ISO/IEC 19286:2018
(Main)Identification cards — Integrated circuit cards — Privacy-enhancing protocols and services
Identification cards — Integrated circuit cards — Privacy-enhancing protocols and services
ISO/IEC 19286:2018 aims to normalize privacy-enhancing protocols and services by - using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy, - providing discoverability means of privacy-enabling attributes, - defining requirements for attribute-based credential handling, and - identifying data objects and commands for ICCs. Existing privacy-enhancing protocols available in a generic context are adopted for distributed systems including ICCs. Additionally, existing authentication protocols between an ICC and an external device used for establishing a secure channel are enhanced with privacy protection. Secure communication between an ICC and an on-card device is also considered. All the protocols and services described in this document contribute to privacy. Annex B describes an example of privacy impact assessments of respective systems.
Cartes d'identification — Cartes à circuit intégré — Protocoles et services renforçant la protection des données personnelles
General Information
Standards Content (Sample)
INTERNATIONAL ISO/IEC
STANDARD 19286
First edition
2018-01
Identification cards — Integrated
circuit cards — Privacy-enhancing
protocols and services
Cartes d'identification — Cartes à circuit intégré — Protocoles et
services renforçant la protection des données personnelles
Reference number
ISO/IEC 19286:2018(E)
©
ISO/IEC 2018
---------------------- Page: 1 ----------------------
ISO/IEC 19286:2018(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2018, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2018 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 19286:2018(E)
Contents Page
Foreword .v
Introduction .vi
1 Scope .1
2 Normative references .1
3 Terms and definitions .1
4 Abbreviated terms and notations .5
5 General privacy principles .6
5.1 General . 6
5.2 Data minimization . 7
5.3 User control . 7
5.4 Data quality . 7
6 Privacy architecture .8
6.1 General . 8
6.2 Categorization of data . 9
6.2.1 User data and credentials . . 9
6.2.2 User input data .10
6.2.3 ICC data .10
6.2.4 Service provider data (SP data) .10
6.2.5 Issuer data .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.