ISO/IEC 19286:2018 身份证 集成电路卡 隐私增强协议和服务

标准编号：ISO/IEC 19286:2018

中文名称：身份证 集成电路卡 隐私增强协议和服务

英文名称：Identification cards — Integrated circuit cards — Privacy-enhancing protocols and services

发布日期：2018-01

标准范围

ISO/IEC 19286:2018旨在通过以下方式规范隐私增强协议和服务:-使用ISO/IEC 7816部分和ISO/IEC 18328部分中有助于安全和隐私的机制，-提供隐私启用属性的可发现性手段，-定义基于属性的凭证处理要求，以及-识别ICC的数据对象和命令。包括ICC在内的分布式系统采用了通用环境下可用的现有隐私增强协议。此外，ICC和用于建立安全通道的外部设备之间的现有身份验证协议通过隐私保护得到了增强。还考虑了ICC和卡上设备之间的安全通信。本文档中描述的所有协议和服务都有助于保护隐私。附件B描述了各自系统的隐私影响评估示例。

ISO/IEC 19286:2018 aims to normalize privacy-enhancing protocols and services by- using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy,- providing discoverability means of privacy-enabling attributes,- defining requirements for attribute-based credential handling, and- identifying data objects and commands for ICCs.Existing privacy-enhancing protocols available in a generic context are adopted for distributed systems including ICCs. Additionally, existing authentication protocols between an ICC and an external device used for establishing a secure channel are enhanced with privacy protection. Secure communication between an ICC and an on-card device is also considered.All the protocols and services described in this document contribute to privacy. Annex B describes an example of privacy impact assessments of respective systems.

标准预览图