Skip to content
Please enter a keyword to search

  • BS ISO/IEC 19286:2018

    Current The latest, up-to-date edition.

    Identification cards. Integrated circuit cards. Privacy-enhancing protocols and services

    Available format(s):  Hardcopy, PDF

    Language(s):  English

    Published date:  29-01-2018

    Publisher:  British Standards Institution

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    Foreword
    Introduction
    1 Scope
    2 Normative references
    3 Terms and definitions
    4 Abbreviated terms and notations
    5 General privacy principles
    6 Privacy architecture
    7 Privacy-enhancing protocols
    Annex A (informative) - Use cases
    Annex B (informative) - Privacy Impact Assessment (PIA)
            guidance for electronic identification,
            authentication and trust services
    Bibliography

    Abstract - (Show below) - (Hide below)

    Pertains to normalize privacy-enhancing protocols and services by - using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy, - providing discoverability means of privacy-enabling attributes, - defining requirements for attribute-based credential handling, and - identifying data objects and commands for ICCs.

    Scope - (Show below) - (Hide below)

    This document aims to normalize privacy-enhancing protocols and services by

    • using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy,

    • providing discoverability means of privacy-enabling attributes,

    • defining requirements for attribute-based credential handling, and

    • identifying data objects and commands for ICCs.

    Existing privacy-enhancing protocols available in a generic context are adopted for distributed systems including ICCs. Additionally, existing authentication protocols between an ICC and an external device used for establishing a secure channel are enhanced with privacy protection. Secure communication between an ICC and an on-card device is also considered.

    All the protocols and services described in this document contribute to privacy. Annex B describes an example of privacy impact assessments of respective systems.

    General Product Information - (Show below) - (Hide below)

    Committee IST/17
    Development Note Supersedes 17/30318701 DC. (02/2018)
    Document Type Standard
    Publisher British Standards Institution
    Status Current

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 20008-2:2013 Information technology — Security techniques — Anonymous digital signatures — Part 2: Mechanisms using a group public key
    ISO/IEC 18013-3:2017 Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation
    ISO/IEC 7816-8:2016 Identification cards Integrated circuit cards Part 8: Commands and mechanisms for security operations
    ISO/IEC 7816-9:2004 Identification cards Integrated circuit cards Part 9: Commands for card management
    ISO/IEC 24760-1:2011 Information technology Security techniques A framework for identity management Part 1: Terminology and concepts
    ISO/IEC 29191:2012 Information technology — Security techniques — Requirements for partially anonymous, partially unlinkable authentication.
    ISO/IEC 29115:2013 Information technology Security techniques Entity authentication assurance framework
    ISO/IEC 29134:2017 Information technology — Security techniques — Guidelines for privacy impact assessment
    ISO/IEC 7816-4:2013 Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange
    ISO/IEC 18328-1:2015 Identification cards ICC-managed devices Part 1: General framework
    ISO/IEC 7501-1:2008 Identification cards Machine readable travel documents Part 1: Machine readable passport
    ISO/IEC 29101:2013 Information technology Security techniques Privacy architecture framework
    ISO/IEC 18370-2:2016 Information technology Security techniques Blind digital signatures Part 2: Discrete logarithm based mechanisms
    ISO/IEC 18328-3:2016 Identification cards — ICC-managed devices — Part 3: Organization, security and commands for interchange
    EN 419212-1:2017 Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 1: Introduction and common definitions
    EN 14890-2:2008 Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services
    EN 14890-1:2008 Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services
    ISO/IEC 7816-11:2004 Identification cards Integrated circuit cards Part 11: Personal verification through biometric methods
    ISO/IEC 11770-3:2015 Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques
    ISO/IEC 29100:2011 Information technology — Security techniques — Privacy framework
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective