| EPCglobal Network is an implementation of Internet of Things (IoT)based on Radio Frequency Identification (RFID) technology. In order toachieve and utilize all information spanning across multiple enterprises for anobject, a Discovery Service is proposed in EPCglobal Network to obtain alladdresses of data sources via the unique identifier of the object. However, dueto the confidentiality of enterprise information, a sound data access controlmechanism for both read and write operations is required for DiscoveryService, so that an enterprise will publish the data source address of theirobjects. Besides, as the publish operation will be incorporated into themanufacture and logistics processes in an immediate manner, the publishoperation must be high efficient. The current researches on Discovery Servicelack a secure and available access control mechanism, neither does asystematic mechanism to assure high efficient services.This paper makes contributions as follows. Firstly, a P-Token baseddynamic item-level access control mechanism is presented to ensure the datasecurity. Within this novel mechanism, the P-Token of an item is initializedwhen it’s manufactured, and the P-Token will be stored into the User Bank ofRFID tag and get passed through the supply chain. Only by providing the validP-Token can a user publish address record or update the current P-Token, andonly by providing the P-Token when published, or the valid current P-Token,can a user see the address record. Also, the authenticity, integrity andconfidentiality of P-Token are ensured by applying asymmetric cryptographicalgorithm when passing P-Token down the supply chain or sending P-Tokenbetween users and Discovery Service. Secondly, a distributed in-memory data storage architecture is proposed to achieve high scalability and high serviceefficiency. Based on Distributed Hash Table (DHT) technology, every nodewill store its data resources in memory directly to assure high efficient readand write operations. Resources are backed up to other nodes asynchronouslyto assure the data security when the backup buffer gets full or the timer timesout. Resources get persisted asynchronously to assure the availability ofmemory space when the memory usage arises to certain threshold or theresources are not accessed for long, meanwhile the data can be transferred totraditional storage system by implementing extensible data persistencechannels. Thirdly, a binary encoding based high efficient data communicationarchitecture is implemented to further achieve high service efficiency. Byapplying Google Protocol Buffers technology, the messages are effectivelycompressed into binary format, the data volume is reduced and the efficiencyto transfer data is improved, meanwhile the language independence andplatform neutrality are maintained.This paper firstly introduces the research background and research statusfor Discovery Service and identifies the current inadequacies, as well as theresearch contents and the technical route of this paper. Then the system designis depicted by proposing a P-Token based security mechanism, a distributedin-memory data storage architecture, and a binary encoding based highefficient data communication architecture. Then the system implementation isdescribed by presenting the details of system communication layer, systemservice layer, data storage layer, as well as data persistence layer. In the end, aconclusion of this paper is given, together with prospects for futuredevelopment. |
PDF Full Text Request