Page 1049 - 2015 Security in Telecommunications and Information Technology
P. 1049
Unleashing the potential of the Internet of Things 8
international standard. This Recommendation is meant for such wider areas which lack any
previous standard ID scheme.
– ID-003: identifier is required to be issuable by any organization such as companies,
non-profit organizations, governments and individual users.
– ID-003 is a requirement for the governance of identification schemes. To satisfy this
requirement, for example, even an individual without any corporate affiliation should be
able to obtain identifiers, and identifiers must be allocated at a low enough cost. For
example, if an identification scheme has a short company code bit field, and it is too short
to be used by all the companies in the country or in the world, it does not satisfy this
requirement. If the company code cannot be assigned to non-company organizations such
as governments, NPOs, small businesses, schools and individuals, it does not satisfy this
requirement. The governance of this Recommendation should satisfy this requirement.
– ID-004: identifier is required to be globally unique so that the multimedia information
access triggered by the identifier is globally available.
Essentially, the identification scheme proposed must be a globally unique numbering
system. When the same identifier is assigned to two different entities, confusion arises.
However, some identification schemes do not follow this principle entirely. For example,
an IP address system has a private address subspace in its numbering space, such as
"192.168.1.1". Everyone can assign the private address to the network interfaces of his/her
own networked machines. Some supply chain management (SCM) identification schemes
have an "in-house ID code area", which can be used by shops or factories freely, thus the
code area is not globally unique. In [b-ITU-T X.667], identifiers are generated
automatically by a standard algorithm and procedure, so each identifier is assured to be
almost globally unique. However, in theory, there is a small possibility of collisions when
random number generators are used. Additionally, there may be bugs in the identifier
generating software, and some unauthorised people may intentionally issue duplicate
identifiers. Therefore, [b-ITU-T X.667] does not fully satisfy this requirement. The
governance of this Recommendation is meant to satisfy this requirement.
– ID-005: multiple identifier schemes are required to be supported.
This is an important requirement to accommodate both the existing and the yet-to-appear
future identification schemes.
Among the requirements outlined above, ID-005 is not a requirement for the identification scheme
itself, but for the system that utilizes identifiers. Therefore, this requirement is excluded from the
use case analysis. ID-001 is also excluded from the use case analysis because all the target
identification schemes listed below satisfy this requirement.
I.4 Survey on existing identification schemes
I.4.1 Existing identification schemes
To make this use case analysis comprehensive, widely-used existing identification schemes from a
wide range of application areas were studied.
I.4.1.1 EPC
The electronic product code (EPC) is a family of identification schemes proposed by EPCglobal. It
is currently one of the most widely used identification schemes in the field of supply chain
management, even though it is not a de jure international standard. It is designed to be used in a
low-cost way for tracking goods using RFID technology, to meet the needs of various industries, to
identify each item manufactured (unlike barcode systems), and to guarantee uniqueness for all
EPC-compliant tags. This implies that the initial intention of EPC is to identify products
manufactured by using RFID-based tags.
Rec. ITU-T Y.4804/H.642.1 (06/2012) 1035