sector accountability.
Previously, RFID scans required ded-
icated readers, which may be feasible
to distribute to public employees or in
other enterprise settings, but would be
cumbersome if not cost-prohibitive to
distribute to private citizens. A modern
NFC-enabled smartphone, when used
with a PUF NFC tag, democratizes au-
thentication, putting the power of au-
thentication in the hands of a private
Figure 3. Commercial deployment, 2014.
Figure 2. MIT silicon PUF prototype, 2002.
Figure 4. PUF NFC tag.
PUF NFC IC
Figure 5. PUF embedded in secure paper.
PUF NFC IC