欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    BS PD CEN TR 16673-2014 Information technology RFID privacy impact assessment analysis for specific sectors《信息技术 特定行业用射频识别隐私影响分析》.pdf

    • 资源ID:397367       资源大小:2MB        全文页数:42页
    • 资源格式: PDF        下载积分:5000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要5000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    BS PD CEN TR 16673-2014 Information technology RFID privacy impact assessment analysis for specific sectors《信息技术 特定行业用射频识别隐私影响分析》.pdf

    1、BSI Standards Publication PD CEN/TR 16673:2014 Information technology RFID privacy impact assessment analysis for specific sectorsPD CEN/TR 16673:2014 PUBLISHED DOCUMENT National foreword This Published Document is the UK implementation of CEN/TR 16673:2014. The UK participation in its preparation w

    2、as entrusted to Technical Committee IST/34, Automatic identification and data capture techniques. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are resp

    3、onsible for its correct application. The British Standards Institution 2014. Published by BSI Standards Limited 2014 ISBN 978 0 580 83898 9 ICS 35.240.60 Compliance with a British Standard cannot confer immunity from legal obligations. This Published Document was published under the authority of the

    4、 Standards Policy and Strategy Committee on 30 June 2014. Amendments/corrigenda issued since publication Date T e x t a f f e c t e dPD CEN/TR 16673:2014TECHNICAL REPORT RAPPORT TECHNIQUE TECHNISCHER BERICHT CEN/TR 16673 June 2014 ICS 35.240.60 English Version Information technology - RFID privacy i

    5、mpact assessment analysis for specific sectors Technologies de linformation - valuation dimpact sur la vie prive des applications RFID dans des secteurs spcifiques Informationstechnik - Verfahren zur Datenschutzfolgenabschtzung (PIA) von RFID fr spezifische Sektoren This Technical Report was approve

    6、d by CEN on 20 January 2014. It has been drawn up by the Technical Committee CEN/TC 225. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, I

    7、celand, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Ma

    8、nagement Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TR 16673:2014 EPD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 2 Contents Page Foreword 4 Introduction .5 1 Scope 6 2 Terms and def

    9、initions .6 3 Symbols and abbreviations 8 4 Brief description of an RFID system 9 4.1 Infrastructure of an RFID system .9 4.2 Components of an RFID system 9 4.2.1 Transponder/Tag9 4.2.2 RFID reader or writer 10 4.2.3 Backend system 10 4.3 Characteristics of RFID technology compared to other data cap

    10、ture techniques 10 5 Privacy concept in RFID-based applications . 11 5.1 Interaction between data protection, data security and privacy . 11 5.2 Data protection 12 5.3 Data security . 13 5.4 Privacy . 13 5.5 General privacy risks . 13 5.6 Challenges for a privacy concept in context with RFID 14 5.7

    11、Need for transparency 15 6 Library sector overview . 15 6.1 Aspects of the library sector . 15 6.2 RFID technology overview . 16 6.3 Applications and parties involved 17 6.4 Privacy considerations 18 6.4.1 Privacy of possession 18 6.4.2 Privacy of personal data in the central system . 18 6.4.3 The i

    12、mpact of NFC-enabled phones . 19 6.5 Prospects for PIA templates 19 7 Retail sector overview 20 7.1 Aspects of the retail sector 20 7.2 RFID Technology Overview . 21 7.3 Applications and parties involved 21 7.3.1 General . 21 7.3.2 Use of RFID in retail logistics 21 7.3.3 The role of the solution pr

    13、ovider . 22 7.3.4 Impact of RFID technology for the consumer 22 7.4 Privacy considerations 23 7.5 Technological prospects for privacy enhancements 25 8 Transport sector overview . 25 8.1 Aspects of the transport sector 25 8.2 RFID Technology Overview . 25 8.3 Applications and parties involved 26 8.3

    14、.1 General . 26 8.3.2 Types of tickets, features and characteristics . 26 PD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 3 8.3.3 Characteristics of automatic fare calculation. 27 8.3.4 Sales channels and their impact on the products . 27 8.4 Privacy considerations . 29 8.5 Other applications not covered

    15、 in detail . 29 8.5.1 General . 29 8.5.2 Toll roads and fee collection using RFID 29 8.5.3 Event management using RFID . 30 9 Banking and financial services sector overview . 30 9.1 Aspects of the finance sector 30 9.2 RFID Technology Overview 31 9.2.1 General . 31 9.2.2 Contactless payment cards 32

    16、 9.2.3 NFC based payment by mobile phones 32 9.2.4 Micro-tags or stick-on-tags 32 9.3 Applications and parties involved . 32 9.4 Privacy considerations . 32 9.4.1 General . 32 9.4.2 Security of contactless payment cards . 33 9.4.3 Organisations 33 9.4.4 Impact of privacy in the banking and finance s

    17、ector 34 9.4.5 Vulnerabilities 34 9.4.6 Transparency, consumer information, commercial confidentiality and security . 35 9.4.7 Implications for the PIA 35 10 Conclusion and recommendations . 36 10.1 Diversity of RFID based applications 36 10.2 Benefits of and recommendation for sector or application

    18、 specific templates 36 10.3 Recommendation for a general approach to PIA . 37 Bibliography 38 PD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 4 Foreword This document (CEN/TR 16673:2014) has been prepared by Technical Committee CEN/TC 225 “AIDC Technologies”, the secretariat of which is held by NEN. Atte

    19、ntion is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. This Technical Report is one of a series of related deliverables, which comprise mandate 4

    20、36 Phase 2. The other deliverables are: EN 16570, Information technology Notification of RFID The information sign and additional information to be provided by operators of RFID application systems EN 16571, Information technology RFID privacy impact assessment process EN 16656, Information technolo

    21、gy - Radio frequency identification for item management - RFID Emblem (ISO/IEC 29160:2012, modified) CEN/TR 16684, Information technology Notification of RFID Additional information to be provided by operators CEN/TS 16685, Information technology Notification of RFID The information sign to be displ

    22、ayed in areas where RFID interrogators are deployed CEN/TR 16669, Information technology Device interface to support ISO/IEC 18000-3 Mode 1 CEN/TR 16670, Information technology RFID threat and vulnerability analysis CEN/TR 16671, Information technology Authorisation of mobile phones when used as RFI

    23、D interrogators CEN/TR 16672, Information technology Privacy capability features of current RFID technologies CEN/TR 16674, Information technology Analysis of privacy impact assessment methodologies relevant to RFID PD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 5 Introduction In response to the growing

    24、 deployment of RFID systems in Europe, the European Commission published in 2007 the Communication COM(2007) 96 RFID in Europe: steps towards a policy framework. This Communication proposed steps which needed to be taken for a wider take up of RFID whilst respecting the basic legal framework safegua

    25、rding fundamental values such as health, environment, data protection, privacy and security. In December 2008, the European Commission addressed Mandate M/436 to CEN, CENELEC and ETSI in the field of ICT as applied to RFID systems. The Mandate M/436 was accepted by the ESOs in the first months of 20

    26、09. The Mandate addresses the data protection, privacy and information aspects of RFID, and is being executed in two phases. Phase 1, completed in May 2011, identified the work needed to produce a complete framework of future RFID standards. The Phase 1 results are contained in the ETSI Technical Re

    27、port TR 187 020, which was published in May 2011. Phase 2 is concerned with the execution of the standardisation work programme identified in the first phase. This Technical Report is one of eleven deliverables for M/436 Phase 2. Its focus is on four major sectors that have a number of implementatio

    28、ns of RFID that currently impact European society. Using these as detailed case studies will assist in addressing the development of the standard on the Privacy Impact Assessment. For the purpose of this work, the definitions of “RFID Operator“ and “RFID Application“ will be those provided in the EC

    29、 RFID Recommendation of 2009-05-12. PD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 6 1 Scope The scope of this Technical Report is to use the RFID PIA Framework as the basis for exploring issues with four major sectors involved with RFID: libraries; retail; e-Ticketing, toll roads, fee collection, event

    30、s management; banking and financial services. After specific sector research and consolidation of the results of industry workshops and seminars that take place in several EU Member States, this Technical Report will identify the characteristics that need to be taken into consideration by operators

    31、of RFID systems in the example sectors. In addition it will provide advice to operators in the sector on significant variants both in terms of technology and application data. This will enable the appropriate risk factors to be taken into account. Based on the synthesis of the applications in the ch

    32、osen sectors, this Technical Report will also identify a set of factors relevant to specific RFID technologies and features that will need to be taken into account in preparing a Privacy and Data Protection Impact Assessment for many RFID applications. 2 Terms and definitions For the purposes of thi

    33、s document, the following terms and definitions apply. NOTE Definitions are derived from EU Recommendation C(2009) 3200 final, EU Directive 95/46/EC, ISO/IEC 19762 (all parts) 2.1 data controller controller natural or legal person, public authority, agency or any other body which alone or jointly wi

    34、th others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law 2.2 data s

    35、ubjects consent any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed 2.3 identified or identifiable person person who can be identified, directly or indirectly, in particular by reference to

    36、 an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity 2.4 individual natural person who interacts with or is otherwise involved with one or more components of an RFID application (e.g., back-end system, communicatio

    37、ns infrastructure, RFID tag), but who does not operate an RFID application or exercise one of its functions. In this respect, an individual is different from a user. An individual may not be directly involved with the functionality of the RFID application, but rather, for example, may merely possess

    38、 an item that has an RFID tag 2.5 PD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 7 information security preservation of the confidentiality, integrity and availability of information 2.6 monitoring any activity carried out for the purpose of detecting, observing, copying or recording the location, movem

    39、ent, activities or state of an individual 2.7 personal data any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more f

    40、actors specific to his physical, physiological, mental, economic, cultural or social identity 2.8 processing of personal data any operation or set of operations which is performed upon personal data, whether or not by automatic data means, such as collection, recording, organization, storage, adapta

    41、tion or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction 2.9 data processor processor natural or legal person, public authority, agency or any other body which processes perso

    42、nal data on behalf of the controller 2.10 recipient natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not; however, authorities which may receive data in the framework of a particular inquiry shall not be regarded as recipients 2

    43、.11 radio frequency identification RFlD use of electromagnetic radiating waves or reactive field coupling in the radio frequency portion of the spectrum to communicate to or from a tag through a variety of modulation and encoding schemes to uniquely read the identity of a radio frequency tag or othe

    44、r data stored on it 2.12 RFID application application that processes data through the use of tags and readers, and which is supported by a back-end system and a networked communication infrastructure 2.13 RFID application operator RFID operator natural or legal person, public authority, agency, or a

    45、ny other body, which, alone or jointly with others, determines the purposes and means of operating an application, including controllers of personal data using an RFID application 2.14 RFID reader or writer Reader fixed or mobile data capture and identification device using a radio frequency electro

    46、magnetic wave or reactive field coupling to stimulate and effect a modulated data response from a tag or group of tags PD CEN/TR 16673:2014 CEN/TR 16673:2014 (E) 8 Note 1 to entry: The term interrogator is often used in the context of RFID item management applications, and the term Proximity couplin

    47、g device and Vicinity coupling device in the context of card applications. They perform the same functions for any given air interface protocol. 2.15 RFID tag RF tag Tag RFID device having the ability to produce a radio signal or a RFID device which re-couples, back- scatters or reflects (depending

    48、on the type of device) and modulates a carrier signal received from a reader or writer Note 1 to entry: The most accurate term is technically “transponder“. The most common and preferred term is tag or RFID tag in the context of RFID item management applications and Proximity integrated circuit card

    49、 or Vicinity integrated circuit card in the context of card applications. 2.16 third party any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the data 2.17 threat physical, hardware, or software mechanism with the potential to adversely impact an asset through unauthorised access, destruction, disclosure, modification o


    注意事项

    本文(BS PD CEN TR 16673-2014 Information technology RFID privacy impact assessment analysis for specific sectors《信息技术 特定行业用射频识别隐私影响分析》.pdf)为本站会员(tireattitude366)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开