Security and privacy enforcement for discovery services in a network of electronic product code information repositories

US 7,866,543 B2
Filed: 11/21/2006
Issued: 01/11/2011
Est. Priority Date: 11/21/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing security and privacy associations between an electronic product code value and an address of a repository containing information about an item represented by the electronic product code, the method comprising:

providing a service interface to the repository, the service interface providing access to the repository for one or more parties authorized to use the repository, with respect to the item;

issuing, by an authoritative party and prior to accessing the repository, a security certificate to each of the one or more parties that are authorized to use the repository in conducting a supply chain transaction;

in response to a party among the one or more parties sensing the electronic product code, creating a record in the repository, the record representing the sensing of the electronic product code and including the security certificate belonging to the party that sensed the electronic product code; and

storing a data sharing attribute with each record in the repository, the data sharing attribute being defined by an owner of the electronic product code information in the repository, the data sharing attribute specifying a subset of parties among the one or more parties that has permission to access the record.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus, including computer program products, implementing and using techniques for managing security and privacy associations between an electronic product code value and an address of a repository containing information about an item represented by the electronic product code. A security certificate is issued to each of one or more parties that are authorized to use the repository. In response to a party among the one or more parties sensing the electronic product code, a record is created in the repository. The record represents the sensing of the electronic product code and includes a security certificate belonging to the party that sensed the electronic product code.

Citations

33 Claims

1. A computer-implemented method for managing security and privacy associations between an electronic product code value and an address of a repository containing information about an item represented by the electronic product code, the method comprising:
- providing a service interface to the repository, the service interface providing access to the repository for one or more parties authorized to use the repository, with respect to the item;
  
  issuing, by an authoritative party and prior to accessing the repository, a security certificate to each of the one or more parties that are authorized to use the repository in conducting a supply chain transaction;
  
  in response to a party among the one or more parties sensing the electronic product code, creating a record in the repository, the record representing the sensing of the electronic product code and including the security certificate belonging to the party that sensed the electronic product code; and
  
  storing a data sharing attribute with each record in the repository, the data sharing attribute being defined by an owner of the electronic product code information in the repository, the data sharing attribute specifying a subset of parties among the one or more parties that has permission to access the record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein sensing the electronic product code includes sensing the electronic product code with a radio frequency identification sensor.
  - 3. The method of claim 1, wherein the one or more parties are represented by electronic product code information services.
  - 4. The method of claim 1, wherein creating a record includes creating a record immediately upon a party among the one or more parties sensing an electronic product code for the first time.
  - 5. The method of claim 1, wherein the subset of parties specified by the data sharing attribute includes all parties authorized to use the repository.
  - 6. The method of claim 1, wherein the subset of parties specified by the data sharing attribute includes parties authorized to use the repository and which have sensed the electronic product code associated with the record.
  - 7. The method of claim 1, wherein providing a service interface comprises:
    - providing a service interface that includes a plurality of services enabling secure traceability of the item represented by the electronic product code, the service interface further defining mechanisms for secure and privacy-preserving network access to the records in the repository by one or more querying parties, wherein the mechanisms for secure and privacy-preserving network access include one or more of;
      
      the use of proxy services, the use of role-based, policy-based, cell level data disclosure control of information in the repository, and the use of visibility control of the repository in one or more discovery services.
  - 8. The method of claim 7, wherein the service interface includes a Notify service for storing a new record in the repository when a party senses an electronic product code that the party has not sensed before.
  - 9. The method of claim 7, wherein the service interface includes a Get all addresses service for obtaining data about what parties have sensed a particular electronic product code.
  - 10. The method of claim 7, wherein the service interface includes a Get first address service for obtaining data about the first party to notify the repository about the existence of a particular electronic product code.
  - 11. The method of claim 7, wherein the service interface includes a Get last address service for obtaining data about the party that currently has custody of an item with a particular electronic product code.
  - 12. The method of claim 7, wherein the service interface includes a Get my records service for obtaining data about which electronic product codes a querying party has sensed.
  - 13. The method of claim 7, wherein the service interface includes a Get my record service for obtaining data about the record belonging to the querying party for a particular electronic product code, if such a record exists in the repository.
  - 14. The method of claim 7, wherein the service interface includes a Change visibility service for changing a data visibility attribute belonging to the querying party for a particular electronic product code.
  - 15. The method of claim 7, wherein the service interface includes a Delete my record service for removing a record belonging to the querying party for a particular electronic product code.
  - 16. The method of claim 7, wherein the service interface includes a Delete my old records service for removing from the repository any records belonging to the querying party having a timestamp lower than a current timestamp.

17. A computer program product comprising a non-transitory computer useable medium including a computer readable program, for managing security and privacy associations between an electronic product code value and an address of a repository containing information about an item represented by the electronic product code, wherein the computer readable program when executed on a computer causes the computer to:
- provide a service interface to the repository, the service interface providing access to the repository for one or more parties authorized to use the repository, with respect to the item;
  
  issue, by an authoritative party and prior to accessing the repository, a security certificate to each of the one or more parties that are authorized to use the repository in conducting a supply chain transaction;
  
  in response to a party among the one or more parties sensing the electronic product code, create a record in the repository, the record representing the sensing of the electronic product code and including the security certificate belonging to the party that sensed the electronic product code; and
  
  store a data sharing attribute with each record in the repository, the data sharing attribute being defined by an owner of the electronic product code information in the repository, the data sharing attribute specifying a subset of parties among the one or more parties that has permission to access the record.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The computer program product of claim 17, wherein creating a record includes creating a record immediately upon a party among the one or more parties sensing an electronic product code for the first time.
  - 19. The computer program product of claim 17, wherein the subset of parties specified by the data sharing attribute includes all parties authorized to use the repository.
  - 20. The computer program product of claim 17, wherein the subset of parties specified by the data sharing attribute includes parties authorized to use the repository and which have sensed the electronic product code associated with the record.
  - 21. The computer program product of claim 17, wherein causing the computer to provide a service interface comprises causing the computer to:
    - provide a service interface that includes a plurality of services enabling secure traceability of the item represented by the electronic product code, the service interface further defining mechanisms for secure and privacy-preserving network access to the records in the repository by one or more querying parties, wherein the mechanisms for secure and privacy-preserving network access include one or more of;
      
      the use of proxy services, the use of role-based, policy-based, cell level data disclosure control of information in the repository, and the use of visibility control of the repository in one or more discovery services.
  - 22. The computer program product of claim 21, wherein the service interface is a web service interface.
  - 23. The computer program product of claim 21, wherein the service interface is an application programming interface.

24. A discovery service operable to provide a mapping from an electronic product code number to a set of electronic product code information services that include event information and item information about the electronic product code number, the discovery service comprising:
- a repository containing records that represent a first sensing of the electronic product code by the respective electronic product code information services, each record including a security certificate issued by an authoritative party to the electronic product code information service that sensed the electronic product code, and a data sharing attribute, the data sharing attribute being defined by an owner of the electronic product code information in the repository and specifying a subset of electronic product code information services that has permission to access the record; and
  
  a service interface through which electronic product code information services and applications can access the records in accordance with the specified data sharing attributes in each record, the service interface including plurality of services enabling secure traceability of the item represented by the electronic product code,wherein the service interface further defines mechanisms for secure and privacy-preserving network access to the records in the repository, the mechanisms including one or more of;
  
  the use of proxy services, the use of role-based, policy-based, cell level data disclosure control of information in the repository, and the use of visibility control of the repository in one or more discovery services.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 25. The discovery service of claim 24, wherein the service interface includes a Notify service for storing a new record in the repository when an electronic product code information service senses an electronic product code that the electronic product code information service has not sensed before.
  - 26. The discovery service of claim 24, wherein the service interface includes a Get all addresses service for obtaining data about what electronic product code information services have sensed a particular electronic product code.
  - 27. The discovery service of claim 24, wherein the service interface includes a Get first address service for obtaining data about the first electronic product code information service to notify the repository about the existence of a particular electronic product code.
  - 28. The discovery service of claim 24, wherein the service interface includes a Get last address service for obtaining data about the electronic product code information service that currently has custody of an item with a particular electronic product code.
  - 29. The discovery service of claim 24, wherein the service interface includes a Get my records service for obtaining data about which electronic product codes a querying electronic product code information service has sensed so far.
  - 30. The discovery service of claim 24, wherein the service interface includes a Get my record service for obtaining data about the record belonging to the querying electronic product code information service for a particular electronic product code, if such a record exists in the repository.
  - 31. The discovery service of claim 24, wherein the service interface includes a Change visibility service for changing the data attribute belonging to the querying electronic product code information service for a particular electronic product code.
  - 32. The discovery service of claim 24, wherein the service interface includes a Delete my record service for removing a record belonging to the querying electronic product code information service for a particular electronic product code.
  - 33. The discovery service of claim 24, wherein the service interface includes a Delete my old records service for removing from the repository any records belonging to the querying electronic product code information service having a timestamp is lower than a current timestamp.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
rfXcel Corporation (Antares Vision S.p.A.)
Original Assignee
International Business Machines Corporation
Inventors
Grandison, Tyrone W. A., Robinson, Gary, Rantzau, Ralf, Asher, Anthony C., Clauss, Christian C., Kailing, Karin, Beier, Steven P.
Primary Examiner(s)
Lee; Michael G
Assistant Examiner(s)
ELLIS, SUEZU Y

Application Number

US11/562,184
Publication Number

US 20080120725A1
Time in Patent Office

1,512 Days
Field of Search

235/375, 235/382, 235/385, 713/156, 713/157, 705/28, 705 64- 67, 707/999.009
US Class Current

235/375
CPC Class Codes

G06Q 10/087   Inventory or stock manageme...

G06Q 10/10   Office automation; Time man...

G06Q 20/3674   involving authentication

H04L 63/0823   using certificates cryptogr...

H04L 63/101   Access control lists [ACL]

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 4/00   Services specially adapted ...

H04W 8/26   Network addressing or numbe...

Security and privacy enforcement for discovery services in a network of electronic product code information repositories

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Security and privacy enforcement for discovery services in a network of electronic product code information repositories

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links