Create a free Manufacturing.net account to continue

Securing your Supply Chain

Some don't understand how critical secure supply chains are. After all, it's not as if lives are on the line if competitors gain unauthorized access, right?

Jul 5, 2011

Some people don't understand how critical it is to secure their supply chain. After all, for most companies, it's not as if lives are put on the line if their competitors get unauthorized access to the supply chain, right?

But securing your supply chain is critical. If you don't, a competitor can exploit weaknesses and steal some of your customers. Just ask yourself, what would happen if one of your competitors were able to access your prices by using one of your customers' systems? They could set their prices lower than yours and grab part of your market.

Companies need to secure their own systems and ensure their trading partners are doing so as well. Before you roll out RFID throughout your supply chain, you need to understand the potential security risks and how to reduce vulnerabilities. After all, your confidential information is only as secure as the weakest link.

In a complete RFID solution, there are multiple layers, and each layer needs to be secured individually. The secured layers work together to further secure the entire system. Let's examine the layers.

At the top, you can find the server-layer that stores the supply chain data. Most companies already have these systems in place, and they're fairly well locked down. If you're using the new servers on the block that are part of the EPC Information Services (EPCIS) to link consumers to companies, make sure to properly secure them as well. The object name server (ONS) part of the EPCIS sits on the Internet and may provide product information to consumers.

Your trading partners, which can include retailers, third-party logistics companies and transportation companies, may need to access the ONS for additional, non-consumer-related information, such as authorized dealerships and service history. Both users and servers should be using SSL certificates for authentication purposes. If you're not familiar with SSL certificates, it's an Internet standard that helps ensure you are who you say you are. (For more information on EPCIS, please see An Introduction to EPCIS.)

The next layer is the RFID reader layer. RFID readers are network devices and, like all other devices on your corporate network, they need to be secured. Substitute the word "reader" for "router," and you get the idea. Would you want an unsecured wireless router on your network?

Readers provide critical information about corporate assets. Companies need to ensure that the readers on the network really are theirs and not "rogue readers," which are unauthorized readers connected to their corporate network or that exist within their facilities. These may be physical devices or even software reader emulators that report false information. Virtual readers could simulate the behavior of a physical reader and add false information to your network. The primary solution is to use embedded certificates on reader devices the same way that servers use SSL certificates.

The lowest layer is the RFID tags. Beware of a couple of possible weak spots that may be exploited by your enemies. The first is the RF conversation between tag and reader. The conversations between reader and tag may occur via open or secure conversations. Most of the passive and active RFID tags on the market today do not communicate through secured conversations. That means a listening device within range tuned to the proper frequency can record the conversation between tags and readers. All of the signal information would have to deciphered, which would be extremely complex in environments with numerous readers and tags.

Although this scenario is not likely, it is a serious concern for some and must be addressed. Gen II tags have a 32-bit access password. If this password is set, then the reader must have the valid password before the tag engages in a secured data exchange. This password also prevents unauthorized people from scanning an area to see what products are there. For example, someone may scan the tagged contents of a wooden trailer to see if it's worth breaking into.

It's also important to restrict unauthorized access to tag memory on applied tags. You don't want someone to reprogram your RFID tags after they've been applied. Some of the most secure RFID tags on the market meet the ISO 14443 standard. The tag memory contents may be divided up into segments. Each segment can require a different password to access. Gen II tag contents may be locked. The lock command allows a reader to lock individual passwords or individual memory banks. For manufacturers that want to ensure certain information remains on the tag for the life of the product, a perma-lock feature makes it impossible to alter the contents.

How Secured Layers Work Together

Once secured, all of these parts work together: A serialized RFID tag on products makes every item unique. An authenticated user accessing an authenticated server permits the user to retrieve information to the specific product in hand. Date of manufacture, expiration date, product instructions, etc. all can be retrieved from the manufacturer's EPCIS server. This process nearly eliminates the possibility of tag forgery and counterfeit products. The manufacturer's EPCIS server can even tell you if you're purchasing a product from the company authorized to sell it to you.

Here's how these security measures can improve business. Manufacturers that resell through only authorized dealers are very concerned about their products showing up on the gray market. This occurs when an authorized dealer purchases higher quantities than they really need in order to obtain greater discounts. The surplus product is then resold to non-authorized retailers.

People we spoke to at one company were distressed because they had no way to know how pallets of their high-end, contractor-grade power drills turned up at a local club store. There was no agreement in place with the club store, and the units were being sold at prices lower than their authorized dealers. With serialized RFID tags, the manufacturer can purchase one of the drills from the club store and trace the unit to the dealer that first purchased it. The manufacturer can then ask questions about how the product found its way to the unauthorized retailer.

For more information, please visit www.rfidwizards.com.

Copyright 2011; RFIDwizards.com; All Rights Reserved

Latest in Home
Ep164
Florida Woman Pleads Guilty to Fake Military Parts Scheme
May 9, 2024
I Stock 1408775753
Microsoft to Invest $3.3 Billion to Build Cloud Computing, AI Infrastructure in Wisconsin
May 9, 2024
Ap24122462832460
Feds Have 'Significant Safety Concerns' about Ford Fuel Leak Recall
May 9, 2024
Ap24130343865690
Nissan Reports 92% Jump in Profit as Sales Surge
May 9, 2024
Related Stories
Outofoffice
Home
Notice: No Mnet Newsletters Next Week
Outofoffice
Home
No Mnet Newsletters Until Jan. 3
Imts
Home
Preview Days Videos Help Attendees Pre-Plan IMTS 2022 Agenda
Out Of Office Istock 5eff498fc27a7
Home
Notice: No Newsletters Next Week
More
Ep164
Video
Florida Woman Pleads Guilty to Fake Military Parts Scheme
Any component failure could have rendered end systems inoperable.
May 9, 2024
I Stock 1408775753
Industry 4.0
Microsoft to Invest $3.3 Billion to Build Cloud Computing, AI Infrastructure in Wisconsin
The company plans to train more than 100,000 residents with essential AI skills.
May 9, 2024
Ap24122462832460
Automotive
Feds Have 'Significant Safety Concerns' about Ford Fuel Leak Recall
They are demanding answers about the fix.
May 9, 2024
Ap24130343865690
Automotive
Nissan Reports 92% Jump in Profit as Sales Surge
Nissan sold 3.44 million vehicles globally for the fiscal year.
May 9, 2024
I Stock 672599910
Supply Chain
The Rise of Monopolies & Oligopolies
Consolidation has been bad for working people, taxpayers, the middle class and suppliers.
May 8, 2024
Manufacturingnowtn
Video
Milwaukee Tool Work Gloves Allegedly Tied to Forced Labor
U.S. Customs officials halted the shipments at the border.
May 8, 2024
The Toyota Motor Corp. logo is seen, May 11, 2022, at a dealer in Tokyo.
Automotive
Toyota Racks Up Booming Profit
And the automaker vows to invest to keep growth going.
May 8, 2024
Cans of Bud Light beer are seen before a major league baseball game on April 25, 2023, in Philadelphia.
Operations
AB InBev Reports Higher-than-Expected Revenue
But the brewer continued to see ongoing weakness in the U.S.
May 8, 2024
New Way Hyzon
Automotive
Hyzon Debuts North America's First Hydrogen Fuel Cell Garbage Truck
The fuel cells can handle up to 1,200 cart lifts.
May 7, 2024
50 Thumb
Video
Air Force Awards $13B for New Fleet of 'Doomsday Planes'
The Air Force skipped over Boeing and went with a different defense contractor.
May 7, 2024
I Stock 1347471831 (1)
Automotive
Workers at Stellantis Plant Near Detroit Authorize Strike
The dispute is over health and safety issues.
May 7, 2024
Ap24128417508686
Automotive
Tesla Questioned on How it Developed and Verified Whether Autopilot Recall Worked
Investigators with the U.S. National Highway Traffic Safety Administration have concerns.
May 7, 2024
A model of a Heineken Brasil conveyor belt with lubrication-free polymer bearings on display at Hannover Messe 2024.
Operations
Changing Traditional Views on Lubrication, One Step at a Time
How igus is saving millions by redefining the use of lubrication and plastic.
May 7, 2024
Ep162
Video
Report: Tyson Dumping Millions of Pounds of Waste into U.S. Waterways
In five years, the company's plants dumped an estimated 371.72 million pounds of pollutants into waterways.
May 6, 2024
Oeotn
Video
Boeing, Lockheed Passed Up; Heineken Uproots Huge Orchard; Autopia Goes EV | Today in Manufacturing Ep. 168
Also on the podcast, Chinese nationals tried to illegally export U.S. tech, SpaceX's excessive injuries, Boeing buys GKN's plant, blood device mimics leeches and a Formula E race car goes really fast.
May 6, 2024