The Dual Ownership Model: Using Organizational Relationships for Access Control in Safety Supply Chains

Counterfeits and contaminated drugs are recognized as a threat to consumer safety. To fight counterfeiting and protect consumers, public health institutions such as the US FDA demand organizations to electronically document the pedigrees of prescription drugs. As the documentation process involves joint collaborations of multiple organizations along the supply chain on electronic pedigrees for billions of individual goods, new and scalable access control models are needed. Therefore, this paper presents a novel concept, which leverages existing organizational relationships to manage access control based on physical possession. The concept is evaluated against other existing models and discussed.

[1]  Chang Nian Zhang,et al.  An approach to secure information flow on Object Oriented Role-based Access Control model , 2003, SAC '03.

[2]  Curbing counterfeit drugs. , 2006, FDA consumer.

[3]  C. Dolea,et al.  World Health Organization , 1949, International Organization.

[4]  Tatsuya Inaba,et al.  Improving the Safety and Security of the Pharmaceutical Supply Chain , 2008 .

[5]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[6]  David A. Wagner,et al.  A Scalable, Delegatable Pseudonym Protocol Enabling Ownership Transfer of RFID Tags , 2005, IACR Cryptol. ePrint Arch..

[7]  Hau L. Lee,et al.  Information sharing in a supply chain , 2000, Int. J. Manuf. Technol. Manag..

[8]  Yuh-Min Chen,et al.  Development of an access control model, system architecture and approaches for resource sharing in virtual enterprise , 2007, Comput. Ind..

[9]  César Garita,et al.  Virtual Enterprises and Federated Information Sharing , 1998, DEXA.

[10]  Peter Steenkiste,et al.  Exploiting Information Relationships for Access Control , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[11]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[12]  Peter Steenkiste,et al.  Exploiting information relationships for access control in pervasive computing , 2006, Pervasive Mob. Comput..