GO
图片展示

Privacy issues in RFID technology

RFID technology has played an important role in people's work and life, and is a very distinctive item in the Internet of Things technology. However, the discussion about RFID security and privacy has been going on. This article introduces part of the content of RFID privacy protection for your reference.

       In April 2007, the American Institute of Standardization issued a report numbered SP 800-98 [1], which was called "Safety Guidelines for Radio Frequency Identification Systems." The report believes that in the enterprise's security network protection system, privacy and security issues are often linked and they cannot be discussed separately, but the report pays more attention to the privacy issues of RFID. For example, protecting privacy usually requires some security control technology related to data confidentiality. This article first introduces the types of personal privacy, and then introduces the adaptability of privacy issues to RFID systems.

01Types of personal information

       It is the classification of personal information, which can be divided into information that can distinguish individuals and information that is not distinguishable. Personal information that can be distinguished is clearly specified by the Federal Privacy Law, and personal information that can be distinguished is not specified by the Federal Privacy Law. Privacy issues in RFID technology

       RFID technology has played an important role in people's work and life, and is a very distinctive item in the Internet of Things technology. However, the discussion about RFID security and privacy has been going on. This article introduces part of the NIST SP 800-98 report on RFID privacy protection for your reference.

       In April 2007, the American Institute of Standardization issued a report numbered SP 800-98 [1], which was called "Safety Guidelines for Radio Frequency Identification Systems." The report believes that in the enterprise's security network protection system, privacy and security issues are often related and they cannot be discussed separately, but the report pays more attention to the privacy issues of RFID. For example, protecting privacy usually requires some security control technology related to data confidentiality. This article first introduces the types of personal privacy, and then introduces the adaptability of privacy issues to RFID systems.

01Types of personal information

       It is the classification of personal information. This personal information is divided into information that can distinguish individuals and information that is not distinguishable. Personal information that can be distinguished is clearly stated by the Federal Privacy Law, and personal information that can be distinguished is not specified by the Federal Privacy Law.

       From the perspective of privacy protection, whether the currently processed information can identify personally identifiable information is extremely critical to privacy protection. Personally identifiable information (PII, personally identifiable information) refers to information that can uniquely identify, locate or contact individuals. For example, biological characteristics such as name, social security number, passport number, financial account number, credit card number, fingerprint, etc. are considered as data elements of PII. The characteristics that can be shared by multiple people, such as age, gender, city of residence, and religion, are not personally identifiable information.

       In addition, sometimes when multiple non-personally identifiable information that cannot uniquely identify an individual is combined, it can also uniquely identify a person. For example, a family wants to hire a 39-year-old woman who lives in Roanoke, Virginia. In this case, employer, age, gender, and city of residence are not elements of PII per se, but when combined, they become PII. This combined form of PII is called PII obtained by indirect inference. On the contrary, there is no need to combine. The form of a data element as PII is called Direct Inference PII, and the driver’s license number is Direct Inference PII.

       The RFID system can support a variety of businesses, but not all businesses involve personal privacy issues. Such as logistics supply chain management, animal tracking, asset management systems, etc., assets in which have never been associated with individuals throughout the life cycle. Only when the system uses, collects, stores or discloses personal information, does it need to consider privacy issues. The RFID system may leak personal information in the following ways, posing a threat to personal privacy:

        Personal information such as name or account number is stored in the RFID tag or in the database of the enterprise's low-level system. RFID tags may be associated with personal items, such as blood samples, prescription drugs, or expired legal documents, folders, etc. that have not been properly handled or are out of control. RFID tags may be associated with items that move with people, such as RFID-tagged boxes or vehicle parts on cars or trucks that individuals often drive.

        In addition, individuals do not need to have RFID system tags can also create privacy issues. For example, if an employee carries a computer or tool with an employer's RFID tag, then RFID technology may be used to track the employee's whereabouts, such as locating the employee's location after get off work, so as to obtain the employee's personal information.

       Although the concepts of privacy and PII are not new, RFID brings new complexity to privacy issues. For example, RFID technology increases the possibility of creating PII through indirect means. RFID technology has brought unprecedented convenience to the management of some items and personnel, and its applications in daily life will increase day by day. Coupled with the powerful storage capacity of the RFID system, the information becomes more and more detailed, creating new opportunities for combining data elements to generate PII. Advances in Internet search and data mining software will also help to obtain PII from a large amount of data that may have previously been considered irrelevant. Even if the tag itself does not record and store PII, PII can be obtained indirectly through increasingly powerful technology.

       Several inherent characteristics of RFID tags make the implementation of privacy control more difficult than traditional information technology systems. When organizations are unable to carry out effective security controls at the same time, they may face the challenge of enforcing privacy policies. Compared with wired systems that most traditional IT systems rely on, wireless communications are more vulnerable to eavesdropping and other attacks. In many applications, RFID tags will often appear in public areas, which means that they cannot benefit from the physical security measures normally provided to most traditional IT systems. Generally speaking, RFID computing resources are limited and complex technical control cannot be achieved. Although there are many technologies that can alleviate these security and privacy risks, RFID tags often limit these functions for economic reasons. Traditional IT systems have complete strategies and procedures to save and destroy data, but RFID tags are more fluid. Once they are not under the control of the system, it will be very difficult to destroy and disable them.

       With the rapid development of the Internet of Things, RFID technology, as the lowest level sensing technology of the Internet of Things, has also developed rapidly. However, due to the open application environment of the RFID system and the mobility of tags, the RFID system faces more privacy issues than traditional IT systems.

Mima(Xiamen) Smart Tech Co., Ltd

Home |  About us  |  Products  |  Solution   | Contact us  

 

    Skype:live:jason_27452

    Email:Jason@mimarfid.com

    AddHu'li Dist,Xiamen,China

Jason wechat

Copyright @ VillaGrandis All Rights Reserved  闽ICP备19003736号

Service Center

Please choose online customer service to communicate

Contacts
Scan a QR Code