Construction of the Enterprise-level RFID Security and Privacy Management Using Role-Based Key Management

The RFID technique is extensively applied in e-Business scope. It mainly supports the quickly and accurately work for the advanced assets management. But it is still lack of privacy protection on the EPC code. For the worse case, some hackers may steal the code content easily during the cooperative business transmissions. It will cause the business secret leaking or even the consumer privacy damage. To encrypt the EPC code, we propose a two phase identification and authentication protocol with RBAC architecture to assure security. The EPC code is separates randomly into two parts by the secret sharing method. Only the one half of the EPC code is encrypted and stored in the RFID tags. The other part of the EPC code was encrypted by the private key and stored at the backend system for later decrypted used. The EPC code is decrypted when these two parts are decrypted and merged. When the owner of the tag is changed, the encrypt EPC code is merged then separated again. In this way, it is impossible has the same encrypt EPC code on the RFID tag when the owner is changed. The reader must be authorized to get the secret key before scanning and extracting the corresponding product information. Hence, it can ensure that RFID tag will not reveal important information even though it is scanned by fake or non-authorization reader. We also proposed a key management based on role-base access control method to distribute the access key and the encryption/decryption key, which aligns well with the role and the business process in a supply chain. The secret keys are managed by the role-based assignment at the enterprise level rather than at the individual level. It not only provides with more efficiency and flexibility on the role´s key management, but also enhances the security of the enterprise-level RFID system. Therefore, the number of the secret key to be managed is also reduced. With the proposed identification and authentication protocol, the RFID content is can encrypted ef- ficiently to avoid the information eavesdropping on the RFID system.