Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enforcing Privacy Policies for RFID Data Collection and Processing

Published byRuth Walton Modified over 6 years ago

Similar presentations

Presentation on theme: "Enforcing Privacy Policies for RFID Data Collection and Processing"— Presentation transcript:

1 Enforcing Privacy Policies for RFID Data Collection and Processing
Union University Math / CS Departmental Colloquium February 24, 2005 Haifei Li Department of Mathematics and Computer Science Union University, Jackson, Tennessee Patrick C. K. Hung University of Ontario Institute of Technology, Canada David Ahn Nyack College, New York

2 Overview Introduction Related Work
Enterprise Privacy Authorization Language RFID Authorization Model Examples in Retail Industry Summary and Future Work

3 Privacy Privacy is a state or condition of limited access to a person.
Information privacy relates to an individual’s right to determine how, when, and to what extent information about himself/herself will be released to another person or to an organization. Most people feel that their information privacy is a serious issue on the Internet.

4 Radio Frequency Identification

5 Related Work Platform for Privacy Preferences Project (P3P)
A P3P Preference Exchange Language (APPEL) eXtensible rights Markup Language (XrML) RFID is a tool for productivity gain, but it can also bring potential privacy violation.

6 Privacy Issues in RFID Five potential threats to privacy and civil liberties: Hidden placement of tags. Unique identifiers for all objects worldwide. Massive data aggregation. Hidden readers. Individual tracking and profiling. Examples of "acceptable" uses of RFID have been given: Tracking of pharmaceuticals. Tracking of manufactured goods. Detection of items containing toxic substances.

7 EPAL Enterprise Privacy Authorization Language (EPAL) was developed by IBM Research Division. An interoperability language for defining enterprise privacy policies. Elements in EPAL: Data Categories. User Categories. Purpose. Actions. Obligations. Conditions.

8 RFID Authorization Model

9 Framework of RFID Access Control

10 Cashiers’ Handling of Private Information
<ALLOW user-category = “cashier” data-category = “RFID” purpose= “payment” operation = “read” condition = “TRUE”>

11 Cashiers Cannot Write Data
<DENY user-category = “cashier” data-category = “RFID” purpose= “tracking” operation = “write” condition = “/CustomerRecord/Data/DataType=PII”>

12 Read by Other Types of Readers
<DENY user-category = “other” data-category = “RFID” purpose= “collect” operation = “read” condition = “/RFID/TagReaderType != /TagReader/TagReaderType”>

13 RFID Tag Can be Destroyed
<ALLOW user-category = “store_manager” data-category = “RFID” purpose= “PreventViolation” operation = “destroy” condition = “/CustomerRecord/DestructionConsent = TRUE”>

14 RFID Tag Can be Blocked <ALLOW user-category = “store_manager”
data-category = “RFID” purpose= “block” operation = “Insert” condition = “/CustomerRecord/BlockingRequest = TRUE”>

15 Collected Data is not for Resell
<ALLOW user-category = “store_manager” data-category = “RFID” purpose= “block” operation = “Insert” condition = “/CustomerRecord/BlockingRequest = TRUE”>

16 Summary and Future Work
Issues in RFID privacy Application of EPAL in RFID privacy with examples RFID Authorization Model and RFID Access Control Future Work: Gather best practices of RFID privacy. Investigate the usage of P3P outside the domain of personal data collection for web sites. Conduct direct or indirect interviews with privacy advocates and company representatives.

Download ppt "Enforcing Privacy Policies for RFID Data Collection and Processing"

Similar presentations

Mobile Computing and Commerce And Pervasive Computing

Mobile Computing and Commerce And Pervasive Computing
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar
Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.

Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.
© 2003 IBM Corporation www.ibm.com/security/privacy Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.

© 2003 IBM Corporation Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Project 1 Introduction to HTML.

Project 1 Introduction to HTML.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.

Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
Retail Article “ Tell-Tale Tags - radio frequency identification equipment usage for retail” Andrea Holcom & Andrea Boitano.

Retail Article “ Tell-Tale Tags - radio frequency identification equipment usage for retail” Andrea Holcom & Andrea Boitano.
Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.

Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.
Asmt. 10: ID chips in product Pro RFID chips in product Group 3. Team A Ivan Augustino Andres Crucitti.

Asmt. 10: ID chips in product Pro RFID chips in product Group 3. Team A Ivan Augustino Andres Crucitti.
1 ACM Student Chapter – Union University Haifei Li, Ph.D. Department of Mathematics and Computer Science Union University Jackson, TN.

1 ACM Student Chapter – Union University Haifei Li, Ph.D. Department of Mathematics and Computer Science Union University Jackson, TN.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.

Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.
ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.

ACCEPTABLE An acceptable use policy (AUP), also known as an acceptable usage policy or fair use policy, is a set of rules applied by the owner or manager.
1st Project Introduction to HTML.

1st Project Introduction to HTML.
Technical Issues in Library RFID Privacy David Molnar UC-Berkeley Computer Science.

Technical Issues in Library RFID Privacy David Molnar UC-Berkeley Computer Science.
Section 28.2 Types, Trends, and Limitations of Marketing Research

Section 28.2 Types, Trends, and Limitations of Marketing Research
HTML 1 Introduction to HTML. 2 Objectives Describe the Internet and its associated key terms Describe the World Wide Web and its associated key terms.

HTML 1 Introduction to HTML. 2 Objectives Describe the Internet and its associated key terms Describe the World Wide Web and its associated key terms.
Chapter ONE Introduction to HTML.

Chapter ONE Introduction to HTML.

Similar presentations

Ads by Google