ETSI TR 187 020 V1.1.1 (2011-05)

Technical Report
Radio Frequency Identification (RFID);
Coordinated ESO response to Phase 1 of EU Mandate M436

2 ETSI TR 187 020 V1.1.1 (2011-05)

Reference
DTR/TISPAN-07044
Keywords
privacy, RFID, security
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
No part may be reproduced except as authorized by written permission.
The copyright and the foregoing restriction extend to reproduction in all media.

© European Telecommunications Standards Institute 2011.
All rights reserved.
TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
LTE™ is a Trade Mark of ETSI currently being registered
for the benefit of its Members and of the 3GPP Organizational Partners.
GSM® and the GSM logo are Trade Marks registered and owned by the GSM Association.

ETSI
3 ETSI TR 187 020 V1.1.1 (2011-05)
Contents
Intellectual Property Rights . 6
Foreword . 6
1 Scope . 7
2 References . 7
2.1 Normative references . 8
2.2 Informative references . 8
3 Definitions and abbreviations . 11
3.1 Definitions . 11
3.2 Abbreviations . 13
4 Summary of findings and recommendations . 13
4.1 Overview of findings . 13
4.2 Clarification of definition of RFID . 14
4.3 Summary of standardisation gaps . 15
4.3.1 General principles . 15
4.3.2 Standards to provide greater consumer awareness . 15
4.3.3 Standards in the privacy domain (excluding PIA) . 15
4.3.4 PIA standards . 16
4.3.5 RFID Penetration testing standards . 16
4.3.6 Standards in the security domain . 16
4.4 Gaps in current standards . 17
4.4.1 Overview . 17
4.4.1.1 Summary of main gaps . 18
4.4.2 Gantt chart for addressing gaps in Phase 2 of M/436 . 18
5 Addressing consumer aspects . 21
5.1 Awareness . 21
5.2 Personal data security . 21
5.3 Data Protection Requirements . 22
5.3.1 Purpose . 22
5.3.2 Deactivation . 22
5.3.3 Consent . 22
5.3.4 Personal data record access and data correction . 23
5.4 Accessibility of applications and consumer information . 23
6 The RFID ecosystem . 23
6.1 Overview . 23
6.2 Types of RFID Tags . 24
6.3 RFID Tag Characteristics . 24
6.4 Stakeholders . 25
6.5 Open and closed system applications . 25
6.6 RFID and IoT . 26
7 Analysis in support of recommendations . 26
7.1 RFID system architecture . 26
7.2 RFID system and privacy . 27
7.2.1 Modelling the role of RFID in privacy . 28
7.3 Principles for handling personal data in RFID systems . 31
7.4 Role of Privacy Enhancing Technologies (PETs) . 35
8 Data Protection, Privacy and Security Objectives and Requirements . 36
8.1 Distinguishing objectives and requirements . 36
8.2 Data protection and privacy objectives . 36
8.3 Statement of objectives for Security . 38
9 Privacy and Data Protection Impact Assessment (PIA) outline . 39
9.1 State of the art and standardization gaps . 39

ETSI
4 ETSI TR 187 020 V1.1.1 (2011-05)
9.2 Role of the PIA . 40
9.3 Overview of RFID-related features with an impact on privacy . 41
9.4 RFID PIA Framework . 42
9.5 PIA Methodology Requirements . 42
9.5.1 Assets and the RFID PIA . 43
9.5.2 Scope of the PIA . 43
9.5.3 General methodological requirements . 44
9.5.4 Data Protection and Privacy requirements of the RFID PIA . 44
9.5.4.1 Data protection requirements . 44
9.5.4.2 Data protection requirements . 45
9.5.4.3 Emerging issues and requirements related to emerging or future applications, technologies, and
other issues . 46
10 RFID Penetration (PEN) Testing Outline. 46
10.1 PEN testing standards and methodologies . 47
10.2 RFID PEN testing standardization roadmap . 48
10.3 PEN testing requirements and method outline . 48
11 Common European RFID Emblem and Sign . 49
12 Environmental aspects of RFID tags and components . 49
12.1 Health and safety considerations . 49
12.2 RFID hardware end of life considerations . 50
12.3 Data end of life considerations . 50
Annex A: Summary of status of RFID standardization . 51
Annex B: Summary of tag capabilities . 53
B.1 Command set . 53
B.2 Security functionality . 53
B.2.1 Tag embedded capabilities . 53
Annex C: Summary of risk assessment of RFID systems . 56
C.1 Security analysis and requirements derivation . 56
C.2 Weaknesses and threats in RFID systems . 57
C.2.1 Privacy and Data Protection (DPP) related threats . 58
C.2.1.1 Identify theft . 58
C.2.1.2 Profiling . 58
C.2.1.3 Data linkability . 58
C.2.1.4 Tracking . 58
C.2.1.5 Exclusion of the data subject from the data processing process due to disabling of RFID tag . 58
C.2.1.6 Procedures/instructions not followed leading to tags being used past end of purpose . 58
C.2.1.7 Large-scale and/or inappropriate data mining and/or surveillance . 58
C.2.1.8 Non-compliance with data protection legislation . 59
C.2.2 Security threats . 59
C.2.2.1 Denial-of-Service attack . 59
C.2.2.2 Collision attack . 59
C.2.2.3 De-synchronization . 59
C.2.2.4 Replay . 59
C.2.2.5 Man-in-the-middle attack . 59
C.2.2.6 Theft . 60
C.2.2.7 Unauthorised access to/deletion/modification of data (in tags, interrogators, backend system) . 60
C.2.2.8 Cloning of credentials and tags (RFID related) . 60
C.2.2.9 Worms, viruses and malicious code . 60
C.2.2.10 Side channel attack . 60
C.2.2.11 Masquerade . 61
C.2.2.12 Traffic analysis/scan/probe . 61
C.2.2.13 RF eavesdropping . 61
C.3 Summary of vulnerabilities in RFID systems . 61

ETSI
5 ETSI TR 187 020 V1.1.1 (2011-05)
Annex D: RFID Penetration Testing . 63
D.1 Short Introduction to PEN testing . 63
D.2 PEN testing methodologies and standards . 63
Annex E: Summary of requirements and analysis for signs and emblems . 65
E.1 Requirements specification . 65
E.2 RFID Emblem/Logo classified requirements . 65
E.2.1 General Requirements Specification . 65
E.2.2 Location and Placement . 70
E.2.3 Other Requirements . 72
E.3 RFID Sign classified requirements . 72
E.3.1 General Requirements Specification . 72
E.3.2 Location and Placement . 75
E.3.3 Other Requirements . 76
Annex F: Review of security analysis issues in PIA . 77
Annex G: Bibliography . 82
G.1 Books . 82
G.2 GRIFS database extract . 82
G.3 Sign Related Standards . 89
G.3.1 In development . 89
G.3.2 Published . 90
G.4 Other references . 91
History . 93

ETSI
6 ETSI TR 187 020 V1.1.1 (2011-05)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
CEN and CENELEC have based their IPR policy on that of ISO, IEC and ITU-T. Patents or pending patent applications
relating to a CEN or CENELEC publication may have been declared on this basis to CEN or CENELEC. Information
on these declared patents or pending patent applications is made available by CEN and CENELEC via an on-line list of
declarations (ftp://ftp.cen.eu/CEN/WorkArea/IPR/Patents.pdf).
Foreword
This Technical Report (TR) has been produced by ETSI Technical Committee Telecommunications and Internet
converged Services and Protocols for Advanced Networking (TISPAN). The present document has been prepared under
the coordination of a technical experts group composed of representatives of each of ETSI, CEN and CENELEC and
represents the agreed response of the European Standards Organizations (ESOs) to Mandate M/436 on the subject of
Radio Frequency Identification Devices (RFID) in relation to data protection, information security and privacy.
NOTE: This work was funded under EC/EFTA Contract reference SA/ETSI/ENTR/436/2009-02.

ETSI
7 ETSI TR 187 020 V1.1.1 (2011-05)
1 Scope
The present document provides the results of the coordinated response of the European Standards Organizations (ESOs)
to Phase 1 of EC mandate M436 on the subject of Radio Frequency Identification Devices (RFID) in relation to privacy,
data protection and information security.
The present document outlines a standardization roadmap for privacy and security of RFID. The development of the
roadmap involved analyses of RFID from a number of perspectives:
• analysis of OECD guidelines [i.17] and relevant data protection;
• analysis of privacy and its link to behaviour;
• analysis of EU directives on data protection and privacy and their implications on RFID;
• review of the role of PETs for RFID (see clause 7); and
• analysis of security threats to RFID and their implications (see Annex C).
The resulting requirements set defines the data protection, privacy and security needs of RFID and was used as input to
the standards gaps analysis and the development of requirements to PIA for RFID and RFID PEN testing frameworks.
An outline of the PIA framework requirements is given in clause 9.
Overview of the standardization gaps and requirements for RFID PEN testing is given in clause 10. The standardisation
gaps analysis and resulting overall RFID standardisation roadmap is given in clause 4.
The present document recommends a plan of activities for Phase 2 of EC Mandate M436 as follows:
• identifies the use of existing technical measures described by standardisation in order to promote confidence
and trust (by end users organizations and the general public) in RFID technology and its applications;
• identifies where new technical measures described by standardisation are required in order to promote
confidence and trust (by end users organizations and the general public) in RFID technology and its
applications. These measures will be developed in the course of phase 2 of the mandate.
In addition the present document describes the results of modelling the role of RFID in privacy and personal data as
defined by European Directives alongside a Threat Vulnerability and Risk Analysis (TVRA) of the use of RFID
technology and its applications, including the results of a generic and an industry specific Privacy Impact Assessment (a
guide to PIA is given in Annex A).
NOTE: Many of the risks identified as part of the present document are equally applicable in other tracking
scenarios (e.g. CCTV, car number/licence plate recognition, face recognition, mobile phone cell
tracking). Under the terms of the Mandate, the present document covers only those areas in the data
acquisition part that are specific to RFID. The other tracking scenarios are included in the work of the
Article 29 Data Protection Working Party.
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
reference document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
ETSI
8 ETSI TR 187 020 V1.1.1 (2011-05)
2.1 Normative references
The following referenced documents are necessary for the application of the present document.
Not applicable.
2.2 Informative references
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] EC Mandate 436: "Standardisation mandate to the European Standardisation Organisations CEN,
CENELEC and ETSI in the field of Information and Communication Technologies Applied to
Radio Frequency Identification (RFID) and Systems".
[i.2] ISO/IEC 15961 (all parts): "Information technology - Radio frequency identification (RFID) for
item management - Data protocol: application interface".
[i.3] ISO/IEC 15962: "Information technology - Radio frequency identification (RFID) for item
management - Data protocol: data encoding rules and logical memory functions".
[i.4] ISO/IEC 18001: "Information technology - Radio frequency identification for item management -
Application requirements profiles".
[i.5] ISO/IEC 14443 (all parts): "Identification cards - Contactless integrated circuit(s) cards -
Proximity cards".
[i.6] ISO/IEC 15693: "Identification cards - Contactless integrated circuit(s) cards - Vicinity cards".
[i.7] ETSI TR 187 010: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Security; Report on issues related to security in identity
imanagement and their resolution in the NGN".
[i.8] ITU-T Recommendation X.200: "Information technology - Open Systems Interconnection - Basic
Reference Model: The basic model".
[i.9] ISO/IEC 18000 (all parts): "Information technology - Radio frequency identification for item
management".
[i.10] European Commission Recommendation of 12 May 2009 on the implementation of privacy and
data protection principles in applications supported by radio-frequency identification.
NOTE: (Notified under document number C(2009) 3200), Official Journal L 122, 16/05/2009 P. 0047 - 0051.
[i.11] CENELEC EN 62369-1: "Evaluation of human exposure to electromagnetic fields from short
range devices (SRDs) in various applications over the frequency range 0 GHz to 300 GHz - Part 1:
Fields produced by devices used for electronic article surveillance, radio frequency identification
and similar systems".
[i.12] Capgemini (2005): "RFID and Consumers - What European Consumers Think About Radio
Frequency Identification and the Implications for Business".
[i.13] ISO/IEC 19762-1: "Information technology - Automatic identification and data capture (AIDC)
techniques - Harmonized vocabulary - Part 1: General terms relating to AIDC".
[i.14] ISO/IEC 19762-3: "Information technology - Automatic identification and data capture (AIDC)
techniques - Harmonized vocabulary - Part 3: Radio frequency identification (RFID)".
[i.15] ETSI TS 102 165-1: "Telecommunications and Internet Protocol Harmonization Over Networks
(TIPHON) Release 4; Protocol Framework Definition; Methods and Protocols for Security; Part 1:
Threat Analysis".
ETSI
9 ETSI TR 187 020 V1.1.1 (2011-05)
[i.16] Directive 2002/58/EC of the European Parliament and of the council of 12 July 2002 concerning
the processing of personal data and the protection of privacy in the electronic communications
sector (Directive on privacy and electronic communications).
[i.17] Recommendation of the OECD Council in 1980 concerning guidelines governing the protection of
privacy and transborder flows of personal data (the OECD guidelines for personal data protection.
[i.18] ISO/IEC 27000 (2009): "Information technology - Security techniques - Information security
management systems - Overview and vocabulary".
[i.19] ISO/IEC 27001 (2005): "Information technology - Security techniques - Information security
management systems - Requirements".
[i.20] ISO/IEC 13335: "Information technology - Security techniques - Guidelines for the management
of IT security".
NOTE: ISO/IEC 13335 is a multipart publication and the reference above is used to refer to the series.
[i.21] ISO/IEC 15408-2: "Information technology - Security techniques - Evaluation criteria for IT
security - Part 2: Security functional requirements".
[i.22] Directive 1999/5/EC of the European Parliament and of the Council of 9 March 1999 on radio
equipment and telecommunications terminal equipment and the mutual recognition of their
conformity (R&TTE Directive).
[i.23] Article 29 Data Protection Working Party Opinion 5/2010 on the Industry Proposal for a Privacy
and Data Protection Impact Assessment Framework for RFID Applications.
[i.24] ETSI EG 202 387: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); Security Design Guide; Method for application of Common
Criteria to ETSI deliverables".
[i.25] ETSI TR 187 011: "Telecommunications and Internet converged Services and Protocols for
Advanced Networking (TISPAN); NGN Security; Application of ISO-15408-2 requirements to
ETSI standards - guide, method and application with examples".
[i.26] EUROPEAN DATA PROTECTION SUPERVISOR, Opinion of the European Data Protection
Supervisor on the communication from the Commission to the European Parliament, the Council,
the European Economic and Social Committee and the Committee of the Regions on "Radio
Frequency Identification (RFID) in Europe: steps towards a policy framework" COM(2007) 96,
2008/C 101/01.
[i.27] Microsoft: "The STRIDE Threat Model", 2005.
NOTE: Described in http://msdn.microsoft.com/en-us/magazine/cc163519.aspx and
http://msdn.microsoft.com/en-us/library/ee823878(CS.20).aspx.
[i.28] NIST SP 800-115: "Technical Guide to Information Security Testing and Assessment",
September 2008.
[i.29] ISSAF: "Information Systems Security Assessment Framework (ISSAF), draft 0.2.1B", 2006.
[i.30] ISO/IEC 29167 (all parts): "Information technology - Automatic identification and data capture
techniques".
[i.31] German BSI TG 03126-1 Application area "eTicketing in public transport".
NOTE: German BSI documents are available from www.bsi.bund.de.
[i.32] ETSI TR 101 543: "Electromagnetic compatibility and Radio spectrum Matters (ERM); RFID
evaluation tests undertaken in support of M/436 Phase 1".
[i.33] ISO/IEC 29160: "Information technology - Radio frequency identification for item management -
RFID Emblem".
[i.34] ISO 11784: "Radio frequency identification of animals - Code structure".

ETSI
10 ETSI TR 187 020 V1.1.1 (2011-05)
[i.35] ISO 11785: "Radio frequency identification of animals - Technical concept".
[i.36] ISO 14223: "Radiofrequency identification of animals - Advanced transponders".
[i.37] ISO 9000: "Quality management systems - Fundamentals and vocabulary".
[i.38] Council Recommendation 1999/519/EC of 12 July 1999 on the limitation of exposure of the
general public to electromagnetic fields (0 Hz to 300 GHz).
[i.39] M/305 EN: Standardisation mandate addressed to CEN, CENELEC and ETSI in the filed of
elctrotechnology, information technology and telecommunications.
[i.40] CENELEC EN 50357: "Evaluation of human exposure to electromagnetic fields from devices used
in Electronic Article Surveillance (EAS), Radio Frequency Identification (RFID) and similar
applications".
[i.41] CENELEC EN 50364 (2001): "Limitation of human exposure to electromagnetic fields from
devices operating in the frequency range 0 Hz to 10 GHz, used in Electronic Article Surveillance
(EAS), Radio Frequency Identification (RFID) and similar applications".
[i.42] CENELEC EN 50364 (2010): " Limitation of human exposure to electromagnetic fields from
devices operating in the frequency range 0 Hz to 10 GHz, used in Electronic Article Surveillance
(EAS), Radio Frequency Identification (RFID) and similar applications".
[i.43] CENELEC EN 50499 (2008): "Procedure for the assessment of the exposure of workers to
electromagnetic fields".
[i.44] Directive 2002/96/EC of the European Parliament and of the Council of 27 January 2003 on waste
electrical and electronic equipment (WEEE) - Joint declaration of the European Parliament, the
Council and the Commission relating to Article 9.
[i.45] ISO/IEC 24791-5: "Information technology - Radio frequency identification (RFID) for item
management - Software system infrastructure - Part 5: Device interface".
[i.46] ISO/IEC 24791-3: "Information technology - Automatic Identification and Data Capture
Techniques - Radio-Frequency Identification (RFID) for Item Management - System Management
Protocol - Part 3: Device management".
[i.47] ISO/IEC 24791-2: "Information technology - Automatic Identification and Data Capture
Techniques - Radio-Frequency Identification (RFID) for Item Management - System Management
Protocol - Part 2: Data management".
[i.48] ISO/IEC 18092: "Information technology - Telecommunications and information exchange
between systems - Near Field Communication - Interface and Protocol (NFCIP-1)".
[i.49] OSSTMM: "Open Source Security Testing Methodology Manual".
[i.50] COM(2008) 804 final; Communication From The Commission To The European Parliament, The
Council, The European Economic And Social Committee And The Committee Of The Regions:
"Towards an accessible information society".
[i.51] ETSI EG 202 116: "Human Factors (HF); Guidelines for ICT products and services; "Design for
All".
[i.52] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free movement
of such data.
[i.53] EPCglobal: "Low Level Reader Protocol (LLRP)", V1.1.
NOTE: Available from: http://www.gs1.org/gsmp/kc/epcglobal/llrp/llrp_1_1-standard-20101013.pdf.
[i.54] Directive 2004/40/EC of the European Pariliament and of the Council of 29 April 2004 on the
minimum health and safety requirements regarding the exposure of workers to the risks arising
th
from physical agents (electromagnetic fields) (18 individual Directive within the meaning of
Article 16(1) of Directive 89/391/EEC).

ETSI
11 ETSI TR 187 020 V1.1.1 (2011-05)
[i.55] ISO 14000: "Enviromental Management".
[i.56] EPCglobal: "Discovery, Configuration and Initialisation (DCI) standard".
[i.57] EPCglobal: "Tag Data Standard".
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the terms and definitions given in EG 202 387 [i.24], ISO/IEC 27001 [i.19],
ISO/IEC 13335-1 [i.20], ISO/IEC 19762-3 [i.14], ISO/IEC 19762-1 [i.13] and the following apply:
agency: ability and opportunity of the individual to make independent choices
air interface: conductor-free medium, usually air, between a transmitter and the receiver through which
communication, e.g. data and telemetry, is achieved by means of a modulated inductive or propagated electromagnetic
field
anonymity: act of ensuring that a user may use a resource or service without disclosing the user's identity
asset: anything that has value to the organization, its business operations and its continuity
authentication: ensuring that the identity of a subject or resource is the one claimed
confidentiality: ensuring that information is accessible only to those authorized to have access
data controller: natural or legal person, public authority, agency or any other body which alone or jointly with others
determines the purposes and means of the processing of personal data
NOTE 1: Where the purposes and means of processing are determined by national or Community laws or
regulations, the controller or the specific criteria for his nomination may be designated by national or
Community law.
NOTE 2: "RFID Operator" means data controller in the context of the present document.
data processor: natural or legal person, public authority, agency or any other body which processes personal data on
behalf of the controller
data subject: person who can be identified, directly or indirectly, in particular by reference to an identification number
or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
data subject's consent: any freely given specific and informed indication of his wishes by which the data subject
signifies his agreement to personal data relating to him being processed
disruptive technology: technology which has a rapid and major effect on technologies that existed before
NOTE: Examples of disruptive technologies include the Sony Walkman, the mobile phone, and the Internet.
High Frequency (HF) RFID systems: RFID systems that operate in the frequency band centred around 13,56 MHz
identifier: unique series of digits, letters and/or symbols assigned to a subscriber, user, network element, function, tag
or network entity providing services/applications
identity: set of properties (including identifiers and capabilities) of an entity that distinguishes it from other entities
identity crime: generic term for identity theft, creating a false identity or committing identity fraud
identity fraud: use of an identity normally associated to another person to support unlawful activity
identity theft: acquisition of sufficient information about an identity to facilitate identity fraud
identity tree: structured group of identifiers, pseudonyms and addresses associated with a particular user's identity

ETSI
12 ETSI TR 187 020 V1.1.1 (2011-05)
impact: result of an information security incident caused by a threat and which affects assets
information security incident: event which is the result of access to either stored or transmitted data by persons or
applications unauthorized to access the data
integrity: safeguarding the accuracy and completeness of information and processing methods
Low Frequency (LF) RFID systems: RFID systems that operate in the frequency band below 135 kHz
mitigation: limitation of the negative consequences of a particular event
non-repudiation: ability to prove an action or event has taken place, so that this event or action cannot be repudiated
later
personal data: any information relating to an identified or identifiable natural person
privacy: right of the individual to have his identity, agency and action protected from any unwanted scrutiny and
interference
NOTE: Privacy reinforces the individual's right to decisional autonomy and self-determination which are
fundamental rights accorded to individuals within Europe.
processing of personal data: any operation or set of operations which is performed upon personal data, whether or not
by automatic means
NOTE: Examples of processing are collection, recording, organization, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or
combination, blocking, erasure or destruction.
pseudonymity: act of ensuring that a user may use a resource or service without disclosing its user identity, but can still
be accountable for that use
NOTE: This is similar to the act of providing an alias and examples include the TMSI service in 2G networks and
the ASSI service in TETRA.
radio interception range: range at which an attacker can gain knowledge of the content of transmission
residual risk: risk remaining after countermeasures have been implemented to reduce the risk associated with a
particular threat
risk: potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the
attacked system or organization
taxonomy: practice and science of classification
threat: potential cause of an incident that may result in harm to a system or organization
threat agent: entity that can adversely act on an asset
Ultra High Frequency (UHF) RFID systems: RFID systems which operate either at 433 MHz or within the band
860 MHz to 960 MHz
NOTE 1: Devices that designed to operate at 433 MHz generally cannot operate at 860 MHz to 960 MHz and vice
versa.
NOTE 2: The UHF frequency range is defined as lying from 300 MHz to 3 000 MHz with UHF RFID occupying a
small subset of the range.
unlinkability: act of ensuring that a user may make multiple uses of resources or services without others being able to
link these uses together
unobservability: act of ensuring that a user may use a resource or service without others, especially third parties, being
able to observe that the resource or service is being used

ETSI
13 ETSI TR 187 020 V1.1.1 (2011-05)
vulnerability: weakness of an asset or group of assets that can be exploited by one or more threats
NOTE: As defined in ISO/IEC 13335 [i.20], a vulnerability is modelled as the combination of a weakness that
can be exploited by one or more threats.
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AI Air Interface
API Application Programming Interface
BES Back End System
CIA Confidentiality, Integrity and Availability
CRC Cyclic Redundancy
...