国际信息安全标准研究项目热点概述

A Summary of International Information Security Standardization Research Reports Hot Spots

分析了ISO/IEC JTC1/SC27近期较受关注的信息安全标准项目和研究项目,包括不可克隆函数的安全要求、隐私工程框架、在线隐私通告、增强隐私身份管理、去身份相关技术等。其中,ISO/IEC 20897用于非存储安全参数生成;隐私工程框架研究项目旨在进一步精炼ISO/IEC 29100隐私框架术语、参与方及其在工程系统中的角色;在线隐私通告和同意研究项目旨在规范个人身份信息主体(用户)隐私数据的访问方式,在通告并获得用户授权的情况下访问隐私数据;增强隐私的身份管理方案旨在通过使用假名、匿名凭证等方法进行身份鉴别以减少隐私数据泄露;ISO/IEC 20889利用去身份相关技术将数据与个人身份去相关,使得利用ISO/IEC 29100原则进行数据处理时不泄露用户隐私。

This paper analyzed some standardization research reports in study period of 1SO / IEC JTC1 / SC27IT, including physically unclonable fucntions, privacy engineering framework, online privacy notices, privacy enhancing identity management, privacy enhancing data de-identification techniques. ISO / IEC 20897 standard in development aimed at security requirements, test and evaluation methods for physically unclonable functions for generating nonstored security parameter, study period of privacy engineering fi^amework aimed at further refining ISO / IEC 29100privacy framework terminology, actors and roles in the engineering of systems involving the processing personally identifiable information（PII）, study period of user fiiendly online privacy notice sand consent aim sat build a guideline for PII controllers on providing easy to understand notices and consent procedures online to PII principals, privacy enhancing identity management scheme aims at reduce the leakage of private data through use of pseudonyms, anonymous authentication and other methods, ISO / IEC 20889provides a description of privacy enhancing data de-identification techniques, to be used for describing and designing de-identification measures in accordance with the privacy principles in ISO/IEC 29100.