Privacy-enhanced filtering and collection middleware in EPCglobal networks

Collection and distribution of Radio Frequency IDentification (RFID) data are subject to various privacy concerns. These concerns are of paramount importance when sensitive data are processed (e.g., medical data). Therefore, it is crucial to treat sensitive data privacy in early stages to master the data view for upper layers and to minimize, as soon as possible, the risk of unauthorized disclosures. While most recent works focus on securing the access and visibility of collected information in the final databases, data processed in the middleware do not seem involved in the process of privacy protection. Current EPCglobal standards for RFID also suffer from insufficient attention to this issue. In this paper, we propose a privacy controller module that enhances the Filtering and Collection (F&C) middleware of the EPCglobal network. We provide a privacy policy-driven model, using some enhanced contextual concepts of the extended Role Based Access Control model. The feasibility of our privacy-enhanced model is shown by integrating our solution into the F&C middleware of the Fosstrak framework, an open-source implementation of the EPCglobal network specifications.