ISO IEC 29191-2012 PDF

Full title and description

Information technology — Security techniques — Requirements for partially anonymous, partially unlinkable authentication. This International Standard provides a framework and establishes requirements for authentication schemes that aim to balance user privacy (partial anonymity and unlinkability) with accountability through controlled re‑identification mechanisms (designated opener models).

Abstract

ISO/IEC 29191:2012 defines a framework and high‑level requirements for partially anonymous, partially unlinkable authentication, describing roles (issuer, claimant, verifier, designated opener), operations (credential issuance, authentication, transcript generation, re‑identification) and the privacy‑security tradeoffs needed to support unlinkability while permitting controlled opening.

General information

• Status: Published; International Standard (confirmed in latest review cycle).
• Publication date: December 2012 (published 6 December 2012; Edition 1:2012).
• Publisher: ISO/IEC (Technical committee ISO/IEC JTC 1/SC 27 — Information security, cybersecurity and privacy protection).
• ICS / categories: 35.030 (IT security).
• Edition / version: Edition 1 (2012).
• Number of pages: 9 pages.

(Core bibliographic details above are drawn from the ISO bibliographic entry and major standards distributors.)

Scope

Specifies a framework and high‑level requirements for systems that provide partial anonymity and partial unlinkability in authentication. The standard describes the principal roles and operations required to support anonymous or pseudonymous authentication while enabling a pre‑designated party (the designated opener) to re‑identify a claimant from an authentication transcript when explicitly authorized. It focuses on requirements and concepts rather than prescribing specific cryptographic mechanisms, and is intended to inform design, evaluation and selection of authentication solutions where privacy and accountability must coexist.

Key topics and requirements

• Definitions of key roles and terms: claimant, issuer, verifier, credential, designated opener, transcript of authentication.
• Framework operations: credential issuance, authentication (transcript generation), designated opener setup and re‑identification procedures.
• Privacy requirements: partial anonymity and unlinkability expectations for authentication transcripts and sessions.
• Accountability requirements: controlled re‑identification by a designated opener, and evidential controls for legitimate opening.
• High‑level security and lifecycle considerations: enrollment/registration, authentication, re‑identification, and limits on what is in scope (for example, authorization mechanisms are typically out of scope).

Typical use and users

Used by security architects, privacy engineers, system integrators and solution vendors designing privacy‑preserving authentication schemes for applications where anonymity/unlinkability and conditional accountability are both required — examples include certain e‑government services, payment and billing systems, intelligent transport systems (ITS), library systems, and other domains requiring privacy‑preserving credentials with controlled opening. Standards developers, auditors and policy makers may also reference the standard when specifying requirements for identity and privacy controls.

Related standards

ISO/IEC 29191 is part of the identity/privacy/authentication family of standards and is typically considered alongside ISO/IEC 29100 (Privacy framework), ISO/IEC 29101 (Privacy architecture framework), ISO/IEC 29115 (Entity authentication assurance framework), and identity vocabulary standards such as ISO/IEC 24760. These related documents provide complementary terminology, privacy principles and authentication assurance guidance.

Keywords

partially anonymous authentication, unlinkability, designated opener, credential, claimant, verifier, privacy, anonymity, re‑identification, identity management, authentication transcript, ISO/IEC JTC 1/SC 27.

FAQ

Q: What is this standard?

A: ISO/IEC 29191:2012 is an international standard that defines a framework and high‑level requirements for partially anonymous, partially unlinkable authentication systems.

Q: What does it cover?

A: It covers roles, terminology and requirements for achieving partial anonymity and unlinkability in authentication, including how authentication transcripts are produced and how a designated opener can re‑identify a claimant under controlled conditions. It focuses on requirements and concepts rather than specific algorithms.

Q: Who typically uses it?

A: Security architects, privacy engineers, system integrators, vendors of credential and authentication solutions, standards developers, auditors and policy makers concerned with privacy‑preserving authentication and conditional accountability.

Q: Is it current or superseded?

A: The published edition (Edition 1, 2012) remains the authoritative text; the ISO bibliographic entry indicates the standard is published and was confirmed during the periodic review process (confirmed in the most recent review cycle). Users should check the ISO catalogue or national standards bodies for any amendments, national adoptions or later revisions.

Q: Is it part of a series?

A: Yes — it is part of the broader ISO/IEC JTC 1/SC 27 family of information security and privacy standards and is commonly used together with standards such as ISO/IEC 29100 (privacy framework), ISO/IEC 29101 and ISO/IEC 29115.

Q: What are the key keywords?

A: Partially anonymous authentication, unlinkability, designated opener, credential, claimant, verifier, privacy, identity management.