ITU-T X.1171 PDF

The scope of this Recommendation covers the following objectives including threats and requirements for protection of personally identifiable information (PII) in applications using tag-based identification as described below:

– To describe PII threats in a business-to-customer (B2C)-based environment of applications using tag-based identification;

– To identify requirements for PII protection in a B2C-based environment of applications using tag-based identification.

The following objectives are not covered by the scope of this Recommendation:

– to analyse the general security threats and requirements of applications using tag-based identification;

– to analyse the PII threats and requirements between an identification (ID) tag and an ID terminal;

– to analyse the PII threats and requirements depending on the specific ID tagging and reading method, e.g., radio frequency identification (RFID) tag and ID terminal;

– to define and develop the message formats and mechanism for protection of PII based on the user PII policy profile of an application using tag-based identification.

NOTE 1 – Further work will be necessary to define such formats, which may not be restricted to the sole protection of PII of tag-based identification use, but perhaps with a more general (privacy) approach.

In this Recommendation, the ID tag user has the capability for controlling the ID tag itself, and therefore it is assumed that the ID tag user is responsible for the behaviour of the ID tag. NOTE 2 – In some cases, the ID tag user cannot have any capability for controlling the ID tag. For example, someone buys a tagged product and the manufacturer requires the ID tag to remain active for warranty purposes. In this scenario, the ID tag user may be just a person carrying and using the tagged product. Hence, this Recommendation cannot be applied to solve the above problem for this case. This scenario involves some legislation and policy issues (see [b-OECD]) and this issue can be addressed in another Recommendation.