[go: up one dir, main page]

WO2016013925A1 - System and method for secure tracking of internet of things based goods in supply chain system - Google Patents

System and method for secure tracking of internet of things based goods in supply chain system Download PDF

Info

Publication number
WO2016013925A1
WO2016013925A1 PCT/MY2015/050069 MY2015050069W WO2016013925A1 WO 2016013925 A1 WO2016013925 A1 WO 2016013925A1 MY 2015050069 W MY2015050069 W MY 2015050069W WO 2016013925 A1 WO2016013925 A1 WO 2016013925A1
Authority
WO
WIPO (PCT)
Prior art keywords
supply chain
goods
internet
information
client device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/MY2015/050069
Other languages
French (fr)
Inventor
Jamalul-Lail Ab Manan
Mohd Faizal MUBARAK
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mimos Bhd
Original Assignee
Mimos Bhd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Bhd filed Critical Mimos Bhd
Publication of WO2016013925A1 publication Critical patent/WO2016013925A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • G06Q10/083Shipping
    • G06Q10/0833Tracking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6236Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/08Logistics, e.g. warehousing, loading or distribution; Inventory or stock management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Definitions

  • the invention relates to supply chain system and in particular secure tracking of goods in a supply chain system.
  • a supply chain is a sequence of processes associated with production and distribution of goods.
  • supply chain systems are driven in the direction of integrating Internet of Things (loT) into supply chain system components.
  • the loT enables real time automatic data transfer of physical items over an internet network without the need for human-to- human or human-to-computer interaction.
  • the benefits of loT in a supply chain system allow monitoring of goods information such as availability, capacity, inventory and more importantly tracking the location of goods.
  • the real time availability of these data allows improved decision planning, service optimization and resource allocation.
  • getting goods delivered safely and securely to the intended destination is as crucial as in getting goods to the right place at the right time.
  • supply chain systems are highly vulnerable as they comprise many different system components, large quantities of goods and huge amount of information. Therefore, focus is placed on assessing and mitigating risks associated with physical vulnerabilities such as piracy, counterfeiting, theft, terrorism and weather-related disruptions.
  • Another issue faced in supply chain system is credentials of participants in the supply chain. Failure to properly securing information transfer from participant to participant in the supply chain network can result in abuse of information obtained.
  • International patent publication number WO 2004090778 A1 discloses a method of secured supply chain management and control comprising provision and verification of security of shipment of goods.
  • the method disclosed is performed by tracking goods by means of interfacing with multiple information system, standard security devices such as physical fencing and visual monitoring such as CCTV systems. This method identifies the security aspects of examination of goods, recording of inspection, a secured storage system and audit reporting, without disclosure on information privacy.
  • US patent number 8,332,656 B2 discloses a system and method for decoding and reading Radio-Frequency (RF) tags of collection of goods.
  • the system and method disclosed encompasses enhancements to the security of the supply chain by using RF tags as a means of tracking goods in a supply chain. There were no mention however on security or privacy when registering goods in a supply chain, when storing information of goods in the database or retrieving information of goods upon user queries.
  • a research paper entitled “End-to-End Transport Security in the IP-Based Internet of Things” (Brachmann et al, 2012) addresses security protection for loT based goods with end-to-end protection by using either Hypertext Transfer Protocol (HTTP) and Transport Layer Security (TLS) or Constrained Application Protocol (CoAP) and Datagram Transport Layer Security (DTLS) by proposing mapping between TLS and DTLS.
  • HTTP Hypertext Transfer Protocol
  • TLS Transport Layer Security
  • CoAP Constrained Application Protocol
  • DTLS Datagram Transport Layer Security
  • the article further discloses security attacks that lead to resource exhaustion and optimized end-to-end security at the application process.
  • the research paper only discusses online or over the internet security protection for internet of things based goods. There were no mention of physical security of the goods in a supply chain system.
  • the present invention aims to provide a secure system and method for tracking of internet of things based goods in a supply chain by at least a client device. It is an object of the present invention to provide a system and method for prioritizing information, wherein the information gathered from sensors bounded to internet of things based goods are first divided into categories, classified based on risks and then tracked or monitored via Global Positioning System (GPS).
  • GPS Global Positioning System
  • the present invention relates to a system for tracking internet of things based goods in a supply chain by at least a client device.
  • the system comprises a plurality of sensors for detecting internet of things based goods in said supply chain, a plurality of gateways for receiving and identifying values of said plurality of sensors, at least a tracking server for tracking information and location of said goods in said supply chain and at least a supply chain database for storing said internet of things based goods information for retrieval by at least a client device.
  • the abovementioned plurality of sensors is embedded with a physical unclonable function for preventing duplication.
  • the system comprises at least a privacy access server connected to a privacy policy module for managing the access rights of said at least a client device.
  • the present invention further relates to a method for tracking internet of things based goods in a supply chain by at least a client device.
  • the method comprises the steps of setting up said supply chain, registering said internet of things based goods in said supply chain, storing information of said internet of things based goods in a supply chain database wherein said information is obtained by initiating queries to said plurality of gateways and retrieving information of said internet of things based goods upon user queries.
  • the step of setting up said supply chain further comprises the steps of registration of said at least a client device and users of said at least a client device to at least a privacy access server, and set up of access rights for said at least a client device in said at least a privacy access server.
  • the step of registering said internet of things based goods in said supply chain comprises attaching a sensor embedded with a physical unclonable function and storing information of said internet of things based goods in said at least a privacy access server.
  • Figure 1 illustrates a system for securely tracking internet of things based goods in a supply chain according to the present invention.
  • Figure 2 illustrates a process workflow for setting up the supply chain according to the present invention.
  • Figure 3 illustrates a process workflow for registering internet of things based goods information according to the present invention.
  • Figure 4 illustrates a process workflow for storing internet of things based goods information according to the present invention.
  • Figure 5 illustrates a process workflow for retrieving information of said internet of things based goods upon user queries according to the present invention.
  • a system (100) for securely tracking internet of things based goods (101 ) in a supply chain wherein the system (100) comprises at least a client device (103), a plurality of sensors (104) for detecting internet of things based goods (101 ) in a supply chain, a plurality of gateways (105) for receiving and identifying values of said plurality of sensors (104), at least a tracking server (106) for tracking information and location of said goods in a supply chain and at least a supply chain database (107) for storing said internet of things based goods (101 ) information for retrieval by at least a client device (103).
  • These system (100) components are interlinked over a computing network such as the internet or a computing cloud system.
  • Source of initialization of the entire system (100) depends on said a plurality of sensors (104) for detecting internet of things based goods (101 ) in a supply chain, wherein the sensors (104) emit information of the goods on a real time basis to the supply chain system.
  • the information emitted are received by said a plurality of gateways (105) which in turn sends said information to the computing network.
  • a user using a client device (103) is able to track information of goods (101 ) at any desired point in said supply chain through the tracking server (106).
  • the tracking server (106) is connected to said at least a supply chain database (107), a registered user is able to obtain real time information of his or her goods via an online web application.
  • a client device (103) takes the form of a personal computer, a mobile device, a tablet or a technical device accessible to a web browser over the internet.
  • the abovementioned plurality of sensors (104) is embedded with a physical unclonable function (PUF) to prevent duplication.
  • PUF is a complex physical system with mapping of inputs and corresponding outputs that cannot be predicted or reproduced even given the exact manufacturing process used to produce it. Therefore, PUF demonstrates resiliency against side channel, physical and software attacks. This technology that is primarily implemented in smartcards due to its secure nature will give internet of things based goods (101 ) the security needed to prevent duplication, piracy or counterfeiting.
  • a key feature in the system (100) for providing tracking security in a supply chain is through at least a privacy access server (109) connected to a privacy policy module (1 10).
  • the herein mentioned privacy policy module (1 10) comprises at least a list of registered client devices (103) and a list of said plurality of gateways (105) labelled with access rights for said at least a client device (103).
  • said privacy policy module (1 10) manages the access rights and computes the abovementioned list based on selection of access rights by said users.
  • the users have to specify and agree with the level of access rights to be stored in the privacy policy module (1 10).
  • a user using said at least a client device (103) has means to access said plurality of gateways (105) through means of a user authentication. Therefore, the users have much needed control over his or her private information.
  • the process of accessing information of internet of things based goods (101 ) is performed in said privacy access server (109) according to said privacy policy module (1 10).
  • the system (100) for tracking internet of things based goods (101 ) in a supply chain is further secured by means of encrypted information transfer between said plurality of sensors (104), said plurality of gateways (105), said at least a privacy access server (109), said at least a tracking server (106) and said at least a supply chain database (107).
  • the end-to-end interlinking between system (100) components by means of encrypted information ensures secured communication.
  • any of said a plurality of sensors (104), said a plurality of gateways (105), said at least a privacy access server (109), said at least a tracking server (106) and said at least a supply chain database (107) in a supply chain system are evaluated for trustworthiness through a platform validation module, also known as trusted platform module.
  • This platform validation module is effectively a crypto processor designed to provide hardware with security by integrating cryptographic keys into devices. Further compounding to the benefits mentioned above, the platform validation module includes capabilities such as remote attestation, binding, data sealing using secret endorsement key.
  • a method for tracking internet of things based goods (101 ) in a supply chain by at least a client device (103) involves four main sub divisional methods, that is one for setting up said supply chain, registering said internet of things based goods (101 ) in said supply chain, storing information of said internet of things based goods (101 ) in a supply chain database (107) wherein said information is obtained by initiating queries to said plurality of gateways (105) and another for retrieving information of said internet of things based goods (101 ) upon user queries.
  • the entire process flow for traffic violation detection will be further elaborated in the following descriptions.
  • the method of setting up said supply chain further comprises the steps of registration of said at least a client device (103) and users of said at least a client device (103) to at least a privacy access server (109), and set up of access rights for said at least a client device (103) in said at least a privacy access server (109).
  • FIG. 2 illustrated is a process workflow of a method for setting up said supply chain in accordance with the present invention, wherein the method of setting up said supply chain is initialized by setting up user authentication system for user access to supply chain tracking system (SCTS) (201 ), followed by setting up mutual platform integrity verification between all machines in the SCTS via trusted platform module within said supply chain including loT gateways (105), servers, and at least a client device (103) (202). After of which at least a client device (103) is registered to the privacy access server (109) connected to said privacy policy module (1 10) also known as information privacy control module (IPCM) (203). Once client devices (103) are registered, all users are registered to the supply chain database (107), including user identification, user passwords and information of user's goods (204).
  • SCTS supply chain tracking system
  • IPCM information privacy control module
  • user selections for access rights are set up in the privacy access server (109) and saved into the privacy policy module (1 10) (205).
  • the privacy policy module (1 10) sets up access rights for client device (103) to access mobile loT gateway (105) based on user privacy access rights (206). These information of user selected access rights sets up a secure connection for client access to a selected loT gateway (105)(207).
  • the SCTS is set up to execute challenge respond with a test unit loT gateway (105) to review capability of to make on-line loT reading (208).
  • Registering said loT based goods (101 ) in said supply chain comprises attaching a sensor (104) embedded with a physical unclonable function and storing information of said loT based goods (101 ) in said at least a privacy access server (109) (301 ).
  • the information mentioned herewith comprises user identification (userid), user selected privacy access, goods information and loT identification (iotid), which will be further stored in privacy policy module (302).
  • FIG. 4 of the drawings shows schematically a flowchart of a method for storing loT based goods (101 ) information.
  • These queries contain information registered with the supply chain tracking system such as gateway (105) identification (gwid), iotid, sensor (104) identification (sid) (401 ).
  • the gateway (105) receives these information, the privacy access server (109) will acknowledge that the gwid and iotid are valid before sending the goods information including gwid, iotid, sid and goods location (gloc) to the supply chain tracking system (402).
  • the goods information is identified and stored in the supply chain database (107), wherein said goods information are classified according to said privacy policy module (1 10) (403).
  • said privacy policy module (1 10) (403).
  • FIG 5 illustrated is a process workflow of a method for retrieving information of said internet of things based goods (101 ) upon user queries.
  • a registered user has to log on to the web application of the supply chain tracking system for validation of the user authentication (501 ). After which said web application will initiate mutual platform integrity verification in order to verify that the user is trusted (502).
  • said supply chain database (107) certifies both user and client device (103) are registered (503).
  • the supply chain tracking system confirms the user access based on the status keyed in the privacy policy module (1 10) and sends the respective accessible information about the user's goods location to the user (505). Therefore, in essence retrieval of information of said internet of things based goods (101 ) is performed via a web application which requires authentication of said users and validation of said client device (103)

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Economics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Strategic Management (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Computer And Data Communications (AREA)

Abstract

A supply chain is a sequence of processes associated with production and distribution of goods. Security and privacy of these processes in a supply chain is of utmost importance besides the delivery of goods to its destination. Disclosed herein is a system (100) and method for managing the security and privacy of the tracking of goods in a supply chain achieved through the steps of setting up supply chain tracking system, registering the goods, storing goods information and then retrieving goods information. Such security and privacy operations are carried out through verification and authentication of the users and client devices (103).

Description

SYSTEM AND METHOD FOR SECURE TRACKING OF INTERNET OF THINGS BASED GOODS IN SUPPLY CHAIN SYSTEM
TECHNICAL FIELD OF THE INVENTION
The invention relates to supply chain system and in particular secure tracking of goods in a supply chain system.
BACKGROUND OF THE INVENTION
A supply chain is a sequence of processes associated with production and distribution of goods. With advancement of technology, supply chain systems are driven in the direction of integrating Internet of Things (loT) into supply chain system components. The loT enables real time automatic data transfer of physical items over an internet network without the need for human-to- human or human-to-computer interaction. The benefits of loT in a supply chain system allow monitoring of goods information such as availability, capacity, inventory and more importantly tracking the location of goods. The real time availability of these data allows improved decision planning, service optimization and resource allocation. In a supply chain system, getting goods delivered safely and securely to the intended destination is as crucial as in getting goods to the right place at the right time.
However, supply chain systems are highly vulnerable as they comprise many different system components, large quantities of goods and huge amount of information. Therefore, focus is placed on assessing and mitigating risks associated with physical vulnerabilities such as piracy, counterfeiting, theft, terrorism and weather-related disruptions. Another issue faced in supply chain system is credentials of participants in the supply chain. Failure to properly securing information transfer from participant to participant in the supply chain network can result in abuse of information obtained.
In view of the abovementioned security threats, several methods have been developed to provide a secure tracking of goods in a supply chain system.
International patent publication number WO 2004090778 A1 discloses a method of secured supply chain management and control comprising provision and verification of security of shipment of goods. The method disclosed is performed by tracking goods by means of interfacing with multiple information system, standard security devices such as physical fencing and visual monitoring such as CCTV systems. This method identifies the security aspects of examination of goods, recording of inspection, a secured storage system and audit reporting, without disclosure on information privacy.
US patent number 8,332,656 B2 discloses a system and method for decoding and reading Radio-Frequency (RF) tags of collection of goods. The system and method disclosed encompasses enhancements to the security of the supply chain by using RF tags as a means of tracking goods in a supply chain. There were no mention however on security or privacy when registering goods in a supply chain, when storing information of goods in the database or retrieving information of goods upon user queries. A research paper entitled "End-to-End Transport Security in the IP-Based Internet of Things" (Brachmann et al, 2012) addresses security protection for loT based goods with end-to-end protection by using either Hypertext Transfer Protocol (HTTP) and Transport Layer Security (TLS) or Constrained Application Protocol (CoAP) and Datagram Transport Layer Security (DTLS) by proposing mapping between TLS and DTLS. The article further discloses security attacks that lead to resource exhaustion and optimized end-to-end security at the application process. However, the research paper only discusses online or over the internet security protection for internet of things based goods. There were no mention of physical security of the goods in a supply chain system.
In terms of security protection to loT based goods in a supply chain, the existing systems and methods have their limitations. Therefore, it is an aim of this present invention to provide a system and method that is capable of secure tracking of goods in a supply chain system.
SUMMARY OF THE PRESENT INVENTION
The present invention aims to provide a secure system and method for tracking of internet of things based goods in a supply chain by at least a client device. It is an object of the present invention to provide a system and method for prioritizing information, wherein the information gathered from sensors bounded to internet of things based goods are first divided into categories, classified based on risks and then tracked or monitored via Global Positioning System (GPS).
It is a further object of the present invention to provide partner trust management, wherein goods are managed between partners at different stages in a supply chain using platform integrity verification mechanism. It is a further object of the present invention to prevent duplication of goods by means of attaching a physical unclonable function embedded sensor to the internet of things based goods.
It is a further object of the present invention to share information securely over the supply chain, wherein completeness of goods delivery is based on goods arrival to the destination with no security breach. A privacy policy is implemented between partners on accessibility of information such as real time tracking of goods. It is a further object of the present invention to provide a secured and trusted infrastructure in the supply chain, wherein the security and privacy of information related to internet of things based goods are guaranteed from being cloned, replaced or hijacked. Ultimately, the present invention relates to a system for tracking internet of things based goods in a supply chain by at least a client device. The system comprises a plurality of sensors for detecting internet of things based goods in said supply chain, a plurality of gateways for receiving and identifying values of said plurality of sensors, at least a tracking server for tracking information and location of said goods in said supply chain and at least a supply chain database for storing said internet of things based goods information for retrieval by at least a client device. The abovementioned plurality of sensors is embedded with a physical unclonable function for preventing duplication. Furthermore, the system comprises at least a privacy access server connected to a privacy policy module for managing the access rights of said at least a client device. The present invention further relates to a method for tracking internet of things based goods in a supply chain by at least a client device. The method comprises the steps of setting up said supply chain, registering said internet of things based goods in said supply chain, storing information of said internet of things based goods in a supply chain database wherein said information is obtained by initiating queries to said plurality of gateways and retrieving information of said internet of things based goods upon user queries. The step of setting up said supply chain further comprises the steps of registration of said at least a client device and users of said at least a client device to at least a privacy access server, and set up of access rights for said at least a client device in said at least a privacy access server. Furthermore, the step of registering said internet of things based goods in said supply chain comprises attaching a sensor embedded with a physical unclonable function and storing information of said internet of things based goods in said at least a privacy access server.
BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 illustrates a system for securely tracking internet of things based goods in a supply chain according to the present invention.
Figure 2 illustrates a process workflow for setting up the supply chain according to the present invention.
Figure 3 illustrates a process workflow for registering internet of things based goods information according to the present invention. Figure 4 illustrates a process workflow for storing internet of things based goods information according to the present invention.
Figure 5 illustrates a process workflow for retrieving information of said internet of things based goods upon user queries according to the present invention.
DETAILED DESCRIPTION OF THE PRESENT INVENTION
The above mentioned and other features and objects of this invention will become more apparent and better understood by reference to the following detailed description. It should be understood that the detailed description made known below is not intended to be exhaustive or limit the invention to the precise form disclosed as the invention may assume various alternative forms. On the contrary, the detailed description covers all the relevant modifications and alterations made to the present invention, unless the claims expressly state otherwise.
Referring to Figure 1 , illustrated is one embodiment of a system (100) for securely tracking internet of things based goods (101 ) in a supply chain, wherein the system (100) comprises at least a client device (103), a plurality of sensors (104) for detecting internet of things based goods (101 ) in a supply chain, a plurality of gateways (105) for receiving and identifying values of said plurality of sensors (104), at least a tracking server (106) for tracking information and location of said goods in a supply chain and at least a supply chain database (107) for storing said internet of things based goods (101 ) information for retrieval by at least a client device (103). These system (100) components are interlinked over a computing network such as the internet or a computing cloud system.
Source of initialization of the entire system (100) depends on said a plurality of sensors (104) for detecting internet of things based goods (101 ) in a supply chain, wherein the sensors (104) emit information of the goods on a real time basis to the supply chain system. The information emitted are received by said a plurality of gateways (105) which in turn sends said information to the computing network. A user using a client device (103) is able to track information of goods (101 ) at any desired point in said supply chain through the tracking server (106). As the tracking server (106) is connected to said at least a supply chain database (107), a registered user is able to obtain real time information of his or her goods via an online web application. A client device (103) takes the form of a personal computer, a mobile device, a tablet or a technical device accessible to a web browser over the internet. The abovementioned plurality of sensors (104) is embedded with a physical unclonable function (PUF) to prevent duplication. PUF is a complex physical system with mapping of inputs and corresponding outputs that cannot be predicted or reproduced even given the exact manufacturing process used to produce it. Therefore, PUF demonstrates resiliency against side channel, physical and software attacks. This technology that is primarily implemented in smartcards due to its secure nature will give internet of things based goods (101 ) the security needed to prevent duplication, piracy or counterfeiting.
A key feature in the system (100) for providing tracking security in a supply chain is through at least a privacy access server (109) connected to a privacy policy module (1 10). The herein mentioned privacy policy module (1 10) comprises at least a list of registered client devices (103) and a list of said plurality of gateways (105) labelled with access rights for said at least a client device (103). Hence, said privacy policy module (1 10) manages the access rights and computes the abovementioned list based on selection of access rights by said users. During the initial setup stage, the users have to specify and agree with the level of access rights to be stored in the privacy policy module (1 10). Depending on the access rights which have been set into the privacy policy module (1 10), a user using said at least a client device (103) has means to access said plurality of gateways (105) through means of a user authentication. Therefore, the users have much needed control over his or her private information. Generally, the process of accessing information of internet of things based goods (101 ) is performed in said privacy access server (109) according to said privacy policy module (1 10).
The system (100) for tracking internet of things based goods (101 ) in a supply chain is further secured by means of encrypted information transfer between said plurality of sensors (104), said plurality of gateways (105), said at least a privacy access server (109), said at least a tracking server (106) and said at least a supply chain database (107). The end-to-end interlinking between system (100) components by means of encrypted information ensures secured communication. Due to the importance of information transfer in the system (100), various types of encryption are implemented such as whole disk encryption referring to the encryption of an entire physical disk, supply chain database (107) integrated encryption wherein data is encrypted as it is written, network transit encryption whereby encrypting information while in transit on a network, wireless networks encryption that only encrypts information between the client device (103) and wireless access point, et cetera.
In the same context, any of said a plurality of sensors (104), said a plurality of gateways (105), said at least a privacy access server (109), said at least a tracking server (106) and said at least a supply chain database (107) in a supply chain system are evaluated for trustworthiness through a platform validation module, also known as trusted platform module. This platform validation module is effectively a crypto processor designed to provide hardware with security by integrating cryptographic keys into devices. Further compounding to the benefits mentioned above, the platform validation module includes capabilities such as remote attestation, binding, data sealing using secret endorsement key.
In particular, a method for tracking internet of things based goods (101 ) in a supply chain by at least a client device (103) according to the present invention involves four main sub divisional methods, that is one for setting up said supply chain, registering said internet of things based goods (101 ) in said supply chain, storing information of said internet of things based goods (101 ) in a supply chain database (107) wherein said information is obtained by initiating queries to said plurality of gateways (105) and another for retrieving information of said internet of things based goods (101 ) upon user queries. The entire process flow for traffic violation detection will be further elaborated in the following descriptions.
The method of setting up said supply chain further comprises the steps of registration of said at least a client device (103) and users of said at least a client device (103) to at least a privacy access server (109), and set up of access rights for said at least a client device (103) in said at least a privacy access server (109).
Referring now to Figure 2, illustrated is a process workflow of a method for setting up said supply chain in accordance with the present invention, wherein the method of setting up said supply chain is initialized by setting up user authentication system for user access to supply chain tracking system (SCTS) (201 ), followed by setting up mutual platform integrity verification between all machines in the SCTS via trusted platform module within said supply chain including loT gateways (105), servers, and at least a client device (103) (202). After of which at least a client device (103) is registered to the privacy access server (109) connected to said privacy policy module (1 10) also known as information privacy control module (IPCM) (203). Once client devices (103) are registered, all users are registered to the supply chain database (107), including user identification, user passwords and information of user's goods (204). Ensuing that, user selections for access rights are set up in the privacy access server (109) and saved into the privacy policy module (1 10) (205). The privacy policy module (1 10) sets up access rights for client device (103) to access mobile loT gateway (105) based on user privacy access rights (206). These information of user selected access rights sets up a secure connection for client access to a selected loT gateway (105)(207). To ensure proper set up of said supply chain, the SCTS is set up to execute challenge respond with a test unit loT gateway (105) to review capability of to make on-line loT reading (208).
A process workflow of a method for registering loT based goods (101 ) information is shown in Figure 3. Registering said loT based goods (101 ) in said supply chain comprises attaching a sensor (104) embedded with a physical unclonable function and storing information of said loT based goods (101 ) in said at least a privacy access server (109) (301 ). The information mentioned herewith comprises user identification (userid), user selected privacy access, goods information and loT identification (iotid), which will be further stored in privacy policy module (302).
Figure 4 of the drawings shows schematically a flowchart of a method for storing loT based goods (101 ) information. Storing information of said loT based goods (101 ) in a supply chain database (107) wherein said information is obtained by initiating queries to said plurality of gateways (105). These queries contain information registered with the supply chain tracking system such as gateway (105) identification (gwid), iotid, sensor (104) identification (sid) (401 ). When the gateway (105) receives these information, the privacy access server (109) will acknowledge that the gwid and iotid are valid before sending the goods information including gwid, iotid, sid and goods location (gloc) to the supply chain tracking system (402). The goods information is identified and stored in the supply chain database (107), wherein said goods information are classified according to said privacy policy module (1 10) (403). Referring to Figure 5, illustrated is a process workflow of a method for retrieving information of said internet of things based goods (101 ) upon user queries. To retrieve information goods, a registered user has to log on to the web application of the supply chain tracking system for validation of the user authentication (501 ). After which said web application will initiate mutual platform integrity verification in order to verify that the user is trusted (502). In addition to that, said supply chain database (107) certifies both user and client device (103) are registered (503). These are the security features implemented by the present invention before a user is able to query the supply chain tracking system about the location of his or her goods (504). The supply chain tracking system confirms the user access based on the status keyed in the privacy policy module (1 10) and sends the respective accessible information about the user's goods location to the user (505). Therefore, in essence retrieval of information of said internet of things based goods (101 ) is performed via a web application which requires authentication of said users and validation of said client device (103)
The invention described herein is susceptible to variations, modifications and/or additions other than those specifically described and it is to be understood that the invention includes all such variations, modifications and/or additions which fall within the scope of the following claims.

Claims

1. A system (100) for tracking internet of things based goods (101 ) in a supply chain by at least a client device (103), comprising:
a plurality of sensors (104) for detecting said internet of things based goods (101 ) in said supply chain;
a plurality of gateways (105) for receiving and identifying values of said plurality of sensors (104);
at least a tracking server (106) for tracking information and location of said goods in said supply chain; and
at least a supply chain database (107) for storing said internet of things based goods (101 ) information for retrieval by at least a client device (103);
characterized in that said a plurality of sensors (104) are embedded with a physical unclonable function for preventing duplication; and
said system (100) further comprises at least a privacy access server (109) connected to a privacy policy module (1 10) for managing access rights for said at least a client device (103).
2. A system (100) of claim 1 , wherein said privacy policy module (1 10) comprises at least a list of registered client devices (103) and a list of said plurality of gateways (105) which is labelled with access rights for said at least a client device (103).
3. A system (100) of claim 1 , wherein said at least a client device (103) is provided access to said plurality of gateways (105) as controlled by said privacy access server (109) according to said privacy policy module (1 10).
4. A system (100) of claim 1 , wherein said plurality of sensors (104), said plurality of gateways (105), said at least a privacy access server (109), said at least a tracking server (106) and said at least a supply chain database (107) are interlinked with encrypted information to ensure secured communication.
5. A system (100) of claim 1 , wherein any one or any combination of said a plurality of sensors (104), said a plurality of gateways (105), said at least a privacy access server (109), said at least a tracking server (106) and said at least a supply chain database (107) are evaluated for trustworthiness through a platform validation module.
6. A method for tracking internet of things based goods (101 ) in a supply chain by at least a client device (103) comprising the steps of:
setting up said supply chain (201 );
registering said internet of things based goods (101 ) in said supply chain;
storing information of said internet of things based goods (101 ) in a supply chain database (107) wherein said information is obtained by initiating queries to said plurality of gateways (105) (401 ); and
retrieving information of said internet of things based goods
(101 ) upon user queries;
characterized in that the step of setting up said supply chain comprising the steps of registering said at least a client device (103) and users of said at least a client device (103) to at least a privacy access server (109) (204), and setting up of access rights for said at least a client device (103) in said at least a privacy access server
(109) (205); and
registering said internet of things based goods (101 ) in said supply chain comprises attaching a sensor (104) embedded with a physical unclonable function and storing information of said internet of things based goods (101 ) in said at least a privacy access server
(109) (301 ).
7. The method of claims 6, wherein setting up said supply chain further comprises setting up mutual platform integrity verification via trusted platform module within said supply chain.
8. The method of claim 6, wherein information of said goods stored in said supply chain database (107) are classified according to said privacy policy module (1 10) (402).
9. The method of claim 6, wherein said queries are verified in terms of user and client device (103) registration status and information of goods retrieved in response to said queries is provided according to said access rights as set up in said at least a privacy access server (109) (505).
10. The method of claim 6, wherein retrieving of information of said internet of things based goods (101 ) upon user queries is performed via a web application which requires authentication of said users and validation of said client device (103).
PCT/MY2015/050069 2014-07-24 2015-07-10 System and method for secure tracking of internet of things based goods in supply chain system Ceased WO2016013925A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI2014702049 2014-07-24
MYPI2014702049 2014-07-24

Publications (1)

Publication Number Publication Date
WO2016013925A1 true WO2016013925A1 (en) 2016-01-28

Family

ID=55163373

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2015/050069 Ceased WO2016013925A1 (en) 2014-07-24 2015-07-10 System and method for secure tracking of internet of things based goods in supply chain system

Country Status (1)

Country Link
WO (1) WO2016013925A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10325112B2 (en) 2016-12-29 2019-06-18 T-Mobile Usa, Inc. Privacy breach detection
US10445696B2 (en) 2017-01-03 2019-10-15 Wipro Limited Methods and systems for orchestration of supply chain processes using internet of technology sensor's events
CN110445774A (en) * 2019-07-24 2019-11-12 阿里巴巴集团控股有限公司 Safety protecting method, device and the equipment of IoT equipment
US11079400B2 (en) 2018-01-31 2021-08-03 Hewlett Packard Enterprise Development Lp Monitoring a product build process via a smart tray
CN113297176A (en) * 2021-05-27 2021-08-24 焦作大学 Database access method based on Internet of things
US12126684B1 (en) 2023-04-19 2024-10-22 Hewlett Packard Enterprise Development Lp Publisher-subscriber message mapping

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100019026A1 (en) * 2006-04-07 2010-01-28 Barry Hochfield Product authentication system
US20130277425A1 (en) * 2012-04-19 2013-10-24 Zortag Inc. System for and method of securing articles along a supply chain

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100019026A1 (en) * 2006-04-07 2010-01-28 Barry Hochfield Product authentication system
US20130277425A1 (en) * 2012-04-19 2013-10-24 Zortag Inc. System for and method of securing articles along a supply chain

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10325112B2 (en) 2016-12-29 2019-06-18 T-Mobile Usa, Inc. Privacy breach detection
US11023613B2 (en) 2016-12-29 2021-06-01 T-Mobile Usa, Inc. Privacy breach detection
US11836270B2 (en) 2016-12-29 2023-12-05 T-Mobile Usa, Inc. Privacy breach detection
US10445696B2 (en) 2017-01-03 2019-10-15 Wipro Limited Methods and systems for orchestration of supply chain processes using internet of technology sensor's events
US11079400B2 (en) 2018-01-31 2021-08-03 Hewlett Packard Enterprise Development Lp Monitoring a product build process via a smart tray
CN110445774A (en) * 2019-07-24 2019-11-12 阿里巴巴集团控股有限公司 Safety protecting method, device and the equipment of IoT equipment
CN110445774B (en) * 2019-07-24 2022-04-22 创新先进技术有限公司 Security protection method, device and equipment for IoT (Internet of things) equipment
CN113297176A (en) * 2021-05-27 2021-08-24 焦作大学 Database access method based on Internet of things
CN113297176B (en) * 2021-05-27 2023-12-29 焦作大学 Database access method based on Internet of things
US12126684B1 (en) 2023-04-19 2024-10-22 Hewlett Packard Enterprise Development Lp Publisher-subscriber message mapping

Similar Documents

Publication Publication Date Title
US12432054B2 (en) Federated key management
JP6542962B2 (en) Delayed data access
CN107508812B (en) Industrial control network data storage method, calling method and system
US11582040B2 (en) Permissions from entities to access information
US11372993B2 (en) Automatic key rotation
EP2957063B1 (en) Policy enforcement with associated data
US9294489B2 (en) Method and apparatus for detecting an intrusion on a cloud computing service
WO2016013925A1 (en) System and method for secure tracking of internet of things based goods in supply chain system
EP3552131B1 (en) Password security
Feng et al. Autonomous vehicles' forensics in smart cities
KR20170033788A (en) Method for authentication and device thereof
CN104811421A (en) Secure communication method and secure communication device based on digital rights management
US8583913B1 (en) Securely determining internet connectivity between networks
Jena et al. A Pragmatic Analysis of Security Concerns in Cloud, Fog, and Edge Environment
US20190014098A1 (en) Method and system for establishing and managing personal black box (pbb) in virtually-networked big-data (vnbd) environment
AU2021103828A4 (en) A novel system and auditing technique for cloud based digital forensic readiness with integrity and privacy preservation of health care data
Dahiya et al. IMPLEMENTING MULTILEVEL DATA SECURITY IN CLOUD COMPUTING.
Schapranow et al. A dynamic mutual RFID authentication model preventing unauthorized third party access
Rull Aixa Analysis and study of data security in the Internet of Things paradigm from a Blockchain technology approach
Dhamgaye et al. Evaluation of the Effectiveness of a Secure Blockchain Framework for IoT-Based Data Transmission
Mehmood et al. IoT-enabled Web warehouse architecture: a secure approach
Venkateswaran et al. IoT Security, Data Management and Cloud Integration
Foltz et al. Secure Endpoint Device Agent Architecture.
Mitra et al. Internet of Things (IoT) security reference architecture-an ANT-centric study
US10902141B2 (en) Method, software program product, device, and system for managing data flow from a cloud storage device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15825307

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15825307

Country of ref document: EP

Kind code of ref document: A1