Securing industry‐wide EPCglobal Network with WS‐Security
| Published date | 01 September 2005 |
| DOI | https://doi.org/10.1108/02635570510616148 |
| Date | 01 September 2005 |
| Pages | 972-996 |
| Author | Dong‐Her Shih,Po‐Ling Sun,Binshan Lin |
| Subject Matter | Economics,Information & knowledge management,Management science & operations |
Securing industry-wide EPCglobal
Network with WS-Security
Dong-Her Shih and Po-Ling Sun
Department of Information Management,
National Yunlin University of Science and Technology, Yunlin, Taiwan,
Republic of China, and
Binshan Lin
College of Business Administration, Louisiana State University in Shreveport,
Shreveport, Louisiana, USA
Abstract
Purpose – To provide the secure web services framework in an environment designed to integrate
RFID system into the EPCglobal Network.
Design/methodology/approach – Utilizing web services helps maximize the value of
information generated from RFID systems and, taking advantage of web services security (WSS)
technology, to provide an XML-based abstraction layer for established security technologies that
delivers confidentiality, integrity, authentication, authorization, and non-repudiation in EPCglobal
Network.
Findings – This paper inspects four cases of trust relationships in one-to-one and one-to-many
teamwork models that exemplify how the proposed WSS specifications being used in industry-wide
EPCglobal Network are envisioned. For each of these cases the different security strategies were
proposed. Also a comparative view is given, of discussed security strategies which businesses may
wish to consult.
Originality/value – This first proposed secure framework integrating web services and WSS
technology to industry-wide EPCglobal Network will pro vide business an integration and
collaboration capabilities, which make it easier for trading partners to electronically share real-time
RFID data and conduct transactions in an accurate, complete, highly controlled, and secure
environment.
Keywords Identification,Data security, Electronic equipmentand components
Paper type Research paper
1. Introduction
The advent of the internet and electronic communication has enabled companies to be
more responsive to their customers. However, the uses of the same technological
advancements in business-to-business supply chain management are changing the
marketplace itself. Successful supply chain management requires a change from
managing individual functions to integrating activities into the key supply chain
process. The advantages are far more than the efforts involved in accessing the final
product, a seamless chain that operates fluidly and benefits the entire value chain by
speeding up communication between customers and their suppliers, improving service
quality, and reducing costs (Rahman, 2004). One potential solution to this capability is
The Emerald Research Register for this journal is available at The current issue and full text archive of this journal is available at
www.emeraldinsight.com/researchregister www.emeraldinsight.com/0263-5577.htm
The authors would like to thank the National Science Council of Taiwan for providing support to
this research through grant NSC 94-2213-E-224-036.
IMDS
105,7
972
Industrial Management & Data
Systems
Vol. 105 No. 7, 2005
pp. 972-996
qEmerald Group Publishing Limited
0263-5577
DOI 10.1108/02635570510616148
radio frequency identification (RFID). Through the attachment of transponders or tags
to animate or inanimate objects, and an infrastructure of networked reading devices,
physically embodied information can be automatically recorded, discovered accessed
among trading partners in global supply chain.
RFID technology is a wireless form of automated identification technology that
provides a quick, flexible and reliable way to electronically detect, track, and control a
variety of physical objects. The actual idea of RFID has been around since 1960
(Weigart, 2000). RFID has existed for more than 50 years. In recent years, RFID has
again attracted great attention due to technology advancements, heightened security
concerns due to terrorists’ threats and a competitive business environment with
emphasis on cost control and affordable RFID tag costs.
The RFID technology was first used by the allied forces to identify friend-or-foe
aircraft during the Second World War (Landt, 2001). A powerful and instant data
capture solution as it is, the widespread use of which in the global supply chain is
hampered by the absence of common standard. As the development of electronic
product code (EPC) becomes more mature and beginning to be embraced by global
commerce, the full potential of EPC and RFID is unveiling.
EPC is an industry standard for product identification (Brock, 2001). In many ways,
it is similar to the EAN barcode. The only difference between them is that EPC allows
identification of items down to serial level, such as cases and pallets, which do not have
EAN barcode. Before mass adoption of the EPC standard could take place, the
components of the standard need to be made available at an affordable cost. In order to
drive down the cost of tags, the EPC number is the only piece of information stored in
the RFID tag, which is made up of a microchip attached to an antenna. During the
automatic data capture process, the EPC is read by RFID reader via radio waves , the
data will then pass on to the EPC middleware. With internet-based back-end
infrastructure, wide adoption of the EPCglobal Network will create an “Internet of
Things” to enable all parties in the chain to draw or share real-time product
information over the internet.
EPCglobal is leading the development of industry-driven standards for the EPC to
support the use of RFID in today’s fast-moving, information-rich trading networks
(Tan, 2004). The EPCglobal Network is a method for using RFID technology in the
global supply chain by using inexpensive RFID tags and readers to pass EPC numbers,
and then leveraging the existing internet infrastructure to create a low-cost,
standards-based set of services for trading partners to discover and access large
amounts of information associated with each EPC and shared among authorized users.
It is made up of five main elements:
(1) the identification system – RFID system;
(2) RFID middleware – the Savant;
(3) conventional middleware – the EPC Information Services (EPC-IS);
(4) the EPC Discovery Service; and
(5) the Object Naming Service (ONS).
Each plays a unique and important role in enabling the secure discovery and sharing of
detailed, real-time product information.
EPCglobal
Network
973
To continue reading
Request your trial