IEC TS 62045-1-2006 Multimedia Security - Guideline for privacy protection of equipment and systems in and out of use - Part 1 General《多媒体安全性.电话呼出和打进用户隐私权保护指南》.pdf

1、 TECHNICAL SPECIFICATION IEC TS 62045-1First edition 2006-12Multimedia security Guideline for privacy protection of equipment and systems in and out of use Part 1: General Reference number IEC/TS 62045-1:2006(E) Publication numbering As from 1 January 1997 all IEC publications are issued with a desi

2、gnation in the 60000 series. For example, IEC 34-1 is now referred to as IEC 60034-1. Consolidated editions The IEC is now publishing consolidated versions of its publications. For example, edition numbers 1.0, 1.1 and 1.2 refer, respectively, to the base publication, the base publication incorporat

3、ing amendment 1 and the base publication incorporating amendments 1 and 2. Further information on IEC publications The technical content of IEC publications is kept under constant review by the IEC, thus ensuring that the content reflects current technology. Information relating to this publication,

4、 including its validity, is available in the IEC Catalogue of publications (see below) in addition to new editions, amendments and corrigenda. Information on the subjects under consideration and work in progress undertaken by the technical committee which has prepared this publication, as well as th

5、e list of publications issued, is also available from the following: IEC Web Site (www.iec.ch) Catalogue of IEC publications The on-line catalogue on the IEC web site (www.iec.ch/searchpub) enables you to search by a variety of criteria including text searches, technical committees and date of publi

6、cation. On-line information is also available on recently issued publications, withdrawn and replaced publications, as well as corrigenda. IEC Just Published This summary of recently issued publications (www.iec.ch/online_news/ justpub) is also available by email. Please contact the Customer Service

7、 Centre (see below) for further information. Customer Service Centre If you have any questions regarding this publication or need further assistance, please contact the Customer Service Centre: Email: custserviec.ch Tel: +41 22 919 02 11 Fax: +41 22 919 03 00 TECHNICAL SPECIFICATION IEC TS 62045-1Fi

8、rst edition 2006-12Multimedia security Guideline for privacy protection of equipment and systems in and out of use Part 1: General PRICE CODE IEC 2006 Copyright - all rights reserved No part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, incl

9、uding photocopying and microfilm, without permission in writing from the publisher. International Electrotechnical Commission, 3, rue de Varemb, PO Box 131, CH-1211 Geneva 20, Switzerland Telephone: +41 22 919 02 11 Telefax: +41 22 919 03 00 E-mail: inmailiec.ch Web: www.iec.ch P For price, see curr

10、ent catalogue Commission Electrotechnique Internationale International Electrotechnical Commission 2 TS 62045-1 IEC:2006(E) CONTENTS FOREWORD.3 INTRODUCTION.5 1 Scope.6 2 Normative references .6 3 Terms and definitions .6 4 Privacy of user .7 4.1 Privacy protection7 4.2 Definition of privacy.7 4.3 C

11、haracteristics of privacy 8 5 Methods for privacy protection10 5.1 System model .10 5.2 Case of usage.12 5.3 Methods for data protection.12 6 Methods for user assistance.14 6.1 Importance of user assistance.14 6.2 Education for user .15 6.3 Instructions for user 15 6.4 Failsafe and multiple protecti

12、on system.15 Figure 1 System model 10 Table 1 Privacy attribution .7 Table 2 Origin of information7 Table 3 Information attribution .8 Table 4 Rights holder.9 Table 5 Protection execution9 Table 6 Access rights holder10 Table 7 Communication paths11 Table 9 Case of usage.12 Table 10 Combination tabl

13、e .12 Table 11 Operation modes.13 TS 62045-1 IEC:2006(E) 3 INTERNATIONAL ELECTROTECHNICAL COMMISSION _ MULTIMEDIA SECURITY GUIDELINE FOR PRIVACY PROTECTION OF EQUIPMENT AND SYSTEMS IN AND OUT OF USE Part 1: General FOREWORD 1) The International Electrotechnical Commission (IEC) is a worldwide organi

14、zation for standardization comprising all national electrotechnical committees (IEC National Committees). The object of IEC is to promote international co-operation on all questions concerning standardization in the electrical and electronic fields. To this end and in addition to other activities, I

15、EC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested in the subject dealt wi

16、th may participate in this preparatory work. International, governmental and non- governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely with the International Organization for Standardization (ISO) in accordance with conditions determined by

17、agreement between the two organizations. 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international consensus of opinion on the relevant subjects since each technical committee has representation from all interested IEC National Committees. 3)

18、IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC cannot be held responsible for the way in which they are

19、used or for any misinterpretation by any end user. 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications transparently to the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and the

20、 corresponding national or regional publication shall be clearly indicated in the latter. 5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any equipment declared to be in conformity with an IEC Publication. 6) All users should ensure that they have

21、 the latest edition of this publication. 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and members of its technical committees and IEC National Committees for any personal injury, property damage or other damage of any nature whatsoe

22、ver, whether direct or indirect, or for costs (including legal fees) and expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC Publications. 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publicati

23、ons is indispensable for the correct application of this publication. 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights. IEC shall not be held responsible for identifying any or all such patent rights. The main task of IEC

24、technical committees is to prepare International Standards. In exceptional circumstances, a technical committee may propose the publication of a technical specification when the required support cannot be obtained for the publication of an International Standard, despite repeated efforts, or the sub

25、ject is still under technical development, or where, for any other reason, there is the future but no immediate possibility of an agreement on an International Standard. Technical specifications are subject to review within three years of publication to decide whether they can be transformed into In

26、ternational Standards. IEC 62045-1, which is a technical specification, has been prepared by IEC technical committee 100: Audio, video and multimedia systems and equipment. 4 TS 62045-1 IEC:2006(E) The text of this technical specification is based on the following documents: Enquiry draft Report on

27、voting 100/1103/DTS 100/1162/RVC Full information on the voting for the approval of this technical specification can be found in the report on voting indicated in the above table. This publication has been drafted in accordance with the ISO/IEC Directives, Part 2. The list of all the parts of IEC 62

28、045, under the general title Multimedia security Guideline for privacy protection of equipment and systems in and out of use, can be found on the IEC website. The committee has decided that the contents of this publication will remain unchanged until the maintenance result date indicated on the IEC

29、web site under “http:/webstore.iec.ch“ in the data related to the specific publication. At this date, the publication will be transformed into an International standard, reconfirmed, withdrawn, replaced by a revised edition, or amended. A bilingual version of this publication may be issued at a late

30、r date. TS 62045-1 IEC:2006(E) 5 INTRODUCTION There has been an increase in consumer products of multimedia that store the users private data and privacy information. For instance, a digital TV tuner has a kind of IC card which stores the users information and sometimes includes credit information.

31、Also, from a wider viewpoint, digital cameras or digital video recorders store the private data of users, and digital audio players, cellular phones and PCs are banks of private data. This private information should be protected from unauthorized or illegal access and use. When the user discards suc

32、h products, private data remains stored and this should be protected or deleted. In addition, when a user lends his product to others, private information should be protected. For instance, even if all the contents in the memory of digital video recorders or digital cameras are deleted, these data c

33、an be recovered easily with some software technology. As consumer products of multimedia include storage and computer architecture, this problem will be raised in many aspects of usage. All products should have privacy protection methods. This technical specification describes the system model and g

34、eneral methods for the users privacy protection of data storage, equipment and systems, both in and out of use. Equipment and systems have their own structure in each application, therefore, the other part of this technical specification defines a dedicated method for privacy protection for the spec

35、ific application. Also, the implementation of the privacy protection method depends on each design. 6 TS 62045-1 IEC:2006(E) MULTIMEDIA SECURITY GUIDELINE FOR PRIVACY PROTECTION OF EQUIPMENT AND SYSTEMS IN AND OUT OF USE Part 1: General 1 Scope This part of IEC 62045 gives the guideline for methods

36、for the protection of the users privacy in consumer equipment and systems, both when the equipment or systems are in use and out of use. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited appl

37、ies. For undated references, the latest edition of the referenced document (including any amendments) applies. IEC 60958-3, Digital audio interface Part 3: Consumer applications IEC 61880-2, Video systems (525/60) Video and accompanied data using the vertical blanking interval Analogue interface Par

38、t 2: 525 progressive scan system IEC 61883-6, Consumer audio/video equipment Digital interface Part 6: Audio and music data transmission protocol 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 data storage all kinds of data-storing functions

39、, which are devices or systems including hard disk drive, optical disc and memory devices and others 3.2 data encryption conversion of data into code or cipher 3.3 data access reading, writing or use of data stored in data storage 3.4 access control control for condition of use or entry to system or

40、 data 3.5 private data data that is property of the user TS 62045-1 IEC:2006(E) 7 3.6 social engineering cracking techniques that rely on human rather than hardware and software weaknesses 4 Privacy of user 4.1 Privacy protection The reason for protecting the users privacy is that the privacy of the

41、 user is the property of the user. The manufacture of equipment and systems, and the service providers have the responsibility of safeguarding the users privacy. 4.2 Definition of privacy Privacy, as defined in this specification, is the private information of the user or private information created

42、 by the user that is produced or accompanied with users usage, operation and behaviour with multimedia equipments or systems. Using the equipment, system and service, these activities produce private information that is stored or transferred. This privacy has attribution and origination. Attribution

43、 is specified depending on its nature as shown in Table 1. Table 1 Privacy attribution Privacy attribution Description Example Identification of user User can be identified with this information Name, address, telephone number, e-mail address Social information, credit card information, social numbe

44、r Biometrics data of user Creation by user Information that is the property of user Document, photograph, video, music Provided by user Information provided by user operation Broadcasting programme, downloaded contents, cookie, usage record The identification of the user is fundamental information o

45、f the user. The user can be identified by this information, and others can access to the user or the property of user with this information. Creation by the user is a property of the user. This information should be protected from others. Provided by the user is also a property of user. This is prov

46、ided by user operation or behaviour. The origin of that information is specified as shown in Table 2. Table 2 Origin of information Origin Description Direct information Provided direct by user Indirect information Provided indirectly by users use of equipment or systems Accompanied information Data

47、 accompanied by the users use of equipment or systems 8 TS 62045-1 IEC:2006(E) Direct information is provided by the user intentionally and consciously, or unintentionally and unconsciously. When the user inputs his private information or recalls his information, that information is provided direct

48、by the users operation or behaviour. Indirect information is provided by the users use of equipment or systems intentionally and consciously, or unintentionally and unconsciously. When the user uses equipment or systems, this behaviour causes communication of information including the users private

49、information. Accompanied information is information other than that made by the user, which is created by equipment or systems having a relation with the users use or behaviour. For instance, when the user uses equipment, the equipment may record a log. This log will include private information regarding the user. 4.3 Characteristics of privacy 4.3.1 Characteristics of privacy general Pr