Multimedia security - Guideline for privacy protection of equipment and systems in and out of use - Part 1: General

gives the guideline for methods for the protection of the user's privacy in consumer equipment and systems, both when the equipment or systems are in use and out of use.

General Information

Status
Published
Publication Date
12-Dec-2006
Current Stage
PPUB - Publication issued
Start Date
13-Dec-2006
Completion Date
13-Dec-2006
Ref Project

Buy Standard

Technical specification
IEC TS 62045-1:2006 - Multimedia security - Guideline for privacy protection of equipment and systems in and out of use - Part 1: General
English language
15 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

TECHNICAL IEC
SPECIFICATION TS 62045-1
First edition
2006-12
Multimedia security –
Guideline for privacy protection of
equipment and systems in and out of use –
Part 1:
General
Reference number
IEC/TS 62045-1:2006(E)
---------------------- Page: 1 ----------------------
Publication numbering
As from 1 January 1997 all IEC publications are issued with a designation in the
60000 series. For example, IEC 34-1 is now referred to as IEC 60034-1.
Consolidated editions

The IEC is now publishing consolidated versions of its publications. For example,

edition numbers 1.0, 1.1 and 1.2 refer, respectively, to the base publication, the

base publication incorporating amendment 1 and the base publication incorporating

amendments 1 and 2.
Further information on IEC publications

The technical content of IEC publications is kept under constant review by the IEC,

thus ensuring that the content reflects current technology. Information relating to

this publication, including its validity, is available in the IEC Catalogue of
publications (see below) in addition to new editions, amendments and corrigenda.
Information on the subjects under consideration and work in progress undertaken

by the technical committee which has prepared this publication, as well as the list

of publications issued, is also available from the following:
• IEC Web Site (www.iec.ch)
• Catalogue of IEC publications
The on-line catalogue on the IEC web site (www.iec.ch/searchpub) enables you to
search by a variety of criteria including text searches, technical committees

and date of publication. On-line information is also available on recently issued

publications, withdrawn and replaced publications, as well as corrigenda.
• IEC Just Published
This summary of recently issued publications (www.iec.ch/online_news/ justpub)
is also available by email. Please contact the Customer Service Centre (see
below) for further information.
• Customer Service Centre
If you have any questions regarding this publication or need further assistance,
please contact the Customer Service Centre:
Email: custserv@iec.ch
Tel: +41 22 919 02 11
Fax: +41 22 919 03 00
---------------------- Page: 2 ----------------------
TECHNICAL IEC
SPECIFICATION TS 62045-1
First edition
2006-12
Multimedia security –
Guideline for privacy protection of
equipment and systems in and out of use –
Part 1:
General
© IEC 2006 ⎯ Copyright - all rights reserved

No part of this publication may be reproduced or utilized in any form or by any means, electronic or

mechanical, including photocopying and microfilm, without permission in writing from the publisher.

International Electrotechnical Commission, 3, rue de Varembé, PO Box 131, CH-1211 Geneva 20, Switzerland

Telephone: +41 22 919 02 11 Telefax: +41 22 919 03 00 E-mail: inmail@iec.ch Web: www.iec.ch

PRICE CODE
Commission Electrotechnique Internationale P
International Electrotechnical Commission
МеждународнаяЭлектротехническаяКомиссия
For price, see current catalogue
---------------------- Page: 3 ----------------------
– 2 – TS 62045-1 © IEC:2006(E)
CONTENTS

FOREWORD...........................................................................................................................3

INTRODUCTION.....................................................................................................................5

1 Scope...............................................................................................................................6

2 Normative references .......................................................................................................6

3 Terms and definitions .......................................................................................................6

4 Privacy of user .................................................................................................................7

4.1 Privacy protection....................................................................................................7

4.2 Definition of privacy.................................................................................................7

4.3 Characteristics of privacy ........................................................................................8

5 Methods for privacy protection........................................................................................10

5.1 System model .......................................................................................................10

5.2 Case of usage .......................................................................................................12

5.3 Methods for data protection...................................................................................12

6 Methods for user assistance ...........................................................................................14

6.1 Importance of user assistance...............................................................................14

6.2 Education for user .................................................................................................15

6.3 Instructions for user ..............................................................................................15

6.4 Failsafe and multiple protection system .................................................................15

Figure 1 – System model ......................................................................................................10

Table 1 – Privacy attribution ...................................................................................................7

Table 2 – Origin of information................................................................................................7

Table 3 – Information attribution .............................................................................................8

Table 4 – Rights holder...........................................................................................................9

Table 5 – Protection execution................................................................................................9

Table 6 – Access rights holder..............................................................................................10

Table 7 – Communication paths............................................................................................11

Table 9 – Case of usage .......................................................................................................12

Table 10 – Combination table ...............................................................................................12

Table 11 – Operation modes.................................................................................................13

---------------------- Page: 4 ----------------------
TS 62045-1 © IEC:2006(E) – 3 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
__________________
MULTIMEDIA SECURITY –
GUIDELINE FOR PRIVACY PROTECTION OF EQUIPMENT
AND SYSTEMS IN AND OUT OF USE –
Part 1: General
FOREWORD

1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising

all national electrotechnical committees (IEC National Committees). The object of IEC is to promote

international co-operation on all questions concerning standardization in the electrical and electronic fields. To

this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,

Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC

Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested

in the subject dealt with may participate in this preparatory work. International, governmental and non-

governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely

with the International Organization for Standardization (ISO) in accordance with conditions determined by

agreement between the two organizations.

2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international

consensus of opinion on the relevant subjects since each technical committee has representation from all

interested IEC National Committees.

3) IEC Publications have the form of recommendations for international use and are accepted by IEC National

Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC

Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any

misinterpretation by any end user.

4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications

transparently to the maximum extent possible in their national and regional publications. Any divergence

between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in

the latter.

5) IEC provides no marking procedure to indicate its approval and cannot be rendered responsible for any

equipment declared to be in conformity with an IEC Publication.

6) All users should ensure that they have the latest edition of this publication.

7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and

members of its technical committees and IEC National Committees for any personal injury, property damage or

other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and

expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC

Publications.

8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is

indispensable for the correct application of this publication.

9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of

patent rights. IEC shall not be held responsible for identifying any or all such patent rights.

The main task of IEC technical committees is to prepare International Standards. In

exceptional circumstances, a technical committee may propose the publication of a technical

specification when

• the required support cannot be obtained for the publication of an International Standard,

despite repeated efforts, or

• the subject is still under technical development, or where, for any other reason, there is

the future but no immediate possibility of an agreement on an International Standard.

Technical specifications are subject to review within three years of publication to decide

whether they can be transformed into International Standards.

IEC 62045-1, which is a technical specification, has been prepared by IEC technical

committee 100: Audio, video and multimedia systems and equipment.
---------------------- Page: 5 ----------------------
– 4 – TS 62045-1 © IEC:2006(E)
The text of this technical specification is based on the following documents:
Enquiry draft Report on voting
100/1103/DTS 100/1162/RVC

Full information on the voting for the approval of this technical specification can be found in

the report on voting indicated in the above table.

This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

The list of all the parts of IEC 62045, under the general title Multimedia security – Guideline

for privacy protection of equipment and systems in and out of use, can be found on the IEC

website.

The committee has decided that the contents of this publication will remain unchanged until

the maintenance result date indicated on the IEC web site under "http://webstore.iec.ch" in

the data related to the specific publication. At this date, the publication will be

• transformed into an International standard,
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
A bilingual version of this publication may be issued at a later date.
---------------------- Page: 6 ----------------------
TS 62045-1 © IEC:2006(E) – 5 –
INTRODUCTION

There has been an increase in consumer products of multimedia that store the user’s private

data and privacy information. For instance, a digital TV tuner has a kind of IC card which

stores the user’s information and sometimes includes credit information. Also, from a wider

viewpoint, digital cameras or digital video recorders store the private data of users, and digital

audio players, cellular phones and PCs are banks of private data.

This private information should be protected from unauthorized or illegal access and use.

When the user discards such products, private data remains stored and this should be

protected or deleted. In addition, when a user lends his product to others, private information

should be protected. For instance, even if all the contents in the memory of digital video

recorders or digital cameras are deleted, these data can be recovered easily with some

software technology.

As consumer products of multimedia include storage and computer architecture, this problem

will be raised in many aspects of usage. All products should have privacy protection methods.

This technical specification describes the system model and general methods for the user’s

privacy protection of data storage, equipment and systems, both in and out of use. Equipment

and systems have their own structure in each application, therefore, the other part of this

technical specification defines a dedicated method for privacy protection for the specific

application. Also, the implementation of the privacy protection method depends on each

design.
---------------------- Page: 7 ----------------------
– 6 – TS 62045-1 © IEC:2006(E)
MULTIMEDIA SECURITY –
GUIDELINE FOR PRIVACY PROTECTION OF EQUIPMENT
AND SYSTEMS IN AND OUT OF USE –
Part 1: General
1 Scope

This part of IEC 62045 gives the guideline for methods for the protection of the user’s privacy

in consumer equipment and systems, both when the equipment or systems are in use and out

of use.
2 Normative references

The following referenced documents are indispensable for the application of this document.

For dated references, only the edition cited applies. For undated references, the latest edition

of the referenced document (including any amendments) applies.
IEC 60958-3, Digital audio interface – Part 3: Consumer applications

IEC 61880-2, Video systems (525/60) – Video and accompanied data using the vertical

blanking interval – Analogue interface – Part 2: 525 progressive scan system

IEC 61883-6, Consumer audio/video equipment – Digital interface – Part 6: Audio and music

data transmission protocol
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
data storage

all kinds of data-storing functions, which are devices or systems including hard disk drive,

optical disc and memory devices and others
3.2
data encryption
conversion of data into code or cipher
3.3
data access
reading, writing or use of data stored in data storage
3.4
access control
control for condition of use or entry to system or data
3.5
private data
data that is property of the user
---------------------- Page: 8 ----------------------
TS 62045-1 © IEC:2006(E) – 7 –
3.6
social engineering

cracking techniques that rely on human rather than hardware and software weaknesses

4 Privacy of user
4.1 Privacy protection

The reason for protecting the user’s privacy is that the privacy of the user is the property of

the user. The manufacture of equipment and systems, and the service providers have the

responsibility of safeguarding the user’s privacy.
4.2 Definition of privacy

Privacy, as defined in this specification, is the private information of the user or private

information created by the user that is produced or accompanied with user’s usage, operation

and behaviour with multimedia equipments or systems. Using the equipment, system and

service, these activities produce private information that is stored or transferred. This privacy

has attribution and origination.
Attribution is specified depending on its nature as shown in Table 1.
Table 1 – Privacy attribution
Privacy attribution Description Example

Identification of user User can be identified with this Name, address, telephone number, e-mail

information address
Social information, credit card information,
social number
Biometrics data of user

Creation by user Information that is the property of user Document, photograph, video, music

Provided by user Information provided by user operation Broadcasting programme, downloaded

contents, cookie, usage record

The identification of the user is fundamental information of the user. The user can be

identified by this information, and others can access to the user or the property of user with

this information.

Creation by the user is a property of the user. This information should be protected from

others.

Provided by the user is also a property of user. This is provided by user operation or

behaviour.
The origin of that information is specified as shown in Table 2.
Table 2 – Origin of information
Origin Description
Direct information Provided direct by user
Indirect information Provided indirectly by user’s use of equipment or systems

Accompanied information Data accompanied by the user’s use of equipment or systems

---------------------- Page: 9 ----------------------
– 8 – TS 62045-1 © IEC:2006(E)

Direct information is provided by the user intentionally and consciously, or unintentionally and

unconsciously. When the user inputs his private information or recalls his information, that

information is provided direct by the user’s operation or behaviour.

Indirect information is provided by the user’s use of equipment or systems intentionally and

consciously, or unintentionally and unconsciously. When the user uses equipment or systems,

this behaviour causes communication of information including the user’s private information.

Accompanied infor
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.