CEN/TS 15480-1:2007

SLOVENSKI STANDARD
01-februar-2009
6LVWHPL]LGHQWLILNDFLMVNLPLNDUWLFDPL.DUWLFDHYURSVNLKGUåDYOMDQRYGHO
)L]LþQHHOHNWULþQHLQWUDQVSRUWQH]QDþLOQRVWLSURWRNROD
Identification card systems - European Citizen Card - Part 1: Physical, electrical and
transport protocol characteristics
Identifikationskartensysteme - Europäische Bürgerkarte - Teil 1: Physikalische,
elektrische und transportprotokollbezogene Merkmale
Systèmes des cartes d'identification - Carte Européenne du Citoyen - Partie 1:
Caractéristiques physiques, électriques et protocoles de transmission
Ta slovenski standard je istoveten z: CEN/TS 15480-1:2007
ICS:
35.240.15 Identifikacijske kartice in Identification cards and
sorodne naprave related devices
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

TECHNICAL SPECIFICATION
CEN/TS 15480-1
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
April 2007
ICS 35.240.15
English Version
Identification card systems - European Citizen Card - Part 1:
Physical, electrical and transport protocol characteristics
Systèmes des cartes d'identification - Carte Européenne du Identifikationskartensysteme - Europäische Bürgerkarte -
Citoyen - Partie 1: Caractéristiques physiques, électriques Teil 1: Physikalische, elektrische und
et protocoles de transmission transportprotokollbezogene Merkmale
This Technical Specification (CEN/TS) was approved by CEN on 17 July 2006 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland,
France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,
Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: rue de Stassart, 36  B-1050 Brussels
© 2007 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 15480-1:2007: E
worldwide for CEN national Members.

Contents Page
Foreword.3
Introduction .4
1 Scope.5
2 Normative references.5
3 Terms and definitions .6
4 Symbols and abbreviations .12
5 Definition, use and functions of the European Citizen Card (ECC) .13
5.1 General .13
5.2 Compliance with public administration requirements and citizen expectations.14
5.3 Citizen privacy protection.14
5.4 Identifying a ECC holder.14
5.5 European Citizen Cards functions .15
6 ECC physical characteristics.15
6.1 General .15
6.2 Materials .16
6.3 ECC physical security elements.16
6.4 ECC security evaluation .18
7 Electrical characteristics .18
7.1 Dimensions and location of the contacts or coupling area .18
7.2 The contact interface .18
7.3 Contactless interface .18
8 Transport protocols .18
9 Terminal characteristics .19
Annex A (informative) General card design (with reference to Directive 96/47/EC relating to
European driving licences).20
Annex B (informative) Methodology for the design of ECC durability testing.23
B.1 General .23
B.2 Introduction .23
B.3 Vocabulary.24
B.4 Methodology for ECC durability .24
B.5 Core test sequence requirements .29
B.6 Individual tests relevant for the ECC.30
B.7 Examples of mission profile calculations for the ECC.35
Annex C (informative) Security requirements for the ECC as a travel document (Council Regulation
on e-passports and travel documents) .39
C.1 Material .39
C.2 Biographical data page .39
C.3 Printing techniques.40
C.4 Protection against copying.40
C.5 Issuing technique.41
Bibliography.42
Foreword
This document (CEN/TS 15480-1:2007) has been prepared by Technical Committee CEN/TC 224 “Personal
identification, electronic signature and cards and their related systems and operations”, the secretariat of which is
held by AFNOR.
CEN/TS 15480, Identification card systems — European Citizen Card consists of the following parts:
Part 1: Physical, electrical and transport protocol characteristics
Part 2: Logical data structures and card services
Part 3: ECC interoperability using an application interface
Part 4: Recommendations for ECC issuance, operation and use
According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to announce this CEN Technical Specification: Austria, Belgium, Bulgaria, Cyprus, Czech
Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden,
Switzerland and United Kingdom.
Introduction
This Technical Specification describes the specifications for the European Citizen Card (ECC) including electronic
identity cards, with smart card format, defining identity justification with emphasis on remote civil service
procedures.
This proposal is intended to comply with the scope of the NWI ECC as defined by the terms of reference
document approved by the CEN/TC 224 Resolution 667/2004.
This Technical Specification is one of a set of documents describing card specifications. It defines identity
justification functions, with emphasis on remote public service procedures requiring the generation and/or
verification by the ECC card of electronic signatures and electronic certificates.
1 Scope
This Technical Specification specifies Electronic Citizen Card (ECC) requirements .The ECC, is a smart card
issued under the authority of a government institution, either national or local and carries credentials in order to
provide all or part of the following services:
1) verify the identity;
2) act as an Inter-European Union travel document;
3) facilitate logical access to e-government or local administration services.
A public administration authority may entitle a private organisation to provide all or part of the ECC services.
This Technical Specification is intended to offer the card issuer with a great deal of flexibility for the ECC
specification, in connection with the services that the ECC provides, the authentication mechanisms supported
and the national specific public policy with an special concern to protect the citizen privacy according to the
applicable European legislation.
The requirements described in this Technical Specification are used to:
a) define a plastic body card with associated physical and logical securities;
b) specify the electrical interface and data transport protocols for the ECC;
c) support the basic set of Identification and, authentication elements visible at the card surface.
This Technical Specification also contains a possible methodology for ECC durability testing in informative Annex
B.
This Technical Specification refers to the European legislation and regulations in effect.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references,
only the edition cited applies. For undated references, the latest edition of the referenced document (including any
amendments) applies.
ISO/IEC 7810, Identification cards — Physical characteristics
ISO/IEC 7816-1, Identification cards — Integrated circuit(s) card(s) with contacts — Part 1: Physical
characteristics
ISO/IEC 7816-2, Identification cards — Integrated circuit cards — Part 2: Cards with contacts — Dimensions and
location of the contacts
ISO/IEC 7816-3, Identification cards -- Integrated circuit cards -- Part 3: Cards with contacts -- Electrical interface
and transmission protocols
ISO/IEC 7816-4, Identification cards — Integrated circuit(s) cards — Part 4: Organization, security and commands
for interchange
ISO/IEC 7816-5, Identification cards — Integrated circuit cards — Part 5: Registration of application identifiers
ISO/IEC 7816-6, Identification cards — Integrated circuit cards — Part 6: Interindustry data elements for
interchange
ISO/IEC 7816-7, Identification cards — Integrated circuit(s) cards with contacts — Part 7: Interindustry commands
for Structured Card Query Language (SCQL)
ISO/IEC 7816-8, Identification cards — Integrated circuit cards — Part 8: Commands for security operations
ISO/IEC 7816-9, Identification cards — Integrated circuit cards — Part 9: Commands for card management
ISO/IEC 7816-10, Identification cards — Integrated circuit(s) cards with contacts — Part 10: Electronic signals
and answer to reset for synchronous cards
ISO/IEC 7816-11, Identification cards — Integrated circuit cards — Part 11: Personal verification through
biometric methods
ISO/IEC 7816-12, Identification cards — Integrated circuit cards — Part 12: Cards with contact — USB electrical
interface and operating procedures
ISO/IEC 7816-15, Identification cards — Integrated circuit cards — Part 15: Cryptographic information application
ISO/IEC 10373-3, Identification cards — Test methods — Part 3: Integrated circuit(s) cards with contacts and
related interface devices
ISO/IEC 10373-6, Identification cards — Test methods — Part 6: Proximity cards
ISO/IEC 14443-1, Identification cards — Contactless integrated circuit(s) cards — Proximity cards — Part 1:
Physical characteristics
ISO/IEC 14443-2, Identification cards — Contactless integrated circuit(s) cards — Proximity cards — Part 2:
Radio frequency power and signal interface
ISO/IEC 14443-3, Identification cards — Contactless integrated circuit(s) cards — Proximity cards — Part 3:
Initialization and anticollision
ISO/IEC 14443-4, Identification cards — Contactless integrated circuit(s) cards — Proximity cards — Part 4:
Transmission protocol
ICAO 9303, Part 1, Machine Readable Passports
ICAO 9303, Part 2, Machine Readable Visas
ICAO 9303, Part 3, Machine Readable Official Documents of Identity
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
access control
mechanism for limiting the use of some ECC resources to authorized users, based on the privilege attributes of
the requester and control attributes of the requested resource. Access control mechanisms may be used to
protect disclosure of private sensitive data stored in the ECC
3.2
alteration
fraudulent action of changing a part of an original document, e.g. by changing the biographical data of the
document holder
3.3
application
data structure, data elements and program modules needed for a specific functionality to be satisfied
3.4
authentication
provision of assurance of the claimed identity of an entity
[ISO/IEC 10181-2:1996]
3.5
authorization
right or permission that is granted to the ECC holder after its successful authentication
3.6
card holder
legal holder of the ECC
3.7
card issuing authority
entity that issues the ECC
3.8
Certification Authority (CA)
means an entity or a legal or natural person who issues certificates or provides other services related to electronic
signatures
[Directive 1999/93/EC]
3.9
checking the authenticity of the issuing authority
 verifying the authenticity of the card,
 verifying that the card is compliant with Civil Service specifications;
 verifying the issuing authority;
 identifying the ECC by its intrinsic properties.
The authenticity inspection may be conducted using resources such as a magnifying glass, UV lamp, digital
fingerprint sensor, micromodule reader etc.
3.10
counterfeiting
unauthorized document that has the same security characteristics as the original document ones and that cannot
be distinguished from a legitimate one. For instance a card made from a blank stolen document
3.11
credentials
known data attesting to the truth of certain citizen identity attributes and stored in the ECC
3.12
electronic certificate
means an electronic attestation which links signature-verification data to a person and confirms the identity of that
person
[Directive 1999/93/EC]
3.13
electronic signature
means data in electronic form which are attached to or logically associated with other electronic data and which
serve as a method of authentication
[Directive 1999/93/EC]
3.14
evaluation
assessment of a PP, an ST or a TOE, against defined criteria
3.15
Evaluation Assurance Level (EAL)
package consisting of assurance components from ISO/IEC 15408-3 that represents a point on the CC predefined
assurance scale
3.16
fingerprint minutia(e)
minutiae are characteristics of digital fingerprint ridges (start, end, ridge bifurcation). Each minutia is represented
by a mathematical point and an angle defining a position and a direction. Minutiae are represented by a dot map
used to single out digital fingerprints and people
3.17
falsification
refer to alteration and simulation
3.18
fixed administrative information
general information on an identity document in a predefined, precise order, pre-printed or otherwise, constituting
the structure for all personal information contained in the said document
3.19
guilloche
motifs formed using continuous thin lines, usually created by a computer, together forming a unique image that
may only be perfectly reproduced with the same equipment (software, parameters, hardware and materials) used
to produce the original motif
3.20
identification
process necessary to recognise the identity of the cardholder
3.21
identified transaction
is one in which the data can be readily related to a particular individual, because the transaction carries a
credential of the person concerned or because the transaction contains data which, in combination with other
available data, links the transaction to a particular person
3.22
initial and secondary ECC examinations
initial examination is an analysis of the ECC security components either visually and/or using light, transportable
resources. A secondary examination is an analysis of ECC security components using laboratory technology
resources
3.23
interoperability
property enabling heterogeneous equipment concerned by electronic exchanges, to inter-communicate in
compliance with standards.
These standards specify the following common characteristics:
 electrical and mechanical interfaces;
 structure and coding of exchanged messages;
 data identifiers;
commands structure and coding for data processing
3.24
machine readable zone
three lines of OCR-B characters on the back of a ID1 card that may be read by a machine
(see ICAO 9303)
3.25
microcontroller
electronic component integrating the different physical elements of a card (CPU, ROM, RAM, EEPROM and
possibly a cryptoprocessor etc.)
3.26
micromodule
electronic part of the ECC and includes the integrated circuit and components required to connect to the outside
world. There are several micromodule types. The main types are:
 contact micromodule:
this type of micromodule is designed to communicate using embedded mechanical characteristics in
compliance with the rules of ISO/IEC 7816;
 contactless micromodule:
this type of micromodule is designed to allow the card to only communicate using radio frequencies whose
characteristics are defined in ISO/IEC 14443;
 mixed micromodule:
this type of micromodule is designed to allow the card to communicate in both contact and contact-less
modes via a radio frequency link, whose characteristics are defined in ISO/IEC 14443, with the reader. Cards
with this type of micromodule are called “combination cards” or “dual interface cards”
3.27
microlettering
text with very small font size, printed in positive or in negative and that may be read using a magnifying device
3.28
mission profile
durability of a card in the field is defined with respect to the “usage” conditions and the “age” criteria. Both are
dependant on the environment, storage by the user and the reader profile. Respectively all these parameters are
influenced by the frequency of use and the card operational life
3.29
optical variable feature
image or device whose colour and/or design changes depending on the angle of vision or the amount of light used
3.30
private key
key of an entity’s asymmetric key pair which should only be used by that entity
[ISO/IEC 11770-1:1996]
3.31
protection profile
implementation-independent set of security requirements for a category of TOEs that meet specific consumer
needs
3.32
public key
key of an entity’s asymmetric key pair which can be made public
[ISO/IEC 11770-1:1996]
3.33
public key infrastructure (PKI)
system that uses asymmetric encryption to provide proof of identity, data privacy, non-repudiation and data
integrity
3.34
rainbow printing
technique used to print two or more colours simultaneously to create controlled mixes of colours that vary
consistently and gradually between two different zones
 electronic reading/writing zone with contact:
this is determined by the location of the micromodule metallic contacts. The location of this zone is defined by
ISO/IEC 7816-2;
 electronic reading/writing zone without contact:
this is determined by the volume associated with the information exchange device in which a card may be
read or written by the reader as per ISO/IEC 14443;
 electronic reading/writing zone for a mixed card:
this zone provides the same function as both the contact and contactless electronic communication zones
3.35
physical protection
additional layer applied during the personalization process that protects the variable data of the ECC (e.g. photo)
and the ECC card body. They include laminate, overlay, varnish, patches, holograms or any combination of them
3.36
pseudonym
identifier for a party to a transaction, which is not, in the normal course of events, sufficient to associate the
transaction with a particular citizen
3.37
pseudonymous transaction
one in which the transaction data contains no direct citizen identifier. The data may however be indirectly
associated with the citizen if particular procedures are followed
3.38
remote procedure
paperless exchange of administrative processes between public authorities (ministers, public bodies etc.) and
their partners and citizens.
The main stages are:
 request for access to an on-line procedure;
 loading of an on-line procedure;
 loading of procedure-related data;
 filling up of document on screen;
 signature and transfer of procedure-related data
3.39
remote transmission
transmission via a paperless data network of non-secure and secure data (encoding and/or electronic signature)
3.40
ROM
non-volatile, non-rewritable memory technology applicable to operating systems and allowing the storage of all or
some software components. Other non-volatile memory technologies can also be used, such as Flash-EEPROM
memories
3.41
secure signature creation device (SSCD)
electronic device meeting the requirements of Annex III of Directive 1999/93/EC covering electronic signatures.
The ECC platform is capable to support an electronic signature service meeting these requirements
3.42
security target (ST)
set of security requirements and specifications to be used as the basis for evaluation of an identified TOE
3.43
simulation
unauthorized document that simulates the original document in terms of overall aspect and in terms of security
characteristics but without having the original ones
3.44
target of evaluation (TOE)
IT product or system and its associated administrator and user guidance documentation that is the subject of an
evaluation
3.45
user authentication
authentication mechanism involving the provision of evidence of the identity of an individual
3.46
variable information
personal information on an identity document, summarising data linked to the document holder
3.47
visual inspection and automatic inspection
when an agent responsible for this procedure inspects the document and information specifications without
instrumentation, this inspection is considered to be visual. If the agent uses a device to inspect all or part of a
document's characteristics, this inspection is considered to be automatic
4 Symbols and abbreviations
AID Application Identifier
APDU Application Protocol Data Unit
API Application Programmable Interface
CC Common Criteria
ECC European Citizen Card
CEN European Standardization Committee
EEC European Economic Community
EEPROM Electrically Erasable Programmable Read Only Memory
ETSI European Telecommunications Standards Institute
IAS Identification Authentication Signature
ICAO International Civil Aviation Organization
ISO International Organization for Standardization
MAC Message Authentication Code
MRZ Machine Readable Zone
OS Operating System
OVF Optical Variable Feature
PCD Proximity Coupling Device
PICC Proximity Integrated Circuit card
PIN Personal Identification Number
PP Protection Profile
RAM Random Access Memory
ROM Read Only Memory
SSCD Secure Signature Creation Device
TOE Target of Evaluation
USB Universal Serial Bus
UV Ultra Violet
5 Definition, use and functions of the European Citizen Card (ECC)
5.1 General
The ECC shall be a personalized smart card with an ID-1 format as defined in ISO/IEC 7810 and a module
compliant with ISO/IEC 7816 parts 1 and 2.
The ECC shall serve to verify the identity of its holder electronically by using identity credentials securely stored in
the card memory and possibly using visual features on the card. These features:
 shall be designed for visual inspection by suitable technological means;
 shall be designed for easy control only by a visual inspection;
 enable the generation of an electronic signature using the certificate issued by the corresponding certification
authority;
 offer stringent security to match the level of the threat of fraud;
 enable the owner to check personal data contained in the card
 dependant on the options selected, enable its holder to access remote procedures, remote transmissions and
services made available by the public administration

The card shall reflect sufficiently the outcomings of the national global risk analysis incorporating visual
identification risks, natural or accidental risks, fraud or counterfeiting risks and risks linked to the voluntary
degradation of the protective covering and micromodule.
The card shall include a contact interface according to ISO/IEC 7816-3 and / or ISO/IEC 7816-12. When the ECC
logical data set is compliant with ICAO specification, then the ECC shall include a contact-less interface, access
method mechanisms and visual data field compliant with ICAO 9303, Parts 1 to 3, requirements.
5.2 Compliance with public administration requirements and citizen expectations
5.2.1 Public administration requirements
ECC shall take into account public administration requirements where based upon EC Directives and the
following:
 administrative structures of the State. The ECC simplifies the administrative handling of citizen services and
provides the means to ensure the full integrity of processed and transmitted information;
 reliable and secure means of authentication;
 specific security requirements for access to on-line e-government services (e.g. access only possible using
certified terminals).
5.2.2 Citizen expectations
 Easy access for the citizen to local and public authorities information;
 provide information in a safe manner to the local and public authorities;
 identify and authenticate the citizen to facilitate access to services, public or private;
 ability to access on-line services from personal terminals.
5.3 Citizen privacy protection
The ECC is intended to facilitate the deployment of interoperable e-government services requiring IAS security
services, as defined in ECC according to part 2 of this Technical Specification. The access to those services is
authorized on ECC presentation and subsequent execution by the card of the identification, authentication and
signature procedures defined in this Technical Specification.
The ECC initializes identified transactions authorized only by its legitimate owner, therefore privacy and security
are key concerns in the issuance and operation of the ECC. As such, the ECC document provides guidance to
build more secure, privacy-friendly identity-based services that can comply with local regulations, facilitate
widespread adoption of the card by citizens and, in particular:
 to avoid unjustified exposure of information made available in the public interest;
 to keep personal data out of the hands of third organizations;
 to prevent government agencies using irrelevant and outdated information.
5.4 Identifying a ECC holder
 The ECC is used to identify the cardholder The information in the identity certificate shall match the
information printed on card, even if there are different issuers;
 the link between the “proof of identity” and its holder is confirmed by a microcontroller with textual data, digital
certificates and related key pairs, routines for execution of cryptographic calculations and possibly execution
of biometric matching authentication using fingerprint minutiae;
 when physical identification is required, then the photograph and signature of the holder on the card are
mandatory.
The link between the ECC and its cardholder is essential and guaranteed by each national law to:
 avoid the ECC being used by a third party and to prevent this third party illegally using a found or stolen ECC;
 avoid any text or graphics from being modified for fraudulent or improper use.
5.5 European Citizen Cards functions
The ECC shall support the following functions:
1) identification and authentication of the holder by electronic means using reference data stored in the card
and also by visual or any other appropriate device;
2) mutual authentication between the card and the terminal communicating with the card, if required by the
application;
3) secure transmission of data using contact and conditionally contact-less interfaces;
4) confidential exchange of data if required;
5) electronic signature generation;
6) access control mechanisms to stored data;
7) multi-application capabilities;
and the ECC may support the following functions:
a) post-Issuance management of applications on the card (as per the future ISO/IEC 7816-13);
b) controlled updating of solely electronically stored data;
c) additional certificates can be stored on the card, using the IAS services of the card.
NOTE Devices such as a magnifying glass, UV lamp, digital fingerprint sensor or micro-module reader may be used in
the authentication process.
6 ECC physical characteristics
6.1 General
The ECC shall integrate an IC chip as defined in ISO/IEC 7816, and ISO/IEC 14443, if the ECC is also
operational in the contactless mode.
If visual inspection is required then the ECC shall include:
 a unique variable text specific to each ECC and appended to the “fixed administration information” providing
the holder’s name, status etc.;
 a general informative text corresponding to the “fixed administrative information” (see Annex A);
 when requiring identity authentication, a black-and-white or colour photograph, signatures of the holder and
issuing authority (depending on the plastic personalisation technique in place), personalized using the
adapted processes to the card body material. This personalization system also concerns the variable
information” indicated above, and shall be as such that any falsification (alteration and / or simulation) shall
be detectable in the initial or secondary examinations;
 a standardised machine readable zone (ICAO recommendation 9303-1); the position of the MRZ can be
located on the same side of the photo and the holder data for 1 step reading with scanner MRTD device;
 the card shall include the physical security elements as per 6.3;
 the front and back surfaces of the ECC body may be adapted to ECC usage for direct printing depending on
the applications, and environment;
 the position of the data on the card may correspond to the example provided by the informative Annex A.
6.2 Materials
The ECC material shall be compatible with printing procedures currently available in security printing technology.
The ECC materials shall allow the use of contact and contact-less interfaces according to the functional
requirements of this Technical Specification.
This Technical Specification does not mandate any particular card body material for the ECC. However several
classes of ECC durability are herein defined. The objective is to enable the issuer to make the appropriate choice
in connection with the ECC type and his specific reliability constraints depending on the card intended usage and
environment.
A methodology for card durability and testing is provided in informative Annex B.
6.3 ECC physical security elements
6.3.1 Security levels
The physical features are not dedicated to be cosmetic features. They should assume a certain level of security.
In fact, the security elements shall be classified in four categories:
 level 1 (also defined as “overt”): all secure features that are seen at a glance with human eyes (objectives:
10 s to get opinion from security officer);
st
 level 2 (also defined as “covert 1 level): secure features that need portable equipment to be used by non
trained officer (objectives: to be used for instance on the road, at customs);
nd
 level 3 (also defined as “covert 2 level): secure features that need specialist tool with in general ciphering
and so computing (objectives: to be used for instance on the road, at customs or need special environment);
 level 4 (also defined as “forensic taggant”): only known by supplier and/or by the governmental administration,
permit (need special environment) to authenticate supplier and/or to check the authenticity of the card and /
or to follow the counterfeiting.
The ECC card should at least include secure features of the level 1 and 2; some are described in this Technical
Specification (see 6.4). They represent a minimum set of required common physical requirements.
Moreover, it is highly recommended that the ECC card also includes secure features of level 3 and 4. However
since this Technical Specification recognizes that member states might wish to introduce confidential and/or
security elements requiring specific devices, for these two levels 3 and 4, these confidential elements are out of
the scope of this Technical Specification.
6.3.2 Security elements
Any additional physical security elements that complement the minimum set of physical features, that may be
required under the discretion of member states, shall not compromise the interoperability, functional and durability
requirements of the ECC as defined in this present Technical Specification.
The ECC security elements should comply with the following requirements:
1) resistance to counterfeiting;
2) resistance to alteration;
3) resistance to simulation.
These security elements protect the ECC against physical attacks by:
 making easily detectable any attempt to counterfeit, alter or simulate and
 deterring the possible attacker because of the economic cost associated to the attack.
All the security elements, that are easy to detect and allow systematic control (all features of level 1 and level 2
and some of the level 3 depending of the features), shall be compatible with the test sequence of the durability
class associated to the card.
6.3.3 Background and text printing
The printing area should be compatible with adhesion and the durability objectives of the card issuer according to
ISO/IEC 7810 and/or tamper evident properties as well as the de-lamination requirements.
In case visual inspection is required for the ECC, the ECC shall bear a security background pattern (level 1 and/or
level 2 features) designed to be resistant to counterfeit by scanning, printing or copying. To achieve this, the
background should not be composed of the primary colours. The pattern should contain complex pattern designs
in a minimum of two special colours and should include micro lettering. The pattern should show no evidence of
half-tone dots, or pixel structures typically found in digital printing technologies.
6.3.4 Ink and other imaging media
UV fluorescent ink (level 2 when visible if UV exposed or level 3 when invisible) with a spectral response that is
distinct in colour from any fluorescence in the card-body material, is mandatory for the ECC. The UV element
shall either be included in the background printing of the ECC or in a specific area of the ECC to protect
vulnerable data or other elements of the ECC that may be particular targets to fraud.
The incorporation of an optically variable feature (OVF) in the ECC is mandatory. This Technical Specification
recommends that this OVF be into the card. This Technical Specification does not mandate any specific OVF
technology (at least level 1). When the personalization data are printed on the card body surface, some security
measures should be added to protect against attempts to tamper them.
6.4 ECC security evaluation
The ECC is recommended to be certified against the CWA 14169 type 2 or type 3. This CWA is going to become
a European Standard. Depending on the intended application additional certification requirements may be defined
by the card issuer or by the legal authority.
WARNING
ECC not certified according to CWA 14169 may raise security concerns.
NOTE CWA 14169 defines the security requirements for Secure Signature Creation Device (SSCD) in accordance with the
EU Directive. The CWA 14169 defines deferent Protection Profile (PP) used by the ECC.
The intent of this Protection Profile is to specify functional and assurance requirements defined in the Directive, Annex III for
SSCD which is the target of evaluation (TOE). Member States shall presume that there is compliance with the requirements
laid down in the Directive when an electronic signature product is evaluated to a Security Target (ST) that is compliant with this
PP.
The ECC can be type 2 or type 3 usage (see CWA 14169). The SSCD Type 2 or Type 3 are personalized components which
means that they can be used for signature creation by one specific user; the signatory only.
The assurance level for these PPs is EAL4 augmented. The minimum strength level for the TOE security
functions is 'SOF high' (Strength of Functions High).
7 Electrical characteristics
7.1 Dimensions and location of the contacts or coupling area
The ECC shall comply with the relevant specifications of ISO/IEC 7816 and/or ISO/IEC 14443
7.2 The contact interface
When the ECC is equipped with a contact interface, it shall be compliant with ISO/IEC 7816
7.3 Contactless interface
When the ECC is equipped with a contactless interface, it shall be compliant with ISO/IEC 14443.
8 Transport protocols
The transport protocol for the contact and contactless interfaces, whether one of either or both are implemented in
the ECC, shall be compliant with the relevant specifications of ISO/IEC 7816 and ISO/IEC 14443
9 Terminal characteristics
The ECC shall be able to be processed by four types of terminal:
 terminal providing free access to administrative operations may be in the form of a kiosk and shall at least
comprise, in addition to the MMI (screen/keyboard or touch screen type), a smart card reader and a keyboard
for entering secret codes. The terminal has cryptographic tools allowing component authenticity to be
checked by introducing algorithms to public or private keys. It may also comprise a biometric information
sensor (finger prints etc.) when the available operations demand a high level of authentication security;
 control terminal intended for use by an agent and capable of reading and checking card data, including
security elements. This terminal may resemble a portable payment terminal or a PDA (1/4 VGA screen, touch
screen). It shall be able to communicate to provide it with access to revocation lists. Additional functions can
also be added depending on services offered;
 data verification terminal used to read free access information in the chip. This terminal only has a small
display (e.g. two lines of 16 alphanumeric characters) and a scroll button and may resemble a key ring. This
terminal does not guarantee card authenticity;
 personal signature workstation such as a personal computer in a private, uncontrolled environment.
Other characteristics of the terminal are out of the scope of this Technical Specification.
Annex A
(informative)
General card design (with reference to Directive 96/47/EC relating to
European driving licences)
Figure A.1 — General design of card front
Figure A.2 — General design of card back

Figure A.3 — Details of zones on the card front
Figure A.4 — Details of zones on the card back
Annex B
(informative)
Methodology for the design of ECC durability testing
B.1 General
This informative annex has been submitted to ISO JTC1 SC17. The methodology described in this Informative
Annex is preliminary and has not been yet been verified.
.
B.2 Introduction
This Technical Specification introduces the concept
...