Products Authentication and Traceability using RFID Technology and OPC UA Servers

Security provided for trademark products became nowadays an active point of view. Regarding this aspect, in this paper is proposed an RFID OPC UA server architecture used to ensure the identification, authentication and traceability of trademark products, using as fundamental components OPC UA wrappers. To this end, each product will have a RFID tag that provides information’s about the manufacturer and eventually production details, in order to reduce piracy. The presented architecture includes servers that are implemented for manufacturers, distributors and retailers, respectively. The whole architecture was implemented and tested successfully in practice in a demo version having as primary aim protection in preventing piracy for trademark production. DOI: http://dx.doi.org/10.5755/j01.eee.18.10.3067


I. INTRODUCTION
Besides barcode scanning, RFID technology may be an alternative identification technology used in supply chains.Instead of bar codes, RFID tags attached to products contain an EPC (Electronic Product Code) with size of 96 or 128 bits [1].The information about a product that has attached a RFID tag can be read automatically by a RFID reader which can send scanned information to a host computer for processing and storage.The potential benefits of RFID technology for supply chains are numerous [2]- [4].
In [5] the authors propose system architecture for managing a local network infrastructure with a large number of RFID tags.This architecture uses as main components RFID readers, eBox 2300 (or eBox 4300) embedded systems that runs OPC (OLE for Process Control) classic servers with Windows CE, switches and a router with firewall facilities.Low costs and small size of the entire assembly, with Windows CE real-time operating system, were the basic attributes in implementation the mentioned architecture.
Current versions of Windows CE (CE.6) implements DCOM middleware from Microsoft allowing portability of OPC servers (data, history, alarm or events) installed on  7).
In this paper the authors propose an extension of the architecture presented in [5].This new concept represents a widely distributed Internet architecture for RFID data acquisition which can read or write information's onto or from RFID tags that passed through the input or output gates of manufacturers, distributors or retailers.
The architecture of the new concept presented in this paper uses OPC UA specification (OPC Unified Architecture).With this architecture, the read information's from products that have attached RFID tags are stored in a database and can be used to provide traceability of products in manufacturing-distribution-retailers chains.Also this information's are used for checking the authentication of products that pass through each gate mentioned above, operation performed by comparing the read information's from RFID tags with those stored in the database associated with each product class.Some reasons that authors determined using the OPC UA servers for the proposed architecture are presented below.
According to [6], OPC UA was born of a desire to create a replacement for all COM-based specifications without losing any feature or performance of a system.Classic OPC interfaces are based on the COM and DCOM technologies from Microsoft.
COM and DCOM provide a transparent mechanism that allows for a client to call methods of a COM object from a server running on the same or on another process or on a different network node.Using these technologies available on all PCs with Windows platforms is reduced the development specification time and also the OPC market launch time [7].This advantage of time reduction was very important for the success of OPC.Classic OPC's determine two major disadvantages which are dependence on the Windows platform and the behavior of the DCOM for remote communications.DCOM is difficult to configure, has long and not configured timeouts and cannot be used for Internet communications.
From the beginning, the main purpose of OPC Foundation was to protect the investments of thousands of suppliers that used Classic OPC products.OPC Foundation concept for OPC UA include a migration strategy in which it provides free wrappers and proxies to allow better migration [6].These OPC UA wrappers and proxies are separate software Products Authentication and Traceability using RFID Technology and OPC UA Servers components and allow combining different classic OPC's and OPC UA products in the same project.An OPC UA wrapper is best described as a core providing an OPC UA interface which contains an OPC COM server.OPC UA does not replace the classic OPC.OPC classic products and OPC UA products can coexist.In this way thousands of classic OPC products that are currently installed and used in different systems, can be used with the new OPC UA products right from home.This approach offers many advantages for users, because they can mix and match products from different manufacturers to communicate not only in Intranet but also in Internet.

II. DESCRIPTION OF THE PROPOSED ARCHITECTURE USING OPC UA SERVERS
In terms of functionality, the servers from the proposed architecture are in two different locations: to the manufacturers and to the warehouses.Fig. 1 shows the structure of servers from manufacturers.From Fig. 1 we can see that each manufacturer is running an OPC UA historical server, named OPC_UA_HDA_AT.
The products fabrication can be made in many work points that can differ geographically.Those points must have a working Internet connection, necessary for information exchange with the central server.
At each distribution point runs an OPC_UA_AT server which is one of the central historical clients.At each production point there are several labeling points, each having an ICCM module (Interface, Command and Control Module).This module connects to a RFID reader which can write information's in the RFID tags.Also this ICCM module has run an OPC data server called OPC_DA_CE_AT.
Because this module has to work both online and offline, it runs on it an OPC historical server necessary to store information's need to be transmitted when the connection from the production point is dropped.
OPC_UA_AT server from the production point contains OPC_HDA_UA and OPC_DA_UA wrappers needed to establish connection to OPC_HDA_AT and OPC_DA_AT servers located in ICCM modules.This server keeps a historical file for all operations performed at the production point.Also, the OPC_UA_HDA_AT central server from the manufacturer level must be a client of the OPC_UA_AT server's from the production points, in order to request information's needed but which are not stored in the database from the central server, being stored in the database from the production points.
Fig. 2 shows the architecture used for warehouses.Here we can see that at each gate level is an ICCM module connected via RS232 or USB to an RFID reader for reading or writing information's to or from RFID tags attached to products.In this module it runs OPC_DA_CE_AT and OPC_HDA_CE_AT servers.Also, at the warehouse level is located an OPC_UA_AT server.This server is a client of OPC_DA_CE_AT and OPC_HDA_CE_AT server's from ICCM module.This is accomplished by including OPC_DA_UA_AT and OPC_HDA_UA_AT wrappers.
In order to obtain the necessary authentication information for products, this server is also a client of the server located at the manufacturer level.Any information regarding entering or exit of the product from the warehouse servers is sent to manufacturer servers.So far, we identified four types of servers: OPC_DA_CE_ATruns on ICCM modules located at manufacturers and warehouses level.This server contains a driver for communication with the RFID reader, and must run on Windows CE 6.0.
OPC_HDA_CE_ATruns on ICCM modules located also at manufacturers and warehouses level.This server is a client of OPC_DA_CE_AT server and performs a historical file in case when the local intranet connection drops.The server also must run on Windows CE 6.0.
OPC_UA_ATruns at each production or warehouse points.This is a client of OPC_DA_CE_AT and OPC_HDA_CE_AT servers, containing OPC_DA_UA_AT and OPC_DA_UA_AT wrappers.Also it is a client of OPC_UA_HDA servers from manufacturer level.
OPC_UA_HDA_ATruns at the manufacturer level points and centralizes all relevant information's of products located in the distribution chain.
Fig. 3 presents the general architecture of the proposed system.We can see that are several manufacturers, each of them can have one or more production points, geographically distributed.Warehouses and retailers are also geographically distributed, having an Internet connection needed to access the manufacturer servers to perform product authentication and to transmit their traceability information.Each distribution point has a PC running a OPC_UA_AT server that takes information's from the manufacturing process, that are stored in the historical local database.This server is a client of the OPC_UA_HDA_AT central server.
Each manufacturer has a central server running a OPC_UA_HDA_AT server.In a database located on this server will be centralized all the information's regarding products that are out of production cycle, were labeled and sent to retailer's warehouses.It should be noted that the server should not be in the same location as the production point.The only condition to be fulfilled is that the server must have a working Internet connection.Thus, OPC_UA_AT servers from the production points are clients of the OPC_UA_HDA central server.
From Fig. 3 we can distinguish the module used for the distributed database, where each distributor has a distributed database at production points and on central server.
Each warehouse is running a OPC_UA_AT server that is a client of the OPC_UA_HDA manufacturer server, used to request authentication information's.Also, it's send to the manufacturer server information's regarding entering and exit conditions of warehouse products.
The retailer can use a PDA that runs a client of OPC_UA_HDA servers, used to authenticate products associated with the manufacturers.
A client from a warehouse or from a retailer can query the manufacturer server to obtain information's necessary for product authentication.If the information's requested are not on the manufacturer central database server, they are requested directly from the production point server.
After the information's were obtained, they are sent to the client that asked them in identifying a product.By this mechanism can be accessed information from the distributed database.
Distributed database shown in Fig. 3 is located to manufacturers in the production points and on central servers.In each production point is installed a MySQL database server.OPC_UA_HDA_AT and OPC_UA_AT servers can access the local database through SQL servers provided by MySQL.
In Fig. 4 is shown how to access the distributed database by retailers.Thus, at every retailer there may be one or more PDAs or PCs with RFID readers connected to them.On these computers runs a client application of OPC_UA_HDA_AT servers associated with each manufacturer.
When selling a product, the client application requests information's from the manufacturer server regarding product authentication.This information is sent to the client application to fulfil the request.
After the authentication is done, the information's regarding product sale is sent onto the manufacturer server.It is very important for PDAs and PCs used for authentication to access the Internet in order to connect to the manufacturer servers.If the Internet connection to a manufacturer server fails, authentication products cannot be achieved.
Information's on products selling are not deleted from the database.Through a client application, database administrator for each manufacturer can erase from the database products that are sold or can save information's in an archive.

III. CONCLUSIONS
In this paper is presented a model that uses OPC_UA_AT distributed servers for simple data acquisition needed for control products authentication in manufacturingdistribution-retailer chains.Using a database server with OPC UA specification, the information's acquired from RFID readers at the input or at the output gates of manufacturer, distributors or retailers, can be distributed on the Internet.
Thus, the OPC_UA_AT data server can be executed on a server with public IP (i.e., web server), and customers can connect to it via the Internet connection from any location (after authentication and authorization).
This paper aims authentication and traceability of products in a supply chain and a simple reason of using OPC_UA_AT servers is because they contain a very good information security mechanism.The proposed architecture presented in this paper was successfully implemented and tested in practice where a trademark manufacturing process was simulated.

Fig. 4 .
Fig. 4. Accessing information of the proposed system.
Manuscript received March 19, 2012; accepted May 16, 2012.This paper was supported by the project "Knowledge provocation and development through doctoral research PRO-DOCT -Contract no.POSDRU/88/1.5/S/52946", project co-funded from European Social Fund through Sectoral Operational Program Human Resources 2007-2013.eBox embedded systems to a PC with Windows (XP, Vista, 1 , A. I. Petrariu 1 , I. Ungurean 1 1 Faculty of Electrical Engineering and Computer Science, Stefan cel Mare University of Suceava 13, University St., 720229 Suceava, Romania agaitan@eed.usv.ro