Identification card systems - European Citizen Card - Part 2: Logical data structures and security services

This Technical Specification specifies the logical characteristics and security features at the card/system interface for the European Citizen Card.
The European Citizen Card is a smart card with Identification, Authentication and electronic Signature (IAS) services. Therefore:
-   the supported services are specified;
-   the supported data structures as well as the access to these structures are specified;
-   the command set is defined.
This Technical Specification aims to ensure the interoperability at card/system interface in the usage phase.
In order to reach the interoperability objective, IAS services are compliant with EN 14890 Part 1 and Part 2. As the EN documents offer options, this specification fully defines a complete profile.
This Technical Specification also considers ICAO Doc 9303.
This Technical Specification does not mandate the use of a particular technology, and is intended to allow both native and Java card technologies.
This specification encompasses mandatory and optional features. Optional features make up a toolbox of modular options from which issuers can pick up the necessary protocols to fulfil the requirements for use. Mandatory features shall be implemented for a smart card to be compliant with this Technical Specification. Mandatory features required for compliancy to ECC specification are given in Annex C, the optional features are given in Annex D. Two IAS-enabled smart cards issued by two different issuers, and compliant with this Technical Specification but implementing different application profiles out of this Technical Specification, can interoperate with a terminal provided that such a terminal supports both application profiles. Therefore, interoperability requires a specific agreement between issuers/governments in order to determine which cross-border services are to be shared, and consequently, which protocols are to be supported by the terminals in each country.
All the APDU commands described in this Technical Specification are in accordance with ISO/IEC 7816 Part 4 or Part 8. They are fully described here in order to provide the settings adopted by this specification and to prevent any ambiguity in case of several possible interpretations of the standards.
For physical, electrical and transport protocol characteristics, refer to CEN/TS 15480-1.

Identifikationskartensysteme - Europäische Bürgerkarte - Teil 2: Logische Datenstrukturen und Sicherheitsfunktionen

Systèmes de cartes d’identification - Carte Européenne du Citoyen - Partie 2: structures de données logiques et services de sécurité

Sistemi z identifikacijskimi karticami - Kartica evropskih državljanov - 2. del: Logične strukture podatkov in storitve v zvezi z varnostjo

Ta tehnična specifikacija določa logične značilnosti in varnostne funkcije kartice/sistemskega vmesnika za kartico evropskih državljanov. Kartica evropskih državljanov je pametna kartica, ki omogoča storitve identifikacije, preverjanja pristnosti in elektronskega podpisa (IAS). Zato: – navaja podprte storitve; – navaja podprte strukture podatkov ter dostop do teh struktur; – določa nabor ukazov. Cilj te tehnične specifikacije je zagotoviti interoperabilnost kartice/sistemskega vmesnika v fazi uporabe. Zaradi doseganja interoperabilnosti so storitve identifikacije, preverjanja pristnosti in elektronskega podpisa skladne s 1. in 2. delom standarda EN 14890. Dokumenta EN ponujata možnosti, ta specifikacija pa v celoti določa popoln profil. Ta tehnična specifikacija upošteva tudi dokument ICAO št. 9303. Ta tehnična specifikacija ne določa uporabe določene tehnologije ter dovoljuje obstoječe tehnologije in tehnologijo Java Card. Ta specifikacija zajema obvezne in izbirne funkcije. Izbirne funkcije sestavljajo zbirko orodij za možnosti modula, izmed katerih lahko izdajatelji izberejo potrebne protokole za izpolnitev zahtev za uporabo. Obvezne funkcije je treba uporabiti, da je pametna kartica v skladu s to tehnično specifikacijo. Obvezne funkcije, ki se zahtevajo za skladnost s specifikacijo za kartico evropskega državljana, so navedene v dodatku C, izbirne funkcije pa v dodatku D. Pametni kartici, ki omogočata storitve identifikacije, preverjanja pristnosti in elektronskega podpisa, ki sta ju izdala različna izdajatelja ter sta skladni s to tehnično specifikacijo, vendar uporabljata različna profila aplikacij iz te tehnične specifikacije, sta lahko interoperabilni na terminalu, če ta terminal podpira oba profila aplikacij. Zato je za interoperabilnost potreben poseben sporazum med izdajatelji/vladami, da se določi, katere čezmejne storitve naj se delijo in katere protokole naj terminali v vsaki državi posledično podpirajo. Vsi ukazi podatkovne enote aplikacijskega protokola (APDU) iz te tehnične specifikacije so v skladu s 4. ali 8. delom standarda ISO/IEC 7816. V tem standardu so v celoti opisani, da se zagotovijo nastavitve, ki jih sprejema ta specifikacija, in prepreči morebitna dvoumnost v primeru več možnih razlag standardov. Za značilnosti fizičnih in električnih protokolov ter protokolov prenosa glejte standard CEN/TS 15480-1.

General Information

Status
Published
Publication Date
12-Jun-2012
Current Stage
9093 - Decision to confirm - Review Enquiry
Completion Date
27-Jun-2024

Relations

Buy Standard

Technical specification
TS CEN/TS 15480-2:2012 - BARVE
English language
176 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


SLOVENSKI STANDARD
01-september-2012
1DGRPHãþD
SIST-TS CEN/TS 15480-2:2009
6LVWHPL]LGHQWLILNDFLMVNLPLNDUWLFDPL.DUWLFDHYURSVNLKGUåDYOMDQRYGHO
/RJLþQHVWUXNWXUHSRGDWNRYLQVWRULWYHY]YH]L]YDUQRVWMR
Identification card systems - European Citizen Card - Part 2: Logical data structures and
security services
Identifikationskartensysteme - Europäische Bürgerkarte - Teil 2: Logische
Datenstrukturen und Sicherheitsfunktionen
Systèmes de cartes d’identification - Carte Européenne du Citoyen - Partie 2: structures
de données logiques et services de sécurité
Ta slovenski standard je istoveten z: CEN/TS 15480-2:2012
ICS:
35.240.15 Identifikacijske kartice in Identification cards and
sorodne naprave related devices
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL SPECIFICATION
CEN/TS 15480-2
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
June 2012
ICS 35.240.15
English Version
Identification card systems - European Citizen Card - Part 2:
Logical data structures and security services
Systèmes de cartes d'identification - Carte Européenne du Identifikationskartensysteme - Europäische Bürgerkarte -
Citoyen - Partie 2: structures de données logiques et Teil 2: Logische Datenstrukturen und Sicherheitsfunktionen
services de sécurité
This Technical Specification (CEN/TS) was approved by CEN on 9 January 2012 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.

EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2012 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 15480-2:2012: E
worldwide for CEN national Members.

Contents Page
Foreword .4
1 Scope .5
2 Normative references .5
3 Terms and definitions .6
4 Abbreviations .7
4.1 Abbreviations .7
4.2 Coding conventions and notation.9
5 Data elements and data structures . 10
5.1 Supported data Structures . 10
5.2 Access to data structures . 10
5.3 Answer to reset (ATR) / answer to select (ATS) . 11
5.4 General architecture and file supported . 15
5.5 Selection of data structures . 16
5.6 Access to files . 17
6 Basic card services . 18
6.1 General . 18
6.2 Identification . 18
6.3 User verification . 20
6.4 Device authentication . 20
6.5 Digital signature . 23
6.6 Client/Server Authentication . 24
6.7 Encryption key decipherment . 24
7 Extended card services . 25
7.1 General . 25
7.2 Biometrics – on card matching . 25
7.3 Passive Authentication . 25
7.4 Basic Access Control . 25
7.5 Active Authentication . 25
7.6 Extended Access Control . 26
7.7 Role authentication. 26
7.8 Restricted Identification (RI) . 27
7.9 Age, Validity or Auxiliary Data Verification . 28
7.10 Modular Enhanced Role Authentication (mERA) . 28
Annex A (normative) Command set . 29
A.1 CLASS byte coding. 29
A.2 Command chaining mechanisms . 29
A.3 Extended length mechanism . 30
A.4 Logical channels . 31
A.5 Short and extended length fields . 31
A.6 Status words . 31
A.7 Command set . 32
Annex B (normative) Cryptographic Information Application . 54
B.1 Description . 54
B.2 CIA data organisation . 63
Annex C (normative) Mandatory features . 83
C.1 General . 83
C.2 Data elements and data structures . 83
C.3 Card services . 84
C.4 Command set . 84
C.5 Device Authentication and Key Derivation . 85
C.6 Digital signature . 85
C.7 Client/Server Authentication . 86
C.8 Encryption Key Decipherment . 86
Annex D (informative) Optional features . 87
D.1 General . 87
D.2 Data elements and data structures . 87
D.3 Card services . 88
D.4 Command set . 88
D.5 Device Authentication and Key Derivation . 89
D.6 Digital signature . 89
Annex E (informative) Application Profiles . 90
E.1 General . 90
E.2 Application Profile 1: ICAO Application with EAC features . 90
E.3 Application Profile 2: Travel Document Application . 96
E.4 Application Profile 3: eID Application . 101
E.5 Application Profile 4: Digital Signature Application . 111
E.6 E.6 Application Profile 5: eServices Application using a trusted third party . 121
E.7 Application Profile 6: Health Insurance Application . 136
E.8 Application Profile 7: Combined eID and signature application . 152
E.9 Application Profile 8: Multi-Service application . 156
Annex F (informative) Access rules in expanded format . 161
F.1 Object protection by access rules in expanded format . 161
F.2 Access rules in expanded format . 161
F.3 Security attribute referencing expanded format . 162
F.4 Security attribute template for physical interfaces . 163
Annex G (informative) Example of data structure: the Security Data Objects concept . 164
G.1 SDO concept . 164
Bibliography . 176

Foreword
This document (CEN/TS 15480-2:2012) has been prepared by Technical Committee CEN/TC 224 “Pe
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.