In the field of microchip cards that function by contact, the problem of knowing whether the card should or should not respond to such a request does not arise. An authentication protocol is indeed initiated when a smart card is inserted into a smart card reader. The insertion of the smart card into the reader by the cardholder constitutes de facto authorization for the reader to perform the authentication.
In contrast, a contactless chip cannot tell a priori what entity is requesting it to provide information. It therefore responds to any request for information by giving its identifier, without taking any precautions. Thus by using a sufficiently powerful transmitter it is possible to send such requests to any contactless chip within range of the transmitter. The chip processes the enquiry, but the response does not reach the receiver. This mode of operation is incompatible with issues of security and data protection, and it would seem desirable to integrate cryptographic functions into such chips.
At present a contactless chip equipped with a security function systematically accepts initiation of a cryptographic protocol on receiving an external request. That kind of operation has many drawbacks. If the chip employs secret key cryptography for authentication, the number of readers that can authenticate it must be very small, to prevent excessive dispersion of the secret key of the chip. If many readers hold that key, the problem of the number of keys that readers must know arises, as well as a security problem, since security is then based entirely on the inviolability of the chips and the readers.
RFID chips have cryptographic resources that are necessarily limited and, in some cases, non-reusable.
With public key cryptography, the least costly protocols require data that is used only once to be prestored in the chip. It is therefore possible to flood an RFID chip with requests, the effect of which is to exhaust this data or even to render the chip mute.