CSA ISO/IEC TR 24729-4
Information technology - Radio frequency identification for item management - Implementation guidelines - Part 4: Tag data security
|Publication Date:||1 January 2014|
|ICS Code (Information coding):||35.040|
This Technical Report provides guidance to systems designers to help them determine potential threats to data security of the tag and tag-to-reader communication in an RFID system, and appropriate countermeasures to provide data security (identified as 1 through 2 in Figure 1). Although important, it is beyond the scope of this Technical Report to address security aspects of the reader-to-host and back-end enterprise modules (identified as 4 through 7 in Figure 1).1)
This Technical Report is not intended to specifically address consumer privacy concerns; however, since data and personal privacy depend on the use of appropriate security measures, privacy is addressed in general terms. Data access security provides a measure of personal privacy protection by mitigating the potential for unauthorized reading of data on a tag. However, not all data access security countermeasures provide the same level of protection.
1) "Privacy Best Practices for Deployment of RFID Technology" released by The Center for Democracy in Technology (CDT) provides more information on elements 4 through 7 in Figure 1:
Users are also encouraged to become familiar with ISO/IEC 27002, which is a comprehensive set of controls comprising best practices in information security.