ISO/IEC 19286:2018
Current
The latest, up-to-date edition.
Identification cards — Integrated circuit cards — Privacy-enhancing protocols and services
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
English
08-01-2018
Important note : Users cannot be edited or removed once added to your Multi user PDF.
ISO/IEC 19286:2018 aims to normalize privacy-enhancing protocols and services by
- using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy,
- providing discoverability means of privacy-enabling attributes,
- defining requirements for attribute-based credential handling, and
- identifying data objects and commands for ICCs.
Existing privacy-enhancing protocols available in a generic context are adopted for distributed systems including ICCs. Additionally, existing authentication protocols between an ICC and an external device used for establishing a secure channel are enhanced with privacy protection. Secure communication between an ICC and an on-card device is also considered.
All the protocols and services described in this document contribute to privacy. Annex B describes an example of privacy impact assessments of respective systems.
| Committee |
ISO/IEC JTC 1/SC 17
|
| DocumentType |
Standard
|
| Pages |
76
|
| PublisherName |
International Organization for Standardization
|
| Status |
Current
|
| Standards | Relationship |
| CSA ISO/IEC 19286:19 | Identical |
| INCITS/ISO/IEC 19286:2018[2020] | Identical |
| BS ISO/IEC 19286:2018 | Identical |
| ISO/IEC 20008-2:2013 | Information technology — Security techniques — Anonymous digital signatures — Part 2: Mechanisms using a group public key |
| ISO/IEC 18013-3:2017 | Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation |
| ISO/IEC 7816-8:2016 | Identification cards Integrated circuit cards Part 8: Commands and mechanisms for security operations |
| ISO/IEC 7816-9:2004 | Identification cards Integrated circuit cards Part 9: Commands for card management |
| ISO/IEC 24760-1:2011 | Information technology Security techniques A framework for identity management Part 1: Terminology and concepts |
| ISO/IEC 29191:2012 | Information technology — Security techniques — Requirements for partially anonymous, partially unlinkable authentication. |
| ISO/IEC 29115:2013 | Information technology — Security techniques — Entity authentication assurance framework |
| ISO/IEC 29134:2017 | Information technology — Security techniques — Guidelines for privacy impact assessment |
| ISO/IEC 7816-4:2013 | Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange |
| ISO/IEC 18328-1:2015 | Identification cards ICC-managed devices Part 1: General framework |
| ISO/IEC 7501-1:2008 | Identification cards — Machine readable travel documents — Part 1: Machine readable passport |
| ISO/IEC 29101:2013 | Information technology Security techniques Privacy architecture framework |
| ISO/IEC 18370-2:2016 | Information technology Security techniques Blind digital signatures Part 2: Discrete logarithm based mechanisms |
| ISO/IEC 18328-3:2016 | Identification cards — ICC-managed devices — Part 3: Organization, security and commands for interchange |
| EN 419212-1:2017 | Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 1: Introduction and common definitions |
| EN 14890-2:2008 | Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services |
| EN 14890-1:2008 | Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services |
| ISO/IEC 7816-11:2004 | Identification cards Integrated circuit cards Part 11: Personal verification through biometric methods |
| ISO/IEC 11770-3:2015 | Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques |
| ISO/IEC 29100:2011 | Information technology — Security techniques — Privacy framework |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.