Access control for data and processes includes authentication and authorization. AR devices pose challenges in user authentication due to the new paradigms of user interaction. Voice, gestures, and gaze provide significant challenges to confidentiality and usability for maintaining strong passwords. Biometrics are not yet integrated into most hardware headsets. Biometrics and tokens may ultimately resolve authentication problems, but it will be complicated to integrate them into a company-wide policy.
Remote authentication of AR devices should follow IT or mobile authentication guidelines, for example NIST Special Publication SP-800-63-2.
Authorization should provide granularity to control the different data sets in the device.
The International Electrotechnical Commission (IEC) is an internationally-recognized non-profit organization that publishes standards for electrical, electronic and related technologies. IEC 62443-3-3, Security for industrial automation and control systems – System security requirements and security levels, defines four security levels for rating cyber threat protection elements, providing guidance on how to evaluate the protection levels for different security functions.
IEC security protection levels.
| IEC Security Protection Level | Description |
| SL1 | Protection against casual violation |
| SL2 | Protection against intentional violation using simple means |
| SL3 | Protection against intentional violation using sophisticated means |
| SL4 | Protection against intentional violation using sophisticated means with extended resources |
The following items are required for SL >0
The following items are required for SL >1
The following items are required for SL >2
The following items are required for SL >3
AR devices need to provide integrity and audit information that includes significant system events. Depending on the requirements, this audit information should be protected cryptographically or utilize secure data storage mechanisms.
The International Electrotechnical Commission (IEC) is an internationally-recognized non-profit organization that publishes standards for electrical, electronic and related technologies. IEC 62443-3-3, Security for industrial automation and control systems – System security requirements and security levels, defines four security levels for rating cyber threat protection elements, providing guidance on how to evaluate the protection levels for different security functions.
IEC security protection levels.
| IEC Security Protection Level | Description |
| SL1 | Protection against casual violation |
| SL2 | Protection against intentional violation using simple means |
| SL3 | Protection against intentional violation using sophisticated means |
| SL4 | Protection against intentional violation using sophisticated means with extended resources |
The following items are required for SL >1
The following items are required for SL >2
You must be an AREA subscriber and logged in to access this content. Please login or click below to create your free AREA subscriber account and access this valuable content today.
Need more advice on the types of membership you cant get? Click here for our FAQ section on memberships.