<p>ISO/IEC 19286:2018 aims to normalize privacy-enhancing protocols and services by</p>
<p>- using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy,</p>
<p>- providing discoverability means of privacy-enabling attributes,</p>
<p>- defining requirements for attribute-based credential handling, and</p>
<p>- identifying data objects and commands for ICCs.</p>
<p>Existing privacy-enhancing protocols available in a generic context are adopted for distributed systems including ICCs. Additionally, existing authentication protocols between an ICC and an external device used for establishing a secure channel are enhanced with privacy protection. Secure communication between an ICC and an on-card device is also considered.</p>
<p>All the protocols and services described in this document contribute to privacy. Annex B describes an example of privacy impact assessments of respective systems.</p>
Registration number (WIID)
64268
Scope
<p>ISO/IEC 19286:2018 aims to normalize privacy-enhancing protocols and services by</p>
<p>- using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy,</p>
<p>- providing discoverability means of privacy-enabling attributes,</p>
<p>- defining requirements for attribute-based credential handling, and</p>
<p>- identifying data objects and commands for ICCs.</p>
<p>Existing privacy-enhancing protocols available in a generic context are adopted for distributed systems including ICCs. Additionally, existing authentication protocols between an ICC and an external device used for establishing a secure channel are enhanced with privacy protection. Secure communication between an ICC and an on-card device is also considered.</p>
<p>All the protocols and services described in this document contribute to privacy. Annex B describes an example of privacy impact assessments of respective systems.</p>
