Radio-Frequency-Identification (RFID) tags are used to enable flows of wares to be handled more efficiently. For this purpose products are identified by an individual RFID tag. The product data itself is often stored on a server. Information stored on an RFID tag is used for identifying a product, a ware or a good, whereas further data describing the product is stored on a central computer for example.
In complex business relationships goods pass through different companies and thus also pass through different security domains, each of which must access data assigned to the goods stored on a server, both for reading and for writing or for reading or writing.
To protect data stored on a server assigned to goods identified by an RFID tag against unauthorized access, security solutions for the interface between RFID reader and RFID tag are known. This guarantees that only an authorized RFID reader can read data from an RFID tag or write data to it or that the data read comes from a non-manipulated, authenticated RFID tag. Such security solutions only conduct a check on the authorization to read data from the RFID tag itself or write it to the tag.
It is further known that on interrogation of product data of a product or good to which an RFID tag is assigned, an authentication and authorization check takes place at a server. In such cases the server checks whether the interrogation is being conducted by an authorized user. A check can for example take account of the predetermined logistics chain, i.e. the time at which the product provided with an RFID tag should be with a specific user, and then only this specific user may access the data of the typically central server with the stored product data. However such cases only involve static security mechanisms which do not take account of whether the user accessing the database or the server also actually has access to the product or the associated RFID tag.