• There are no items in your cart

ISO/IEC 19286:2018

Current
Current

The latest, up-to-date edition.

Identification cards — Integrated circuit cards — Privacy-enhancing protocols and services
Available format(s)

Hardcopy , PDF , PDF 3 Users , PDF 5 Users , PDF 9 Users

Language(s)

English

Published date

01-08-2018

ISO/IEC 19286:2018 aims to normalize privacy-enhancing protocols and services by

- using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy,

- providing discoverability means of privacy-enabling attributes,

- defining requirements for attribute-based credential handling, and

- identifying data objects and commands for ICCs.

Existing privacy-enhancing protocols available in a generic context are adopted for distributed systems including ICCs. Additionally, existing authentication protocols between an ICC and an external device used for establishing a secure channel are enhanced with privacy protection. Secure communication between an ICC and an on-card device is also considered.

All the protocols and services described in this document contribute to privacy. Annex B describes an example of privacy impact assessments of respective systems.

Committee
ISO/IEC JTC 1/SC 17
DocumentType
Standard
Pages
76
PublisherName
International Organization for Standardization
Status
Current

Standards Relationship
CSA ISO/IEC 19286:19 Identical
INCITS/ISO/IEC 19286:2018[2020] Identical
BS ISO/IEC 19286:2018 Identical

ISO/IEC 20008-2:2013 Information technology Security techniques Anonymous digital signatures Part 2: Mechanisms using a group public key
ISO/IEC 18013-3:2017 Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation
ISO/IEC 7816-8:2016 Identification cards Integrated circuit cards Part 8: Commands and mechanisms for security operations
ISO/IEC 7816-9:2004 Identification cards Integrated circuit cards Part 9: Commands for card management
ISO/IEC 24760-1:2011 Information technology Security techniques A framework for identity management Part 1: Terminology and concepts
ISO/IEC 29191:2012 Information technology — Security techniques — Requirements for partially anonymous, partially unlinkable authentication.
ISO/IEC 29115:2013 Information technology Security techniques Entity authentication assurance framework
ISO/IEC 29134:2017 Information technology — Security techniques — Guidelines for privacy impact assessment
ISO/IEC 7816-4:2013 Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange
ISO/IEC 18328-1:2015 Identification cards ICC-managed devices Part 1: General framework
ISO/IEC 7501-1:2008 Identification cards Machine readable travel documents Part 1: Machine readable passport
ISO/IEC 29101:2013 Information technology Security techniques Privacy architecture framework
ISO/IEC 18370-2:2016 Information technology Security techniques Blind digital signatures Part 2: Discrete logarithm based mechanisms
ISO/IEC 18328-3:2016 Identification cards — ICC-managed devices — Part 3: Organization, security and commands for interchange
EN 419212-1:2017 Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 1: Introduction and common definitions
EN 14890-2:2008 Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services
EN 14890-1:2008 Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services
ISO/IEC 7816-11:2004 Identification cards Integrated circuit cards Part 11: Personal verification through biometric methods
ISO/IEC 11770-3:2015 Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques
ISO/IEC 29100:2011 Information technology — Security techniques — Privacy framework

View more information
US$225.00
Excluding Tax where applicable

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.