ISO

Standardization in the areas of Cloud Computing and Distributed Platforms including:

• Foundational concepts and technologies,
• Operational issues, and
• Interactions among Cloud Computing systems and with other distributed systems

SC 38 serves as the focus, proponent, and systems integration entity on Cloud Computing, Distributed Platforms, and the application of these technologies. SC 38 provides guidance to JTC 1, IEC, ISO and other entities developing standards in these areas.

Terms of Reference:

1. Standardization in the area of data in cloud computing, distributed platforms, connected devices and related technologies
2. Establish liaisons and collaborate with other entities within and external to JTC 1 as appropriate

SO/TS 12812-5:2017 focuses on mechanisms by which a person ("consumer", "payer" or "business") uses a mobile device to initiate a payment to a business entity ("merchant" or "payee"). Such a payment may use the traditional merchant point of interaction (POI) system, where the manner of settling the payment follows well-established merchant services paradigms.

ISO/TS 12812-4:2017 provides comprehensive requirements and recommendations, as well as specific use cases for implementation of interoperable mobile payments-to-persons.

The emphasis is placed on the principles governing the operational functioning of mobile payments-to-persons systems and processes, as well as the presentation of the underlying technical, organizational, business, legal and policy issues, leveraging legacy infrastructures of existing payment instruments.

ISO/TS 12812-3:2017 specifies the interoperable lifecycle management of applications used in mobile financial services. As defined in ISO 12812‑1, an application is a set of software modules and/or data needed to provide functionality for a mobile financial service.

This document deals with different types of applications which is the term used to cover authentication, banking and payment applications, as well as credentials.

This document specifies MAC algorithms suitable for applications requiring lightweight cryptographic mechanisms. These mechanisms can be used as data integrity mechanisms to verify that data has not been altered in an unauthorized manner. They can also be used as message authentication mechanisms to provide assurance that a message has been originated by an entity in possession of the secret key.

The following MAC algorithms are specified in this document:

a) LightMAC;

b) Tsudik's keymode;

c) Chaskey-12.

This document specifies three block ciphers suitable for applications requiring lightweight cryptographic implementations:

— PRESENT: a lightweight block cipher with a block size of 64 bits and a key size of 80 or 128 bits;

— CLEFIA: a lightweight block cipher with a block size of 128 bits and a key size of 128, 192 or 256 bits;

— LEA: a lightweight block cipher with a block size of 128 bits and a key size of 128, 192 or 256 bits.

This document defines a privacy architecture framework that:

— specifies concerns for ICT systems that process PII;

— lists components for the implementation of such systems; and

— provides architectural views contextualizing these components.

This document is applicable to entities involved in specifying, procuring, architecting, designing, testing, maintaining, administering and operating ICT systems that process PII.

It focuses primarily on ICT systems that are designed to interact with PII principals.

ISO/IEC 29100:2011 provides a privacy framework which

• specifies a common privacy terminology;
• defines the actors and their roles in processing personally identifiable information (PII);
• describes privacy safeguarding considerations; and
• provides references to known privacy principles for information technology.

ISO/IEC 29100:2011 is applicable to natural persons and organizations involved in specifying, procuring, architecting, designing, developing, testing, maintaining, administering, and operating information and communication technology systems or services where privacy controls are required for the processing of PII.

Although there is substantial overlap between information security and privacy management, both fields are broader. This standard will explain how to ‘enhance’ (adapt and extend) an ISO/IEC 27001 Information Security Management System and the associated ISO/IEC 27002 controls to manage privacy as well as information security.