Browse Prior Art Database

An Efficient Method to Enforce Security Policies on EPCIS (Electronic Product Code Information Services) Events

IP.com Disclosure Number: IPCOM000228896D
Publication Date: 2013-Jul-10
Document File: 6 page(s) / 37K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method to enforce security policies on electronic product code information services (EPCIS) events is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 26% of the total text.

Page 01 of 6

An Efficient Method to Enforce Security Policies on EPCIS (Electronic Product Code Information Services) Events

Disclosed is a method to enforce security policies on electronic product code information services (EPCIS) events. EPCIS is an international standard that defines an XML format for supply chain events, as well as interfaces and standardized event queries. One EPCIS XML document can contain one or multiple events.

An event repository is a key component in supply chain management systems. Events provide information about products along the supply chain, such as the current product location, packaging, shipping and receiving timestamps, and so on. Events are often generated by scanning a bar code or RFID tag. An event repository must support efficient capture, validation, storage, retrieval, and analysis of events. It must also allow repository administrators to limit access to events through security policies.

A security policy defines:

Which events a user or user group can retrieve.


a.

Which parts of each event they are allowed to see.

b.

More specifically, a security policy defines conditions on the event type and content to filter events for a given user or group. It also defines which fields (elements) in the event are visible to that user or group.

Enforcing security policies on EPCIS events is a complex task for the following reasons:

Security policies allow administrators to specify and combine complex filtering conditions.


EPCIS events are extensible and can contain arbitrary user-defined fields that

can be referenced in the definition of security policies.


For performance reasons, security policies must be enforceable with minimal

processing overhead.

What existing solutions are out there?

The prevailing existing solution is for the event repository software to send EPCIS events upon capture into a set of relational database tables. That is, the original EPCIS XML data is converted to relational rows and columns. Once the events are available in relational format, security policies are implemented as relational views. For each security policy, one view is created for each table in the database. The views restrict access to rows and columns because (a) the filtering rules of a security policy are incorporated into the view definition, and (b) users can access the event information only through the views that they are authorized to use. For example, if a policy allows a user to see only a certain subset of event fields, the view contains only the corresponding subset of columns from the event table and the user can only access that view and not the underlying table.

The drawbacks of this solution include:


EPCIS events must be converted from XML to relational format for storage, and

1


Page 02 of 6

later converted back from relational format to XML upon retrieval. This extraction and reconstruction has been found to be very expensive. It is orders of magnitudes slower than storing and retrieving the EPCIS events in t...