Okay, I realize that this is heresy, but there are times when you may not want to use accepted industry or international standards. In other words, you may want to consider a (gasp!) proprietary system. Here’s why. And why not.
But first, a brief digression.
During World War II, Navajo “code talkers” served in the Marine Corps in the Pacific to communicate critical information via radio—messages the Japanese were likely to intercept. They used code words in the Navajo language—a system the Japanese were never able to break. Why? Because the Navajo language is not a written language, is highly complex and was spoken by only about 50,000 people in the entire world. In a sense, the Navajo language could be viewed as a “proprietary” system.
If you have sensitive data that must be on a label or tag, and you need to keep it private, using a proprietary system may be worth considering.
Let’s say you have an RFID-enabled employee ID badge for access to a secure area. Data on this card can theoretically be skimmed and cloned (or spoofed) if it uses a standard protocol. Or, let’s say data on a tag or label could give access to information in a database that shouldn’t fall into the wrong hands but must be accessible to authorized readers. Or, maybe you have data that you need to be in plain sight, such as on a secure document, but you want to be sure it can’t be read or counterfeited.
Certainly, there are various encryption protocols that can help prevent deciphering the data, but they cannot prevent copying. In some cases, a copy of the data is all that’s needed to gain unauthorized access to a facility or database. Additional safeguards, such as authentication, are necessary to prevent copied data from being used by wrongdoers.
Optically encoded data, such as biometric data in a standard 2D symbol, can also be “broken” and a counterfeit made.
Admittedly, this is not easy and requires skill and determination on the part of wrongdoers, but if the rewards are great enough, they will certainly try.
Here’s where proprietary systems might offer benefits.
There are a number of proprietary systems available—from RFID tags to data repositories to optical codes to encryption protocols—that are not based on published standards. In other words, they’re proprietary.
Proprietary systems can offer an additional layer of security in certain applications because they are not easily recognizable, have no publicly available standard or protocol and equipment is not widely available. A few have actually been around for some time, quietly doing their jobs, while others are relatively new to address new concerns.
But, of course, there are caveats.
First, standards-based systems undergo a rigorous review and revision process. For example, the barcode standards we rely on today—and those currently being developed—have benefited from this review process, which has identified hidden flaws or ways to improve performance. Proprietary systems do not typically undergo this type of expert review and may not be as robust.
Second, proprietary systems may be sole source. Some proprietary systems are licensed for manufacture by other companies; others are not. Sometimes, a sole source is necessary because licensing would weaken the security of the system, or a single source, as in the case of a data repository, is the only viable approach.
Finally, common-sense precautions and additional back-end system checks should also be performed. Proprietary systems can provide an additional level of security, but no single system is 100% secure.
Should you consider a proprietary system? Certainly, you should be aware of the strengths and limitations of all available options. Then, you can decide for yourself.