iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 19286:2018

(Main)

Identification cards — Integrated circuit cards — Privacy-enhancing protocols and services

Identification cards — Integrated circuit cards — Privacy-enhancing protocols and services

ISO/IEC 19286:2018 aims to normalize privacy-enhancing protocols and services by - using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy, - providing discoverability means of privacy-enabling attributes, - defining requirements for attribute-based credential handling, and - identifying data objects and commands for ICCs. Existing privacy-enhancing protocols available in a generic context are adopted for distributed systems including ICCs. Additionally, existing authentication protocols between an ICC and an external device used for establishing a secure channel are enhanced with privacy protection. Secure communication between an ICC and an on-card device is also considered. All the protocols and services described in this document contribute to privacy. Annex B describes an example of privacy impact assessments of respective systems.

Cartes d'identification — Cartes à circuit intégré — Protocoles et services renforçant la protection des données personnelles

General Information

Status
Published
Publication Date
07-Jan-2018
ICS
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
ISO/IEC JTC 1/SC 17 - Cards and security devices for personal identification
Drafting Committee
ISO/IEC JTC 1/SC 17/WG 4 - Generic interfaces and protocols for security devices
Current Stage
9093 - International Standard confirmed
Completion Date
03-Oct-2023
Ref Project

Buy Standard

ISO/IEC 19286:2018 - Identification cards -- Integrated circuit cards -- Privacy-enhancing protocols and servicesISO/IEC 19286:2018 - Identification cards -- Integrated circuit cards -- Privacy-enhancing protocols and services
PreviousNext
Standard
ISO/IEC 19286:2018 - Identification cards -- Integrated circuit cards -- Privacy-enhancing protocols and services
English language
76 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 19286
First edition
2018-01
Identification cards — Integrated
circuit cards — Privacy-enhancing
protocols and services
Cartes d'identification — Cartes à circuit intégré — Protocoles et
services renforçant la protection des données personnelles
Reference number
ISO/IEC 19286:2018(E)
©
ISO/IEC 2018

---------------------- Page: 1 ----------------------
ISO/IEC 19286:2018(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2018, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2018 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 19286:2018(E)

Contents Page
Foreword .v
Introduction .vi
1 Scope .1
2 Normative references .1
3 Terms and definitions .1
4 Abbreviated terms and notations .5
5 General privacy principles .6
5.1 General . 6
5.2 Data minimization . 7
5.3 User control . 7
5.4 Data quality . 7
6 Privacy architecture .8
6.1 General . 8
6.2 Categorization of data . 9
6.2.1 User data and credentials . . 9
6.2.2 User input data .10
6.2.3 ICC data .10
6.2.4 Service provider data (SP data) .10
6.2.5 Issuer data .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC 14443-2:2020/Cor 2:2023(Corrigendum)
Cards and security devices for personal identification — Contactless proximity objects — Part 2: Radio frequency power and signal interface — Technical Corrigendum 2
  • Standard
    2 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 23465-3:2023(Main)
Card and security devices for personal identification — Programming interface for security devices — Part 3: Proxy

This document describes the software (SW) layer called “proxy”. It supports the programming interface to security devices and the application using this API to access the application related security devices defined in ISO/IEC TS 23465-2. This document is applicable to: — proxy requirements, functionality and layers; — resolving mechanisms for API functions; — data structures related to security device handling; — translation for security device communication; — serialization/de-serialization syntax and methods.

  • Technical specification
    19 pages
    English language
    sale 15% off
  • Draft
    19 pages
    English language
    sale 15% off
  • Draft
    19 pages
    English language
    sale 15% off
ISO
ISO/IEC 18013-3:2017/Amd 2:2023(Amendment)
Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation — Amendment 2: Updates for passive authentication
  • Standard
    8 pages
    English language
    sale 15% off
  • Draft
    9 pages
    English language
    sale 15% off
  • Draft
    9 pages
    English language
    sale 15% off
ISO
ISO/IEC 18013-2:2020/Amd 1:2023(Amendment)
Personal identification — ISO-compliant driving licence — Part 2: Machine-readable technologies — Amendment 1: DG11 length for compact encoding
  • Standard
    9 pages
    English language
    sale 15% off
  • Draft
    10 pages
    English language
    sale 15% off
  • Draft
    10 pages
    English language
    sale 15% off
ISO
ISO/IEC 7816-6:2023(Main)
Identification cards — Integrated circuit cards — Part 6: Interindustry data elements for interchange

This document specifies directly or by reference, data elements, including composite data elements that are applicable to interindustry interchange. It identifies the following characteristics of each data element: — identifier; — name; — description and reference; — format and coding (if not available in other ISO standards or parts of the ISO/IEC 7816 series). The layout of each data element is described as seen at the interface between the interface device and the card. This document provides the definition of data elements without consideration of any restrictions on the usage of the data elements. It does not cover the internal implementation within the card and/or the outside world. With the exception of login data objects (6.5), only application class tags are eligible in this document. When using an interindustry template, an application is allowed to nest context-specific class tags (see ISO/IEC 7816-4) under such a template unless it is previously marked as reserved for future use by ISO/IEC JTC 1/SC 17.

  • Standard
    27 pages
    English language
    sale 15% off
  • Draft
    28 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 23465-2:2023(Main)
Card and security devices for personal identification — Programming interface for security devices — Part 2: API definition

This document describes the following aspects of the programming interface between the client application dealing with the security device and the proxy, based on the framework outlined in ISO/IEC 23465-1: — the generic API definition; — state and security models for use cases; — class and API definitions of functionality, defined in other standards, e.g. the ISO/IEC 7816 series.

  • Technical specification
    55 pages
    English language
    sale 15% off
ISO
ISO/IEC 23465-1:2023(Main)
Card and security devices for personal identification — Programming interface for security devices — Part 1: Introduction and architecture description

This document introduces and describes the concept of the application programming interface (API) to security devices with the intention to simplify the usage of commands and mechanisms defined by the ISO/IEC 7816 series. This document gives guidelines on: — the system overview and description of the system of the programming interface; — the architecture description; — the data model in general, used by the API; — the use cases and the usage model of the API.

  • Standard
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC 23220-1:2023(Main)
Cards and security devices for personal identification — Building blocks for identity management via mobile devices — Part 1: Generic system architectures of mobile eID systems

This document specifies generic system architectures and generic life-cycle phases of mobile eID systems in terms of building blocks for mobile eID system infrastructures. It standardizes interfaces and services for mdoc apps and mobile verification applications. It is applicable to entities involved in specifying, architecting, designing, testing, maintaining, administering and operating a mobile eID system in parts or entirely.

  • Standard
    48 pages
    English language
    sale 15% off
  • Standard
    48 pages
    English language
    sale 15% off
ISO
ISO/IEC 7816-11:2022(Main)
Identification cards — Integrated circuit cards — Part 11: Personal verification through biometric methods

This document specifies security-related interindustry commands that are intended to be used for personal verification through biometric methods in integrated circuit cards. It also defines the data structure and data access methods for use of the card as a carrier of the biometric reference and/or as the device to perform the verification of the cardholder's biometric probe (on-card biometric comparison). Identification of persons using biometric methods is outside the scope of this document.

  • Standard
    25 pages
    English language
    sale 15% off
ISO
ISO/IEC 18013-3:2017/Amd 1:2022(Amendment)
Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation — Amendment 1: PACE protocol
  • Standard
    14 pages
    English language
    sale 15% off
  • Draft
    14 pages
    English language
    sale 15% off