Skip to content
Please enter a keyword to search

  • ISO/IEC 19286:2018

    Current The latest, up-to-date edition.

    Identification cards — Integrated circuit cards — Privacy-enhancing protocols and services

    Available format(s):  Hardcopy, PDF, PDF 3 Users, PDF 5 Users, PDF 9 Users

    Language(s):  English

    Published date:  08-01-2018

    Publisher:  International Organization for Standardization

    Add To Cart

    Abstract - (Show below) - (Hide below)

    ISO/IEC 19286:2018 aims to normalize privacy-enhancing protocols and services by

    - using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy,

    - providing discoverability means of privacy-enabling attributes,

    - defining requirements for attribute-based credential handling, and

    - identifying data objects and commands for ICCs.

    Existing privacy-enhancing protocols available in a generic context are adopted for distributed systems including ICCs. Additionally, existing authentication protocols between an ICC and an external device used for establishing a secure channel are enhanced with privacy protection. Secure communication between an ICC and an on-card device is also considered.

    All the protocols and services described in this document contribute to privacy. Annex B describes an example of privacy impact assessments of respective systems.

    General Product Information - (Show below) - (Hide below)

    Committee ISO/IEC JTC 1/SC 17
    Document Type Standard
    Publisher International Organization for Standardization
    Status Current

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 20008-2:2013 Information technology — Security techniques — Anonymous digital signatures — Part 2: Mechanisms using a group public key
    ISO/IEC 18013-3:2017 Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation
    ISO/IEC 7816-8:2016 Identification cards Integrated circuit cards Part 8: Commands and mechanisms for security operations
    ISO/IEC 7816-9:2004 Identification cards Integrated circuit cards Part 9: Commands for card management
    ISO/IEC 24760-1:2011 Information technology Security techniques A framework for identity management Part 1: Terminology and concepts
    ISO/IEC 29191:2012 Information technology — Security techniques — Requirements for partially anonymous, partially unlinkable authentication.
    ISO/IEC 29115:2013 Information technology Security techniques Entity authentication assurance framework
    ISO/IEC 29134:2017 Information technology — Security techniques — Guidelines for privacy impact assessment
    ISO/IEC 7816-4:2013 Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange
    ISO/IEC 18328-1:2015 Identification cards ICC-managed devices Part 1: General framework
    ISO/IEC 7501-1:2008 Identification cards Machine readable travel documents Part 1: Machine readable passport
    ISO/IEC 29101:2013 Information technology Security techniques Privacy architecture framework
    ISO/IEC 18370-2:2016 Information technology Security techniques Blind digital signatures Part 2: Discrete logarithm based mechanisms
    ISO/IEC 18328-3:2016 Identification cards — ICC-managed devices — Part 3: Organization, security and commands for interchange
    EN 419212-1:2017 Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 1: Introduction and common definitions
    EN 14890-2:2008 Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services
    EN 14890-1:2008 Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services
    ISO/IEC 7816-11:2004 Identification cards Integrated circuit cards Part 11: Personal verification through biometric methods
    ISO/IEC 11770-3:2015 Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques
    ISO/IEC 29100:2011 Information technology — Security techniques — Privacy framework
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective