UPC to EPC, Product-level Data to Item-level Data
The Universal Product Code (UPC) in a bar code represents a product to identify the type and brand of product; whereas under the EPC Network plan, the 64- or 96-bit EPC includes four fields that record the version, the manufacturer, product type and a serial number unique to the item. As a result, every product item may have its own identity and the so-called "Item-level" information. The "Product-level" information including the name, EPC and manufacturer, the value of EPC, production date and quality of each item are associated with the "Item-level" data.
Securing EPC related data ?
There are at least two challenges to define authorization policies for this relationship. First, we may separately define the authorization polices for product- and item-level data. For example, the retailer accountant only needs to access the product-level data and is not allowed to know the item-level data. Secondly, regardless of the different values, some "item-level" attributes of the items with the same product type has the same structures, and then they may be assigned to the same authorization policies. For example, customers may not allow to know the quality of any product item. In this case, it is inefficient to simply issue access rights to each item. The administrator may need to specify a policy for the item-level attributes for all the items.
The Universal Product Code (UPC) in a bar code represents a product to identify the type and brand of product; whereas under the EPC Network plan, the 64- or 96-bit EPC includes four fields that record the version, the manufacturer, product type and a serial number unique to the item. As a result, every product item may have its own identity and the so-called "Item-level" information. The "Product-level" information including the name, EPC and manufacturer, the value of EPC, production date and quality of each item are associated with the "Item-level" data.
Securing EPC related data ?
There are at least two challenges to define authorization policies for this relationship. First, we may separately define the authorization polices for product- and item-level data. For example, the retailer accountant only needs to access the product-level data and is not allowed to know the item-level data. Secondly, regardless of the different values, some "item-level" attributes of the items with the same product type has the same structures, and then they may be assigned to the same authorization policies. For example, customers may not allow to know the quality of any product item. In this case, it is inefficient to simply issue access rights to each item. The administrator may need to specify a policy for the item-level attributes for all the items.
Leave a comment