1、 International Telecommunication Union ITU-T X.1171TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (02/2009) SERIES X: DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY Secure applications and services Networked ID security Threats and requirements for protection of personally identifiable info
2、rmation in applications using tag-based identification Recommendation ITU-T X.1171 ITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS, OPEN SYSTEM COMMUNICATIONS AND SECURITY PUBLIC DATA NETWORKS X.1X.199 OPEN SYSTEMS INTERCONNECTION X.200X.299 INTERWORKING BETWEEN NETWORKS X.300X.399 MESSAGE HANDLING SYS
3、TEMS X.400X.499DIRECTORY X.500X.599 OSI NETWORKING AND SYSTEM ASPECTS X.600X.699 OSI MANAGEMENT X.700X.799 SECURITY X.800X.849 OSI APPLICATIONS X.850X.899 OPEN DISTRIBUTED PROCESSING X.900X.999 INFORMATION AND NETWORK SECURITY General security aspects X.1000X.1029 Network security X.1030X.1049 Secur
4、ity management X.1050X.1069 Telebiometrics X.1080X.1099 SECURE APPLICATIONS AND SERVICES Multicast security X.1100X.1109 Home network security X.1110X.1119 Mobile security X.1120X.1139 Web security X.1140X.1149 Security protocols X.1150X.1159 Peer-to-peer security X.1160X.1169 Networked ID security
5、X.1170X.1179 IPTV security X.1180X.1199 CYBERSPACE SECURITY Cybersecurity X.1200X.1229 Countering spam X.1230X.1249 Identity management X.1250X.1279 SECURE APPLICATIONS AND SERVICES Emergency communications X.1300X.1309 Ubiquitous sensor network security X.1310X.1339 For further details, please refe
6、r to the list of ITU-T Recommendations. Rec. ITU-T X.1171 (02/2009) i Recommendation ITU-T X.1171 Threats and requirements for protection of personally identifiable information in applications using tag-based identification Summary The widespread deployment of identification tags, including radio fr
7、equency identification (RFID) tags can give rise to concerns of privacy infringement because of the abilities of RFID technology to automatically collect (and process) data, with the possible disclosure of such data to the public (deliberately or accidentally). For applications using tag-based ident
8、ification and relying on a personalized identification tag in personalized after-sale management applications, healthcare-related applications, etc., the privacy issue is becoming an increasingly serious problem. This Recommendation describes a number of personally identifiable information (PII) inf
9、ringements for applications using tag-based identification, and requirements for PII protection. In addition, this Recommendation provides a basic structure of PII protection based on PII policy profile. Source Recommendation ITU-T X.1171 was approved on 20 February 2009 by ITU-T Study Group 17 (200
10、9-2012) under the WTSA Resolution 1 procedure. ii Rec. ITU-T X.1171 (02/2009) FOREWORD The International Telecommunication Union (ITU) is the United Nations specialized agency in the field of telecommunications, information and communication technologies (ICTs). The ITU Telecommunication Standardiza
11、tion Sector (ITU-T) is a permanent organ of ITU. ITU-T is responsible for studying technical, operating and tariff questions and issuing Recommendations on them with a view to standardizing telecommunications on a worldwide basis. The World Telecommunication Standardization Assembly (WTSA), which me
12、ets every four years, establishes the topics for study by the ITU-T study groups which, in turn, produce Recommendations on these topics. The approval of ITU-T Recommendations is covered by the procedure laid down in WTSA Resolution 1. In some areas of information technology which fall within ITU-Ts
13、 purview, the necessary standards are prepared on a collaborative basis with ISO and IEC. NOTE In this Recommendation, the expression “Administration“ is used for conciseness to indicate both a telecommunication administration and a recognized operating agency. Compliance with this Recommendation is
14、 voluntary. However, the Recommendation may contain certain mandatory provisions (to ensure e.g. interoperability or applicability) and compliance with the Recommendation is achieved when all of these mandatory provisions are met. The words “shall“ or some other obligatory language such as “must“ an
15、d the negative equivalents are used to express requirements. The use of such words does not suggest that compliance with the Recommendation is required of any party. INTELLECTUAL PROPERTY RIGHTS ITU draws attention to the possibility that the practice or implementation of this Recommendation may inv
16、olve the use of a claimed Intellectual Property Right. ITU takes no position concerning the evidence, validity or applicability of claimed Intellectual Property Rights, whether asserted by ITU members or others outside of the Recommendation development process. As of the date of approval of this Rec
17、ommendation, ITU had not received notice of intellectual property, protected by patents, which may be required to implement this Recommendation. However, implementers are cautioned that this may not represent the latest information and are therefore strongly urged to consult the TSB patent database
18、at http:/www.itu.int/ITU-T/ipr/. ITU 2009 All rights reserved. No part of this publication may be reproduced, by any means whatsoever, without the prior written permission of ITU. Rec. ITU-T X.1171 (02/2009) iii CONTENTS Page 1 Scope 1 2 References. 1 3 Definitions 2 3.1 Terms defined elsewhere 2 3.
19、2 Terms defined in this Recommendation. 2 4 Abbreviations and acronyms 3 5 Conventions 3 6 Overview 3 7 B2C applications using tag-based identification 4 8 Reference model for B2C applications using tag-based identification 5 9 PII infringement in B2C applications using tag-based identification. 5 9
20、.1 Leakage of information associated with the identifier . 6 9.2 Leakage of the historical context data 6 9.3 Relationship between PII infringements and the reference model. 7 10 PII protection requirements for B2C applications using tag-based identification 7 10.1 Control of PII by ID tag user and/
21、or ID terminal user . 8 10.2 Authentication for ID tag user and/or ID terminal user . 8 10.3 Access control to the PII of an ID tag user in an application server 8 10.4 Data confidentiality of information associated to an ID tag. 8 10.5 Consent for collection of PII 8 10.6 Technical safeguards for t
22、he application servers 8 10.7 Relationship between requirements and PII infringements 8 Annex A Basic principles of national application 10 Annex B Basic principles of international application: free flow and legitimate restrictions 11 Appendix I Location tracking by the identifier in RFID services.
23、 12 Appendix II PII protection service (PPS) for applications using tag-based identification . 13 II.1 PII protection service (PPS) for applications using tag-based identification. 13 II.2 Service entities of the PPS for applications using tag-based identification . 13 II.3 General service scenario
24、for the PPS 13 II.4 Functions of the PPS 14 Bibliography. 18 Rec. ITU-T X.1171 (02/2009) 1 Recommendation ITU-T X.11711Threats and requirements for protection of personally identifiable information in applications using tag-based identification 1 Scope The scope of this Recommendation covers the fol
25、lowing objectives including threats and requirements for protection of personally identifiable information (PII) in applications using tag-based identification as described below: To describe PII threats in a business-to-customer (B2C)-based environment of applications using tag-based identification
26、; To identify requirements for PII protection in a B2C-based environment of applications using tag-based identification. The following objectives are not covered by the scope of this Recommendation: to analyse the general security threats and requirements of applications using tag-based identificati
27、on; to analyse the PII threats and requirements between an identification (ID) tag and an ID terminal; to analyse the PII threats and requirements depending on the specific ID tagging and reading method, e.g., radio frequency identification (RFID) tag and ID terminal; to define and develop the messa
28、ge formats and mechanism for protection of PII based on the user PII policy profile of an application using tag-based identification. NOTE 1 Further work will be necessary to define such formats, which may not be restricted to the sole protection of PII of tag-based identification use, but perhaps w
29、ith a more general (privacy) approach. In this Recommendation, the ID tag user has the capability for controlling the ID tag itself, and therefore it is assumed that the ID tag user is responsible for the behaviour of the ID tag. NOTE 2 In some cases, the ID tag user cannot have any capability for c
30、ontrolling the ID tag. For example, someone buys a tagged product and the manufacturer requires the ID tag to remain active for warranty purposes. In this scenario, the ID tag user may be just a person carrying and using the tagged product. Hence, this Recommendation cannot be applied to solve the a
31、bove problem for this case. This scenario involves some legislation and policy issues (see b-OECD) and this issue can be addressed in another Recommendation. 2 References The following ITU-T Recommendations and other references contain provisions which, through reference in this text, constitute pro
32、visions of this Recommendation. At the time of publication, the editions indicated were valid. All Recommendations and other references are subject to revision; users of this Recommendation are therefore encouraged to investigate the possibility of applying the most recent edition of the Recommendat
33、ions and other references listed below. A list of the currently valid ITU-T Recommendations is regularly published. The reference to a document within this Recommendation does not give it, as a stand-alone document, the status of a Recommendation. ITU-T X.1121 Recommendation ITU-T X.1121 (2004), Fra
34、mework of security technologies for mobile end-to-end data communications. _ 1This Recommendation may not be applicable in Germany due to German legislation. 2 Rec. ITU-T X.1171 (02/2009) 3 Definitions 3.1 Terms defined elsewhere This Recommendation uses the following terms defined elsewhere: 3.1.1
35、access control b-ITU-T X.800: The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner. 3.1.2 application server ITU-T X.1121: An entity that connects to an open network for data communication with mobile terminals. 3.1.3 application s
36、ervice provider (ASP) ITU-T X.1121: An entity (person or group) which provides application service(s) to mobile users through an application server. 3.1.4 authentication b-ITU-T X.811: The provision of assurance of the claimed identity of an entity. NOTE The usage of the word identity is made with t
37、he understanding that in the context of telecommunications it is an identifier or set of identifiers that is trusted, meaning it is considered to be reliable for the purposes of a particular situation to represent a network element, network terminal equipment, or user, after the completion of a vali
38、dation process. As the term is used here, one cannot conclude that trusted identifiers constitute positive validation of a person. 3.1.5 identifier b-ITU-T F.771: A series of digits, characters and symbols or any other form of data used to identify a real-world entity. It is used to represent the re
39、lationship between the real-world entity and its information/attributes in computers. This relationship enables users to access the information/attributes of the entity stored in computers via users ID terminals. 3.1.6 ID tag b-ITU-T F.771: A tiny physical object which stores a small amount of infor
40、mation which is an identifier or includes an identifier with other additional application data such as name, title, price, and address. 3.1.7 ID terminal b-ITU-T F.771: A device with a capability to capture data from ID tags, and other capabilities such as communication capability and multimedia inf
41、ormation presentation capability. The data capture capability may include a function to obtain identifier from ID tags even with no communication capability such as barcodes and 2D barcodes. Examples of equipment that use data capture techniques are digital camera, optical scanners, RF transponders,
42、 IrDA, galvanic wire-lines, etc. 3.1.8 mobile network ITU-T X.1121: A network that provides wireless network access points to mobile terminals. 3.1.9 mobile terminal ITU-T X.1121: An entity that has a wireless network access function and connects a mobile network for data communication with applicat
43、ion servers or other mobile terminals. 3.1.10 mobile user ITU-T X.1121: An entity (person) that uses and operates the mobile terminal for receiving various services from application service providers. 3.1.11 personally identifiable information (PII) b-ITU-T Y.2720: The information pertaining to any
44、living person, which makes it possible to identify such individual (including the information capable of identifying a person when combined with other information even if the information does not clearly identify the person). 3.2 Terms defined in this Recommendation This Recommendation defines the f
45、ollowing terms: 3.2.1 applications using tag-based identification: Applications which involve at least the elements: identifier, ID terminal, ID tag and network(s). In this application, the identifier is stored on an ID tag and all information associated to the identifier is provided on the network
46、side. Rec. ITU-T X.1171 (02/2009) 3 NOTE The identifier is stored on a ID tag (or in an ID tag, depending on the kind of ID tag) and an ID terminal reads or writes the identifier from/to the ID tag via an optical scanner (read only), camera (read only), IrDA (read/write), RF technique (read/write) o
47、r other similar methods. 3.2.2 business-to-consumer (B2C): A business relationship between businesses and consumers where the service providers provide valuable and useful services to the consumers and the consumers use them. 3.2.3 default PII policy profile: A formatted set of the PII protection ru
48、les and policies of an application using tag-based identification. 3.2.4 identification (ID): The procedure of specifically identifying an object from a large class of objects through the reading of identifiers of ID tags. 3.2.5 ID tag user: A person who purchases and carries or uses an ID tag-enabl
49、ed object. 3.2.6 ID terminal user: A person who uses and operates an ID terminal. A typical example of an ID terminal user could be a mobile user with an ID terminal. 3.2.7 personalized ID tag: An ID tag that contains an identifier that enables the possible identification of an individual rather than an anonymous object. 3.2.8 PII protection service (PPS): A security service that provides protection of PII for ID tag and/or ID terminal users of an application using tag-based identificatio
