• Shopping Cart
    There are no items in your cart

BS ISO/IEC 19286:2018

Current

Current

The latest, up-to-date edition.

Identification cards. Integrated circuit cards. Privacy-enhancing protocols and services

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

29-01-2018

€348.24
Excluding VAT

Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviated terms and notations
5 General privacy principles
6 Privacy architecture
7 Privacy-enhancing protocols
Annex A (informative) - Use cases
Annex B (informative) - Privacy Impact Assessment (PIA)
        guidance for electronic identification,
        authentication and trust services
Bibliography

Pertains to normalize privacy-enhancing protocols and services by - using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy, - providing discoverability means of privacy-enabling attributes, - defining requirements for attribute-based credential handling, and - identifying data objects and commands for ICCs.

Committee
IST/17
DevelopmentNote
Supersedes 17/30318701 DC. (02/2018)
DocumentType
Standard
Pages
86
PublisherName
British Standards Institution
Status
Current

This document aims to normalize privacy-enhancing protocols and services by

  • using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy,

  • providing discoverability means of privacy-enabling attributes,

  • defining requirements for attribute-based credential handling, and

  • identifying data objects and commands for ICCs.

Existing privacy-enhancing protocols available in a generic context are adopted for distributed systems including ICCs. Additionally, existing authentication protocols between an ICC and an external device used for establishing a secure channel are enhanced with privacy protection. Secure communication between an ICC and an on-card device is also considered.

All the protocols and services described in this document contribute to privacy. Annex B describes an example of privacy impact assessments of respective systems.

Standards Relationship
ISO/IEC 19286:2018 Identical

ISO/IEC 20008-2:2013 Information technology — Security techniques — Anonymous digital signatures — Part 2: Mechanisms using a group public key
ISO/IEC 18013-3:2017 Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation
ISO/IEC 7816-8:2016 Identification cards Integrated circuit cards Part 8: Commands and mechanisms for security operations
ISO/IEC 7816-9:2004 Identification cards Integrated circuit cards Part 9: Commands for card management
ISO/IEC 24760-1:2011 Information technology Security techniques A framework for identity management Part 1: Terminology and concepts
ISO/IEC 29191:2012 Information technology — Security techniques — Requirements for partially anonymous, partially unlinkable authentication.
ISO/IEC 29115:2013 Information technology — Security techniques — Entity authentication assurance framework
ISO/IEC 29134:2017 Information technology — Security techniques — Guidelines for privacy impact assessment
ISO/IEC 7816-4:2013 Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange
ISO/IEC 18328-1:2015 Identification cards ICC-managed devices Part 1: General framework
ISO/IEC 7501-1:2008 Identification cards — Machine readable travel documents — Part 1: Machine readable passport
ISO/IEC 29101:2013 Information technology Security techniques Privacy architecture framework
ISO/IEC 18370-2:2016 Information technology Security techniques Blind digital signatures Part 2: Discrete logarithm based mechanisms
ISO/IEC 18328-3:2016 Identification cards — ICC-managed devices — Part 3: Organization, security and commands for interchange
EN 419212-1:2017 Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 1: Introduction and common definitions
EN 14890-2:2008 Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services
EN 14890-1:2008 Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services
ISO/IEC 7816-11:2004 Identification cards Integrated circuit cards Part 11: Personal verification through biometric methods
ISO/IEC 11770-3:2015 Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques
ISO/IEC 29100:2011 Information technology — Security techniques — Privacy framework

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.