ISO/IEC 19286:2018
Current
The latest, up-to-date edition.
Identification cards — Integrated circuit cards — Privacy-enhancing protocols and services
Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users
English
01-08-2018
ISO/IEC 19286:2018 aims to normalize privacy-enhancing protocols and services by
- using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy,
- providing discoverability means of privacy-enabling attributes,
- defining requirements for attribute-based credential handling, and
- identifying data objects and commands for ICCs.
Existing privacy-enhancing protocols available in a generic context are adopted for distributed systems including ICCs. Additionally, existing authentication protocols between an ICC and an external device used for establishing a secure channel are enhanced with privacy protection. Secure communication between an ICC and an on-card device is also considered.
All the protocols and services described in this document contribute to privacy. Annex B describes an example of privacy impact assessments of respective systems.
Committee |
ISO/IEC JTC 1/SC 17
|
DocumentType |
Standard
|
Pages |
76
|
PublisherName |
International Organization for Standardization
|
Status |
Current
|
Standards | Relationship |
CSA ISO/IEC 19286:19 | Identical |
INCITS/ISO/IEC 19286:2018[2020] | Identical |
BS ISO/IEC 19286:2018 | Identical |
ISO/IEC 20008-2:2013 | Information technology — Security techniques — Anonymous digital signatures — Part 2: Mechanisms using a group public key |
ISO/IEC 18013-3:2017 | Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation |
ISO/IEC 7816-8:2016 | Identification cards Integrated circuit cards Part 8: Commands and mechanisms for security operations |
ISO/IEC 7816-9:2004 | Identification cards Integrated circuit cards Part 9: Commands for card management |
ISO/IEC 24760-1:2011 | Information technology Security techniques A framework for identity management Part 1: Terminology and concepts |
ISO/IEC 29191:2012 | Information technology — Security techniques — Requirements for partially anonymous, partially unlinkable authentication. |
ISO/IEC 29115:2013 | Information technology — Security techniques — Entity authentication assurance framework |
ISO/IEC 29134:2017 | Information technology — Security techniques — Guidelines for privacy impact assessment |
ISO/IEC 7816-4:2013 | Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange |
ISO/IEC 18328-1:2015 | Identification cards ICC-managed devices Part 1: General framework |
ISO/IEC 7501-1:2008 | Identification cards — Machine readable travel documents — Part 1: Machine readable passport |
ISO/IEC 29101:2013 | Information technology Security techniques Privacy architecture framework |
ISO/IEC 18370-2:2016 | Information technology Security techniques Blind digital signatures Part 2: Discrete logarithm based mechanisms |
ISO/IEC 18328-3:2016 | Identification cards — ICC-managed devices — Part 3: Organization, security and commands for interchange |
EN 419212-1:2017 | Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 1: Introduction and common definitions |
EN 14890-2:2008 | Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services |
EN 14890-1:2008 | Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services |
ISO/IEC 7816-11:2004 | Identification cards Integrated circuit cards Part 11: Personal verification through biometric methods |
ISO/IEC 11770-3:2015 | Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques |
ISO/IEC 29100:2011 | Information technology — Security techniques — Privacy framework |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.