Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- Privacy and legal-social content.
- Mobility and Identity.
- D11.1: Mobility and Identity.
- D11.2: Mobility and LBS.
- D11.3: Economic aspects of mobility and identity.
- D11.4: Workshop on Mobility and Identity.
- D11.5: The legal framework for location-based services in Europe.
- D11.12: Mobile Marketing in the Perspective of Identity, Privacy and Transparency.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D11.6: Survey on Mobile Identity
The deliverable in hand provides the results of an explorative survey on the
control model for identity related data in location-based services (LBS)
presented in FIDIS deliverable D11.2.
The survey was performed to explore the influence of LBS characteristics (pull
vs. push based, indirect vs. direct profile creation) on the perceived amount of
control participants have about the disclosure of their identity.
Four scenarios, each reflected a different aspect of the control model, have been
designed and tested.
Security of location systems
From a legal point of view, how location data in location systems can be secured e.g. against unauthorised access, is of interest. This especially concerns location data corresponding to persons. As already described, location systems typically use IT systems at least in the backend to store and process location data. In most cases the whole location system can be classified as an IT system. Therefore internationally accepted security standards apply.
These standards can be classified in product-related and procedure or organisation-related standards. In the context of products the Common Criteria (CC; ISO/IEC 15804) are established. They allow the definition and certification of e.g., so-called Security Functions (SF) a product offers. Security Functions can be e.g., encrypted storage of data, effective access control mechanisms, etc.
For the implementation and operation of IT systems typically Information Security Management Systems (ISMS) are used. Based on the results of a risk analysis, technical and organisational security measures are used in combination to reduce risks until they are acceptable for the organisation. To ensure the effectiveness and appropriateness of the selected measures in running operations of IT systems, a process based IT Security Management is used. ISO/IEC 27001 offers ‘good practice’ examples for ISMS. For technical security measures classifications (e.g. ISO/IEC 17799) and catalogues (e.g. the Baseline-Protection-Catalogues offered by the German Federal Office for Information Security) are available.
In combination these different standards allow for an effective IT security management with respect to all steps of the life cycle of location systems: planning, building and operations.
Common Criteria certificates have not been applied for products in the context of location systems so far, because of a check of publicly available certificate lists of certificate bodies in the United States, Canada, the UK, Australia, and Germany. ISMS have already been implemented in the context of location systems, mainly in computer centres of mobile communication and location providers. One example of this is Vodafone IT Operations.
11 / 47 |