A Layered Approach to Design of Light-Weight Middleware Systems for Mobile RFID Security (SMRM : Secure Mobile RFID Middleware System) Namje Park, Jooyoung Lee, Howon Kim, Kyoil Chung, and Sungwon Sohn Information Security Research Division Electronics and Telecommunications Research Institute Daejeon, Korea {namjepark, joolee, khw, kyoil, swsohn}@etri.re.kr !"#$%&’$—Recently, R+I- (Radio +requency I-entification) technology is practically applied to a number of logistics processes as well as asset management, and R+I- is also e?pected to be permeated in our daily life with the name of @Abiquitous ComputingC or @Abiquitous DetworkC within the near future. The RH- groups in global now have paid attention to integrate R+I- with mobile devices as well as to associate with the e?isting mobile telecommunication network. Juch a converged technology and services would lead to make new markets and research challenges. Kowever, the privacy violation on tagged products has become stumbling block. We propose a light-weight security mechanism which is constructed by mobile R+I- security mechanism based on WINI (Wireless Internet Nlatform for Interoperability). WINI-based light-weight mobile R+I- security platform can be applicable to various mobile R+I- services that have strong security requirements in mobile environments. ()*+,%-# / 0,"12) 34567 34567 85957 :)’;%1$*7<=4 >??0@A I. INTRODUCTION Due to rapid development of information technology, handheld terminal is evolving into a low-power, ultra-light, integrated, and intellectual terminal to support various information service and ubiquitous environment, and it will develop to a more advanced form current services. The wireless internet infrastructure integrated with the mobile communication system and RFID gave birth to mobile RFID to provide new services to users, and the standardization of mobile RFID information protection technology such as the protection and verification of personal information, authorization, and key management and its technological development are being progressed along the way. RFID reader has been mainly used as RFID tag recognizable unattended information production terminal, and now it is expanding into the mobile RFID service providing useful information to users by reading various RFID tag information through RFID tag chip and RFID reader chip installed to cellular phone. Mobile RFID service is defined as to provide personalized secure services such as searching the product information, purchasing, verifying and paying for the product while on the move through the wireless internet network by building the RFID reader chip into the mobile terminal[4]. The service infrastructure required for providing such RFID based mobile service is composed of RFID reader, handset, communication network and protocol, information protection, application server, RFID code interpretation, and contents development. In this paper, the light-weight mobile RFID middleware of WIPI-based environment is presented. The proposed platform, the ETRI (Electronics and Telecommunications Research Institute) mobile RFID security middleware platform, is composed of AAL (Application Adaptation Layer) and RFID HAL (Handset Adaptation Layer) layers. The proposed AAL is the core component of the security middleware platform. The security platform is a building block for the extended security API (Application Programming Interface) for secure mobile RFID and it has to be integrated with WIPI and mobile RFID security mechanisms for phone-based RFID services to be more secure mobile business environment. It enables business to provide new services to mobile customers by securing services and transactions from the end-user to a company's existing e-commerce and IT systems. II. OVERVIEW OF MOBILE RFID USING UHF 900 MHZ !" #$%&le *+,- .ec01$l$2y RFID is expected to be the base technology for ubiquitous network or computing, and to be associated with other technology such as telemetric, and sensors. Meanwhile Korea is widely known that it has established one of the most robust mobile telecommunication networks. In particular, about 78% of the population uses mobile phones and more than 95% among their phones have Internet-enabled function. Currently, Korea has recognized the potential of RFID technology and has tried to converge with mobile phone. Mobile phone integrated with RFID can activate new markets and end-user services, and can be considered as an exemplary technology fusion. Furthermore, it may evolve its functions as end-user terminal device, or ‘u-device (ubiquitous device)’, in the world of ubiquitous information technology [11]. Actually, mobile RFID phone may represent two types of mobile phone devices; one is RFID reader equipped mobile phone, and the other is RFID tag attached mobile phone. Each type of mobile phone has different application domains, for example, the RFID tag attached one can be used as a device for   