Abstract
It is estimated that over 3 billion radio frequency identification (RFID) tags have been deployed through 2007. Most tags are used in supply chains where the electronic product code (EPC) and associated business event data are transmitted through RFID networks. Security and privacy issues are critically important in RFID networks because EPC data and their associated business events are valuable assets. Companies need to share these data with restricted business partners and, under some conditions, such as product recall, more widely with regulators and non business partners. At present, no security or privacy framework has been chosen as an EPCglobal standard due to the difficulty of sharing information between parties who have no direct business relationships and hence no business rules for sharing these data. To date, no security schemes have been deployed that can support multiple identity techniques and interchangeable complex business rules, as required by RFID networks. In this paper, we propose an Interoperable Internet Scale Security framework (IISS) for RFID networks. IISS performs authentication and authorization based on an aggregation of business rules, enterprise information, and RFID tag information. IISS provides a protocol for several authentication schemes and identity techniques detailed here. It also provides an engine for reasoning over business rules across domains. Moreover, IISS is able to resolve provenance information of RFID tags, which can identify the track of a particular piece of EPC data. We describe the IISS framework and the ontologies to model the information in IISS. We also discuss how the IISS framework can be developed for access control in RFID enabled supply chains.