Abstract: To resolve the security drawbacks of EPC information services, a provable security EPC information service communication scheme—ESCM was designed. By using some cryptographic mechanisms such as the digital signature and the message authentication code, the ESCM could implement mutual authentication and session key agreement between the EPC Information service servers and querying application belonging to a different trust domain. Security analysis shows that the session key agreement of ESCM is provably secure in the Canetti-Krawczyk model. Furthermore, the ESCM has efficient computation and communication cost.