Continuous RFID-enabled authentication and its privacy implications

Radio-frequency identification (RFID) technology has gained a broad popularity in many application areas including supply chain management, retail shopping and access control. This paper explores the use of RFID at the workplace and its implications to employee privacy. In particular, we discuss the use of RFID for continuous authentication in a corporate environment. Continuous authentication provides the benefit of constant or highly periodic verification that the same authorized user accesses the computer system. In a case study presented here, employees use a knowledge- or biometric-based authentication scheme to gain initial entry to a computer system, while RFID is used subsequently to continuously verify the presence of a valid user. This paper studies the relationship between usability of such an authentication scheme and the degree of protection it provides. We also examine the balance between the increased security brought by adopting an RFID-enabled continuous authentication system and the impact that it could have on employee privacy as a result of increased tracking of many aspects of the users´ activity.