Upload
thesupplychainniche
View
650
Download
2
Tags:
Embed Size (px)
Citation preview
Privacy, Security & Governance
David Armstrong
CASAGRAS Open Seminar
1st December 2008
SN
1234
568
Tag
Reader
Host
Introduction
PII Personally Identifiable Information 2
Radio providing the means of wireless interrogation, communication and transfer of data or information.
Frequency defined spectrum for operating RFID devices, low, high, ultra high and microwave, each with distinguishing characteristics.
Identification of items by means of codes contained in a memory-based data carrier and accessed by radio interrogation.
Radio Frequency Identification
ReaderTag
Host Information
Management System
Item
3
Nature of RFID Technologies RFID is an application of object connected data
carrier technology with attributes that are complementary to other machine-readable data carrier technologies.
RFID technologies offer the potential for radical process improvement characterised by tens of percent improvement and fast return on investment.
RFID technologies provide strong potential for improving efficiency, productivity and/or competitiveness.
RFID market increasing significantly, yielding lower costs and higher performance.
4
RFID is a category of Automatic Identification & Data Capture (AIDC) Technologies
Full Matrix
Dot Codes
Linear
Feature Extraction Technologies(Vision, Speech recognition & Biometric Systems)
Data Carrier Technologies
Electronic StorageMagnetic StorageOptical Storage
RFID Transponder
Touch Memory
Magnetic Stripe
MICR
Stacked (or multirow)
Optical Character
Recognition (OCR)
Optical Mark Reading (OMR)
Matrix Codes
Bar Code
Smart Card
Memory Card
Optical Memory (magneto-optic)
Magnetic Resonance Charge
injection
Composites Codes
Contactless Smart Card
5
RFID also supports Contactless Smart Cards RFID is found in a range of card-based
structures, from basic card-based tags to dual entry smart cards
Supported by ISO standards* for contactless smarts cards.
High frequency technology has been primarily applied in card-based technology.
Important in applications for reusable access control and transactions.
6
European Commission Consultation Process on RFID (2006)
The review process revealed that 61% of respondents believed that the public were not sufficiently informed about or aware of RFID. It also revealed privacy to be the biggest concern.
7
Some responses
Kill Function De-activation Federal Legislation Lobbying Negative PR Uninformed Comment
8
RFID 1.0 RFID 2.0Supply Chain to Product Life Cycle Management
Intelligent Barcode Static Single Purpose One Access Point Auto ID Limited Security Use in Supply Chain
RFID is a Computer
Dynamic
Context Aware
Multiple Access Points
Collaborative Usage
Rich Security
Use in Full Product Life Cycle
9
Existing & Proposed RFID Guidelines
Europe - EC Directive 95/46/EC (in the EU the Privacy Directive is mandatory, which means regulatory)
USA - e.g. Center for Democracy & Technology
Japan - Guidelines for Privacy Protection (MIC and METI)
10
A new work item has been proposed by ETSI, linked to the CASAGRAS and GRIFS projects (target completion end 2009).
This will result in:• A protection profile for RFID devices in the context
of the Internet of Things• Development of guidelines for e.g. marking RFID
readers as visible (non-technical aspects of RFID). Also marking RFID enabled products as such.
Internet of Things
11
DESIGN FOR: User Acceptance Legislative Conformance and Governance Protection against Abuse from Potential Attackers Performance
A Standard for Privacy Design
12
Collection Limitation Data Quality Purpose Specification Use Limitation Security Safeguards Openness Individual Participation Accountability
Principles for Privacy Design
13
Multiple Issues Multiple Constituencies Multiple Arenas & Backgrounds
Governace & Politics
14
The Way Forward
?
15
Physical Materials Components and sub-assemblies Products Containers Physical carriers People Locations Documents and other forms information carrier
……….virtually anything tangible that is part of a business process. This is the opportunity………
RFID is about identifying and handling Items…
16
Designers, Manufacturers and users of RFID technology should address the privacy and security
issues as part of its original design. Rather than retrofitting RFID systems to respond to privacy and security issues, it is much preferable that security
should be designed in from the beginning.
Notice - Choice & Consent - Onward Transfer - Access - Security
Privacy & Security as
Primary Design Requirements
17
Ideally, there should be no secret RFID tags or readers. Use of RFID technology should be as transparent as
possible and consumers should know about such implementation and usage as they engage in any
transaction that involves an RFID system.
But……
Consumer Transparency
18
RFID technology, in and of itself, does not impose
threats to privacy. Privacy breaches occur when
RFID, like any technology, is deployed in a way that is
not consistent with responsible management
practices that foster sound privacy protection
Technology Neutrality
19
Thank You