ISO IEC 20009-1-2013 PDF

Full title and description

Information technology — Security techniques — Anonymous entity authentication — Part 1: General. Specifies a model, high‑level requirements and constraints for anonymous entity authentication mechanisms that allow the legitimacy of an entity to be corroborated without revealing its identity.

Abstract

ISO/IEC 20009-1:2013 defines the conceptual model, actors, processes and general functional and security requirements for mechanisms that provide anonymous authentication of entities. It establishes the architecture and constraints that subsequent parts (mechanism-specific documents) use when specifying particular anonymous authentication schemes.

General information

• Status: Published (International Standard; confirmed in the most recent systematic review).
• Publication date: 2013-07-31 (original publication 2013; confirmation/review recorded later).
• Publisher: International Organization for Standardization / International Electrotechnical Commission (ISO/IEC).
• ICS / categories: 35.030 (IT security).
• Edition / version: Edition 1 (2013).
• Number of pages: 6 pages (concise Part 1 general/specification document).

Scope

This part specifies the general model, entities, processes and requirements for anonymous entity authentication mechanisms. It covers functional objectives, security and privacy constraints, optional features such as linking or opening by authorised parties, and the architectural relationships to supporting processes (for example, group membership issuance). It provides the baseline that mechanism‑specific parts (e.g., those based on group signatures) use to define concrete protocols.

Key topics and requirements

• Conceptual model: definitions of entities (signer/member, verifier, issuer, opener, trusted third party), roles and interactions.
• Functional requirements for anonymous authentication: what the mechanism must enable (authentication without identity disclosure, optional traceability/linking where required).
• Security and privacy constraints: threat considerations, unlinkability, resistance to impersonation, and conditions for accountable de‑anonymisation (where applicable).
• Architectural elements: membership issuance and management, revocation considerations, online vs. offline trusted third parties (TTP), and interfaces to higher‑level systems.
• Conformance and normative relationships: how Part 1 constrains and interacts with mechanism specifications in subsequent parts of the series.

Typical use and users

Used by security architects, protocol designers, implementers of privacy‑preserving authentication systems (for example group‑signature or anonymous credential schemes), identity and access management vendors, smart card and secure element developers, and standards committees mapping anonymous authentication into broader security/privacy frameworks. National standards bodies and procurers may reference Part 1 when assessing or specifying anonymous authentication requirements.

Related standards

Key related documents and series include: ISO/IEC 20009-2:2013 (Anonymous entity authentication — Mechanisms based on signatures using a group public key); ISO/IEC 20008 series (Anonymous digital signatures — Part 1: General; Part 2: Group public key mechanisms; and newer parts addressing multiple public keys); ISO/IEC 29115 (Entity authentication assurance framework); and privacy/security framework standards such as ISO/IEC 29100. These documents together cover mechanism details, assurance levels and privacy considerations that complement Part 1.

Keywords

anonymous authentication, anonymous entity authentication, group signatures, anonymous digital signatures, entity authentication, privacy, unlinkability, ISO/IEC JTC 1/SC 27, IT security.

FAQ

Q: What is this standard?

A: ISO/IEC 20009-1:2013 is the general (Part 1) specification for anonymous entity authentication; it defines the model, actors, processes and high‑level requirements that mechanism‑specific parts implement.

Q: What does it cover?

A: It covers the conceptual architecture, terminology, functional and security requirements, privacy constraints and optional capabilities (for example controlled opening or linking) for anonymous authentication mechanisms; it does not define specific cryptographic algorithms — those are specified in later parts.

Q: Who typically uses it?

A: Standards writers, security architects, protocol and product designers working on anonymous or privacy‑preserving authentication systems, and organisations specifying authentication requirements in procurement or regulation.

Q: Is it current or superseded?

A: ISO/IEC 20009-1:2013 is published and was confirmed in subsequent review cycles; the published Part 1 remains the current edition (no superseding edition published as of the latest systematic review). Check your national body or the ISO catalogue for any late corrections or national adoptions.

Q: Is it part of a series?

A: Yes — ISO/IEC 20009 is a multipart work. Part 1 is the general specification; Part 2 and other related parts specify mechanism families (for example, mechanisms based on group signatures). The 20008 series (anonymous digital signatures) is also closely related and often referenced by 20009 parts.

Q: What are the key keywords?

A: Anonymous authentication, anonymous digital signatures, group signatures, unlinkability, entity authentication, privacy, ISO/IEC JTC 1/SC 27.