Augmented Reality for Enterprise Alliance

External Services – Physical World Data

Back to Infographic

Data Protection

Gathering information about the user’s context and presenting data within in the user’s real world context are the primary functionalities of AR devices. Some of the many types of data and mechanisms include:

Data policy on AR devices should distinguish between system data collected by the device, external data fed to the device, and data created by the device.

 

Data collection on AR devices is pervasive. At a minimum, the enterprise needs to understand what data is collected by the device, the possible threats from data being captured or modified, and how data is stored. The device should allow local, automated, and remote wipe for lost and stolen devices. Data should be encrypted for confidentiality and integrity, and capabilities provided for SL3 and SL4 hardware based encryption with root keys stored in a hardware root-of-trust.

Security Protection Levels

The International Electrotechnical Commission (IEC) is an internationally-recognized non-profit organization that publishes standards for electrical, electronic and related technologies. IEC 62443-3-3, Security for industrial automation and control systems – System security requirements and security levels, defines four security levels for rating cyber threat protection elements, providing guidance on how to evaluate the protection levels for different security functions.

IEC security protection levels.

IEC Security Protection Level Description
SL1 Protection against casual violation
SL2 Protection against intentional violation using simple means
SL3 Protection against intentional violation using sophisticated means
SL4 Protection against intentional violation using sophisticated means with extended resources

 

The following items are required for SL >0

The following items are required for SL >1

The following items are required for SL >2