ISO/IEC INTERNATIONAL STANDARD 19286 First edition 2018-01 Identification cards Integrated circuit cards Privacy-enhancing protocols and services Cartes d'identification - Cartes a circuit intégré - Protocoles et services renforcant la protection des données personnelles Reference number TEC IS0/IEC 19286:2018(E) s CopyrihtInternational Organization for Standardization @ IS0/IEC 2018 ACKEY, MA 01805:28:15MS IS0/IEC 19286:2018(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC 2018, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyright office Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 [email protected] www.iso.org @ IS0/IEC 2018 - All rights reserved Iniv/5926867100,User=JACKEY,MA networking permited without license from IHS IS0/IEC 19286:2018(E) Contents Page Foreword ..V Introduction. ..vi 1 Scope. 2 Normative references 3 Terms and definitions 4 Abbreviated terms and notations. 5 General privacy principles ..6 5.1 General. .6 5.2 Data minimization.. ..7 5.3 User control .7 5.4 Data quality .7 6 Privacy architecture. ..8 6.1 General. .8 6.2 Categorization of data 6.2.1 User data and credentials. .9 6.2.2 User input data. .10 6.2.3 ICC data ..10 6.2.4 Service provider data (SP data) ..10 6.2.5 Issuer data. ..10 6.3 Participating entities. ..11 6.4 Privacy properties. .11 6.4.1 Data minimizing properties. .11 6.4.2 User control properties. ..12 6.4.3 Data quality properties ..13 7 Privacy-enhancing protocols ..14 7.1 General 7.2 User verification. ..15 7.2.1 Purpose of user verification. ..15 7.2.2 Password verification with VERIFY command .15 7.2.3 Password verification with PACE. ..17 7.2.4 Biometric user verification. .20 7.3 Device authentication protocols with optional user attribute access .22 7.3.1 Purpose of device authentication protocols 22 7.3.2 Authentication protocol PACE. 22 7.3.3 Authentication protocol EACv2 with on-card user attributes 24 7.3.4 ABC protocol with on-card user attributes. 30 7.3.5 Enhanced Role Authentication protocol (ERA) 34 7.3.6 Device authentication protocol oPACITY Full Secrecy .41 7.3.7 Device authentication protocol OPACITY BLINDED .43 7.4 Attribute verification mechanisms with coMPARE command ..45 7.4.1 Purpose of attribute verification mechanism. ..45 7.4.2 General. .45 7.4.3 Data comparison with external authentication function .46 7.4.4 Auxiliary data comparison with EACv2 protocol. ..47 7.5 Domain-specific identifier mechanisms. .49 7.5.1 Purpose of domain-specific identifier mechanisms 7.5.2 Domain-specific identifier based on Restricted Identification ..49 7.5.3 Domain-specific identifier based on pseudonymous signature forauthentication .51 7.5.4 Domain-specific identifier based on ABC-based signatures 52 7.6 Pseudonymous signature mechanisms.. .52 7.6.1 Purpose of pseudonymous signatures. .52 tnmaonaghtsrred iii No reproduction or networking permitted without license from IHS ense with IEC NotforResale,02/23/201805:28:15MST IS0/IEC 19286:2018(E) 7.6.2 Chip Authentication based on Pseudonymous Signature for Authentication (CA-PSA) 52 7.6.3 Pseudonymous Signature of Credentials (PSC) 55 7.6.4 ABC-based signatures (ABC-Sig). 56 Annex A (informative) Use cases. 59 Annex B (informative) Privacy Impact Assessment (PIA) guidance for electronic identification, authentication and trust services .64 Bibliography 75 @ IS0/IEC 2018 - All rights reserved NotforResale,02/23/201805:28:15MST 5926867100, User=JACKEY, MA Noreproo mited withoutlicense from IHS IS0/IEC 19286:2018(E) Foreword IsO (the International Organization for Standardization) and IEC (the Internatio