SupplyChainSecurity_20081208__ckh2.ppt

SYSTEMS Copyright © 2008 - Q.E.D. Systems

Supply Chain Security

by: Craig K. Harmon, Chair, ISO TC 122/104 JWG2008-12-09


Craig K. Harmon • President & CEOCraig K. Harmon • President & CEOQ.E.D. Systems Q.E.D. Systems

• Chair, ISO TC 122/104 JWG - Supply Chain Applications of RFID (TC 122/WG 10)• Chair, RFID Experts Group (REG)• Founder, JTC 1/SC 31• Chair, ISO TC 122/WG 4 (Shipping Labels) & ISO TC 122/WG 7 (Product Packaging)• Vice-chair, ASC MH 10 and U.S. TAG to ISO TC 122 (Packaging)• Chair, JTC 1/SC 31/WG 6 - Mobile Item Identification and Management• Senior Project Editor ISO/IEC JTC 1/SC 31/WG 4 (RFID)• Project Editor, ISO 18185-5 (Electronic Container Seal - Physical Layer)• Joint Automotive Industry Forum (JAIF) JAMA/JAPIA/AIAG/ODETTE) – Returnable Transport Items• AIAG Bar Code, Applications, 2D, Tire, Returnables, & RFID Committees• Member, EPCglobal HAG (UHFGen2), FMCG BAG, HLS BAG, SAG, TLS, TDS, AIWG, SBAC• JTC 1 & TC 104 Liaison Officer to the International Telecommunications Union (ITU-R & ITU-T) • ISO TC 104 & 122 (Freight Containers / Packaging) Liaison Officer to JTC 1/SC 31• Past Chair, U.S. TAG to ISO/IEC JTC 1/SC 31/WG 4 (RFID)• Past Chair, ASC INCITS T6 (RFID) - ANS INCITS 256:1999, 2001• Advisor and Member of USPS Strategic Technology Council• Chairman & Project Editor, ANS MH10.8.2 (Data Application Identifiers)• Original Project Editor, NATO STANAG 2233 (RFID for NATO Asset Tracking)• Vocabulary Rapporteur to ISO/IEC JTC 1/SC 31, ISO/IEC 19762 - Harmonized vocabulary• CompTIA RFID Subject Matter Expert and RFID Certified Professional (CRCP) - RFID+• Recipient of the 2004 Richard Dilling Award

This presentation posted at: http://www.autoid.org/presentations/presentations.htm


ISO TC 104(Freight

Containers)


Three tags – Three tags – different purposesdifferent purposes

Electronic Seal -ISO 18185

Container ID Tag - ISO 10891 (nee ISO 10374.2)

Supply Chain Tag - ISO

17363


Freight container standards and Freight container standards and associated frequencies associated frequencies

433 MHz(18000-7)

850–950 MHz*

860–960 MHz

(18000-6C)

2 450 MHz(24730-2)

2 400–2 500MHz*

ISO 10374

ISO 10891

ISO 17363

ISO 18185

*Note: Columns without a parenthetical reference standard have no published or in process air interface standard and may be considered proprietary. ISO/IEC 18000-7 and ISO/IEC 24730-2 are called out in ISO 18185


Global Freight Container Global Freight Container Band AssignmentBand Assignment

• In May 2003 ISO TC 104 petitioned the ITU for a frequency band that would provide– a frequency hopping spread spectrum (FHSS), passive frequency; and,

– a narrow band, active frequency.

• At that time TC 104 suggested ISO/IEC 18000-6 and ISO/IEC 18000-7, respectively.

• It is unlikely that the currently in-place air interfaces would be selected for a common frequency band for freight containers, because:

– 433 MHz (ISO/IEC 18000-7) is an ISM band in various regions,– 860 – 960 MHz (ISO/IEC 18000-6) is an ISM band in various regions, and– 2450 MHz (ISO/IEC 24730-2) is an ISM band in all regions.

• Ultra Wide Band may be the most viable frequency allocation for marine containers


ISO TC 122/104Joint Working Group

(JWG)(Supply chain applications

of RFID)


The Layers of Logistic Units The Layers of Logistic Units (Radio Frequency Identification (Radio Frequency Identification

Item Item Item Item Item Item Item Item Item Item Item Item Item Item Item Item

Pkg Pkg Pkg Pkg Pkg Pkg Pkg Pkg

TransportUnit

TransportUnit

TransportUnit

TransportUnit

Unit Load“Pallet”

Unit Load“Pallet”

Container(e.g., 40 foot Sea Container)

Movement Vehicle(truck, airplane, ship, train)

Layer 5

Layer 4 (433 MHz)ISO 17363(Freight containers)

Layer 3 (860-960 MHz)(Other 18000 with TPA) ISO 17364(Returnable transport items)

Layer 2 (860-960 MHz)(Other 18000 with TPA) ISO 17365(Transport units)

Layer 1 (860-960 MHz with TPA)(13.56 MHz with TPA)ISO 17366(Product packaging)

Layer 0 (860-960 MHz with TPA)(13.56 MHz with TPA)ISO 17367(Product tagging)

“TPA” - Trading Partner Agreement Concept Source: Akira Shibata, DENSO-Wave Corporation


ISO TC 122/104 JWG ISO TC 122/104 JWG Project Status (2007-07-10)Project Status (2007-07-10)

ISO 17363, Supply chain applications of RFID - Freight containers– International Standard published

• ISO 17364, Supply chain applications of RFID - Returnable transport items– DIS approved registered for FDIS ballot

• ISO 17365, Supply chain applications of RFID - Transport units– DIS approved registered for FDIS ballot

ISO 17366.2, Supply chain applications of RFID - Product packaging– International Standard under publication

ISO 17367.2, Supply chain applications of RFID - Product tagging– International Standard under publication


Border CrossingBorder Crossing

Transportation Worker ID Card (TWIC)with Fingerprint Biometric

ISO/IEC 14443

Fingerprint Reader

Tractor TagTC 204 Standard

Chassis TagTC 204 Standard

10891 Tag

18185 Tag/Seal

17363 Tag

17364 Tags

17365 Tags

ContainerReader/

CommunicatorOn Board

Unit (OBU)

Road SideUnit (RSU)

On BoardUnit (OBU)

Part of CALMNetwork

Today

Proposed

Tomorrow

Customs

Customs

Would be improved with

a single device


Border CrossingBorder Crossing

Transportation Worker ID Card (TWIC)with Fingerprint Biometric

ISO/IEC 14443

Fingerprint Reader

Tractor TagTC 204 Standard

Chassis TagTC 204 Standard

17364 Tags

17365 Tags

ContainerReader/

CommunicatorOn Board

Unit (OBU)

Road SideUnit (RSU)

On BoardUnit (OBU)

Part of CALMNetwork

Today

Proposed

Tomorrow

Customs

Customs

10891 Tag

18185 Tag/Seal

17363 Tag

Would be improved with

a single device


Standards

• The standards of ISO 17363, ISO 17364, ISO 17365, ISO 17366, ISO 17367, ISO 18185, and ISO 10891 are based on the standards of ISO TC 122 and ISO/IEC JTC 1/SC 31– Technology standards (e.g. ISO/IEC 18000-6, 18000-3, 18000-7, and

24730-2 for RF)– Data standards (e.g. ISO/IEC 15434, 15418, 15459, 15963)– Conformance standards (e.g. ISO/IEC 18047-6, 18047-3, 18047-7, and

24769 for RF)

• Sensor standards are the cooperative work of ISO/IEC JTC 1/SC 31 and IEEE 1451


Standards

• ISO 17365 (transport unit) tags used to build 17364 pallet tags

• ISO 17364 tags used to build 17363 container/manifest tags and to communicate with container reader/ communicator

• ISO 10891 (formerly designated as ISO 10374.2) tag identifies container

• ISO 18185 is eSeal tag

• Chassis is identified by ISO TC 204 tag (ISO 14816) [note that ISO 10891 claims the chassis as well]

• Tractor is identified by ISO TC 204 tag (ISO 14816)

• Driver is identified by ISO/IEC JTC 1/SC 17 Transportation and DHS Worker Identification Card (TWIC)

• On-board Unit (OBU) communicates to Road-side Unit (RSU) via CALM (Communication Air-interface Long and Medium range) Network (OBU-RSU communications protocol provisional)

• On-board Unit (OBU) also provides location information and communications via / satellite/GPS


Concept of Operations

• As supply chain pallets are being built, transport unit tags are loaded to pallet tags identifying contents, who built the shipment, purchase order number, and when the shipment was built.

• As pallets are loaded into the container, pallet tags are loaded to container supply chain tags identifying contents, who built the shipment, purchase order number, container ID, eSeal ID, and when the container was stuffed.

• Container loaded onto chassis.• When the tractor connects to the chassis, container information, chassis ID, and tractor ID is loaded

to the On-board Unit (OBU) through CANbus-like communications• Driver inserts TWIC to ID card/fingerprint print reader• Immediately prior to border crossing event, driver records in vitro fingerprint to the OBU and a time

stamp of fingerprint read.• At the border crossing point the contents of the OBU are transferred to the Road-side Unit (RSU).

The Road-side Unit (RSU) might also capture information from the Container ID, eSeal, and Supply Chain/Manifest tag.

• Process records the matching of the driver to the tractor, chassis, container, contents, eSeal, and time of the event.

• OBU also able to drive GPS system


???


Thank you!!!Craig K. Harmon, President & CEOQ.E.D. Systems3963 Highlands Lane, SECedar Rapids, IA 52403-2140 USA(V): +1 319/364-0212(M): +1 319/533-8092(E): [email protected](U): http://www.autoid.org



DISCUSSIONSLIDES


Social issue - PrivacySocial issue - Privacy

• Privacy & Convenience are much akin to Freedom & Safety, where each are at polar ends of a continuum. One cannot have both complete freedom and maximized safety, just as one cannot have complete privacy and maximized convenience.

• The issue of privacy must become an issue of Personally Identifiable Information (PII), not of the technology

• Credit cards and mobile telephones are far easier to inappropriately accessPersonally Identifiable Information (PII).


Social issue – PrivacySocial issue – PrivacyWhat Can We Do?What Can We Do?

• Provide packaging that reflects its content; if there is an embedded RFID tag, signal its presence with the RFID Emblem.

• Follow government and industry discussions regarding disclosure

Generic Emblem 18000-6C - 17366


Social issue - SecuritySocial issue - Security

• Security has been explained in ISO/IEC TR 24729-4 (DTR ballot closes 2008-10-19) and standardization is being proposed in a New Work Item Proposal (as yet an unnumbered work item) submitted by the National Body of Austria



• Risks include:– Confidentiality

• “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…” [FISMA, 44 U.S.C., Sec. 3542]

• A loss of confidentiality is the unauthorized disclosure of information.

— Integrity• Guarding against improper information modification or

destruction, and includes ensuring informationnon-repudiation and authenticity…” [44 U.S.C., Sec. 3542]

• A loss of integrity is the unauthorized modification or destruction of information.



• Risks include:– Availability

• “Ensuring timely and reliable access to and use of information…” [44 U.S.C., SEC. 3542]

• A loss of availability is the disruption of access to or use of information or an information system.

– Authentication• Ensuring that a tag’s data can only be accessed by authorized

individuals/systems.



• Threats include:– Skimming data– Eavesdropping– Spoofing– Cloning– Data tampering– Insertion of executable code or virus– Denial of access or service– Unauthorized killing of tag– Jamming or shielding



• Countermeasures include:– Wafer programming (true WORM)– ISO Tag ID verification– License plate– Memory lock– Password protection– Authentication– Cloaking– Encryption– Limitation of read distance


A Scenario for Password Distribution

AuthoritiesServer(Departure)

Digital SignatureServer(Arrival)⑦Key Transmission (Push)

Reader B

⑬Verification Req

⑭Verification Res

RF tag

RF tag

④Signature Res

③Signature Req

⑨Tag ID Req

⑩Tag ID Res⑧Shipping

IPsecXML/EDI

IPSecXML/EDIDB

IPsec

⑪Tag Req

⑫Tag Res

Reader A

①Tag ID Req

②Tag ID Res

⑤ePP Req

⑥ePP Res

IPsec


Social issue - SecuritySocial issue - SecurityWhat Can We Do?What Can We Do?

• Remain aware of which technologies provide which levels of security.

• Prior to implementing RFID security for any customer, ensure that they know what they are doing with security.

• At this moment, a simple method of security is not available.• Follow legal and technical developments

Date post:	28-Jan-2015
Category:	Documents
Upload:	thesupplychainniche
View:	102 times
Download:	0 times

SupplyChainSecurity_20081208__ckh2.ppt

Documents