CEN/TS 15480-5:2013
(Main)Identification card systems - European Citizen Card - Part 5: General Introduction
Identification card systems - European Citizen Card - Part 5: General Introduction
1.1 Scope of CEN/TS 15480-5:2013
The scope of this Technical Specification is to provide a general description of the standard together with an introduction to each part of the ECC standard.
Informative Annex A maps the relationship between the various parts of the ECC standard and other ISO/IEC standards relating to the card platform.
1.2 Scope of the ECC standard
The European Citizen Card (ECC) standard addresses the difficulties presented to citizens when attempting to access various public services using a smart card as an access token. The scope of the ECC standard covers card capabilities and structures specified under the following headings:
- Specific definition of minimum features (for example, card surface print structure).
- Definition of optional features that may be required to provide the desired electronic services.
- Specification of discovery mechanisms to allow supported and in-use card capabilities and features to be identified.
- Besides covering the hardware and software of the card, the ECC standard also addresses interfaces to readers and servers through middleware components.
This simple concept can enable ECC cards to adopt a widely different set of personas, even though a common application may be housed on cards used in different environments and in different ways. Generically, we can consider ECC cards as being classed as one of the following groups, even though the same application may be loaded (alongside others) in each environment. These groupings are:
- eID Verification token;
- Inter-European Union travel document;
- Provider of logical access to e-Government or local administration services or to private sector services by housing personal credentials.
In order to support the above, it is noted that there will be certain minimum requirements upon any card conforming to the ECC, specifically, the European Citizen Card will be at a minimum a smart card with Identification, Authentication and electronic Signature (IAS) service capabilities. The ECC may act as a bridge between different application requirements of an integrated circuit card and in so doing act to reduce the number of different European specifications and standards required.
The ECC will be issued under the responsibility of a European National Public Administration in order to provide a token supporting one of the above usage groupings by housing one or more relevant applications. In addition, there is nothing to stop the ECC being used to support private applications and environments which would therefore allow the ECC to be used in a shared public-private application scenario.
It is apparent that the ECC is intended to offer the card issuer/ service provider with a great deal of flexibility in the services that the ECC provides, the authentication mechanisms supported and the local national specific public policy with an special concern to protect the citizen privacy according to the applicable European legislation.
Identifikationskartensysteme - Europäische Bürgerkarte - Teil 5: Allgemeine Einführung (ECC-5)
Systèmes de cartes d'identification - Carte Européene du Citoyen - Partie 5 : Introduction générale (ECC-5)
Sistemi z identifikacijskimi karticami - Kartica evropskih državljanov - 5. del: Splošna predstavitev
Standard za kartico evropskih državljanov (ECC) obravnava težave, ki jih imajo državljani pri poskusu dostopa do različnih javnih storitev z uporabo pametne kartice kot žetona za dostop. Na področje uporabe standarda za kartico evropskih državljanov spadajo
zmogljivosti in strukture kartic, opredeljene pod naslednjimi naslovi:
– Posebna opredelitev minimalnih funkcij (na primer struktura tiska na površini kartice).
– Opredelitev dodatnih funkcij, ki so morda zahtevane za zagotavljanje želenih elektronskih storitev.
– Specifikacija mehanizmov odkrivanja, da se omogoči opredelitev podprtih zmogljivosti in funkcij kartice med uporabo.
– Standard za kartico evropskih državljanov poleg strojne opreme in programske opreme kartice obravnava tudi vmesnike za bralce in strežnike prek komponent vmesne programske opreme. Ta preprosti koncept lahko karticam evropskih državljanov omogoči sprejetje drugačnega sklopa oseb, čeprav je lahko na karticah skupna aplikacija, ki se uporablja v različnih okoljih in na različne načine. Na splošno lahko kartice evropskih državljanov obravnavamo kot razvrščene v eno od naslednjih skupin, čeprav je mogoče enako aplikacijo (poleg drugih) naložiti v vsakem okolju. Te skupine so:
– žeton za preverjanje eID;
– dokument za potovanje znotraj Evropske unije;
– ponudnik logičnega dostopa do e-vladnih ali lokalnih upravnih storitev ali do storitev zasebnega sektorja z vsebovanjem osebnih poverilnic. Za podporo navedenega morajo vse kartice v skladu s kartico evropskih državljanov izpolnjevati določene minimalne zahteve, tj. kartica evropskih državljanov mora biti najmanj pametna kartica, ki lahko zagotavlja storitve identifikacije, preverjanja pristnosti in elektronskega podpisa (IAS). Kartica evropskih državljanov lahko povezuje različne zahteve glede aplikacij kartice z integriranim vezjem, pri čemer znižuje število različnih zahtevanih evropskih specifikacij in standardov. Kartica evropskih državljanov se izda na odgovornost evropske nacionalne javne uprave, da bi se zagotovil žeton, ki podpira eno od zgoraj navedenih skupin uporabe, tako da je na njej ena ali več ustreznih aplikacij. Poleg tega nič ne preprečuje uporabe kartice evropskih državljanov za podporo zasebnih aplikacij in okolij, kar bi omogočilo uporabo kartice v scenariju deljene javno-zasebne aplikacije. Očitno je, da je kartica evropskih državljanov oblikovana tako, da izdajatelju kartice/ponudniku storitev omogoča veliko mero prilagodljivosti v zvezi s storitvami, ki jih kartica omogoča, podprtimi mehanizmi za preverjanje pristnosti in lokalno nacionalno posebno javno politiko s posebnim namenom zaščite zasebnosti državljanov v skladu z veljavno evropsko zakonodajo.
General Information
Standards Content (Sample)
SLOVENSKI STANDARD
01-junij-2013
Sistemi z identifikacijskimi karticami - Kartica evropskih državljanov - 5. del:
Splošna predstavitev
Identification card systems - European Citizen Card - Part 5: General Introduction
Identifikationskartensysteme - Europäische Bürgerkarte - Teil 5: Allgemeine Einführung
(ECC-5)
Systèmes de cartes d'identification - Carte Européene du Citoyen - Partie 5 : Introduction
générale (ECC-5)
Ta slovenski standard je istoveten z: CEN/TS 15480-5:2013
ICS:
35.240.15 Identifikacijske kartice in Identification cards and
sorodne naprave related devices
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
TECHNICAL SPECIFICATION
CEN/TS 15480-5
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
April 2013
ICS 35.240.15
English Version
Identification card systems - European Citizen Card - Part 5:
General Introduction
Systèmes de cartes d'identification - Carte Européene du Identifikationskartensysteme - Europäische Bürgerkarte -
Citoyen - Partie 5 : Introduction générale (ECC-5) Teil 5: Allgemeine Einführung (ECC-5)
This Technical Specification (CEN/TS) was approved by CEN on 12 February 2013 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2013 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 15480-5:2013: E
worldwide for CEN national Members.
Contents Page
Foreword .3
Introduction .4
1 Scope .5
1.1 Scope of CEN/TS 15480-5:2013 .5
1.2 Scope of the ECC standard .5
2 Normative references .5
3 Terms and definitions .6
4 Symbols and abbreviations .6
5 Construction of the ECC standard .7
6 Clarification of key concepts used in the ECC standard .7
6.1 Interoperability .7
6.2 Privacy .8
6.3 ECC Profiles .8
6.3.1 General .8
6.3.2 Types of profiles defined in the ECC standard .9
6.3.3 Relationship between ECC Profiles . 10
6.3.4 Example of the usage of an ECC Card Profile . 10
6.3.5 Example of the usage of an ECC Application Discovery Profile . 11
6.3.6 Example of usage of an ECC User Accessibility Profile . 11
7 Requirements and options . 11
8 Part 1: Physical, electrical and transport protocol characteristics . 13
8.1 General . 13
8.2 Compliance with public administration requirements and citizen expectations . 14
8.3 Identifying an ECC holder . 14
9 Part 2: Logical data structures and card services . 14
10 Part 3: European Citizen Card Interoperability using an application interface . 15
10.1 General . 15
10.2 Tools for smartcard suppliers . 15
10.3 Tools for integrators . 16
10.4 Compatibility with other standards. 17
11 Part 4: Recommendations for European Citizen Card issuance, operation and use . 17
Annex A (informative) Relationship between ECC standard parts and ISO standards . 19
A.1 Mapping of ECC to ISO standards . 19
Bibliography . 20
Foreword
This document (CEN/TS 15480-5:2013) has been prepared by Technical Committee CEN/TC 224 “Personal
identification, electronic signature and cards and their related systems and operations”, the secretariat of
which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
According to the CEN-CENELEC Internal Regulations, the national standards organisations of the following
countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus,
Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany,
Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.
Introduction
Within the European Union there will be many integrated circuit cards issued by public bodies and
administrations, each of which can house a variety of applications in different combinations. The cardholder
can hold several multi-application public service cards and is concerned that:
He or she knows or can find out which applications are on a card;
Applications on a card may be read and dealt with by appropriate terminals;
Security is appropriate for the application being used, while also being fit-for-purpose in protecting the
user's data on the card and ensuring privacy to the level required.
Different cards will have different capabilities. This presents application providers and scheme operators with
a number of challenges:
Does the card have the specific minimum level of functionality, capability and security features necessary
to house the application to be loaded onto the card?
Are there other applications on this card that would preclude this application being loaded (including for
example, surface printing requirements)?
What are the features and functions of the card (that are being used) that the terminal will have to
support?
This Technical Specification provides mechanisms to resolve the above issues together with a formalised
approach that will allow different applications and services to co-exist and interoperate in a single card
environment.
This Technical Specification also recognises that there will be legacy systems in evidence as and when the
ECC card is being introduced. It provides a mechanism (described in CEN/TS 15480-3) by which legacy
systems can operate in an ECC environment until cards may be replaced by European Citizen Cards in
batches as the opportunity arises.
1 Scope
1.1 Scope of CEN/TS 15480-5:2013
The scope of this Technical Specification is to provide a general description of the standard together with an
introduction to each part of the ECC standard.
Informative Annex A maps the relationship between the various parts of the ECC standard and other ISO/IEC
standards relating to the card platform.
1.2 Scope of the ECC standard
The European Citizen Card (ECC) standard addresses the difficulties presented to citizens when attempting to
access various public services using a smart card as an access token. The scope of the ECC standard covers
card capabilities and structures specified under the following headings:
Specific definition of minimum features (for example, card surface print structure).
Definition of optional features that may be required to provide the desired electronic services.
Specification of discovery mechanisms to allow supported and in-use card capabilities and features to be
identified.
Besides covering the hardware and software of the card, the ECC standard also addresses interfaces to
readers and servers through middleware components.
This simple concept can enable ECC cards to adopt a widely different set of personas, even though a
common application may be housed on cards used in different environments and in different ways.
Generically, we can consider ECC cards as being classed as one of the following groups, even though the
same application may be loaded (alongside others) in each environment. These groupings are:
eID Verification token;
Inter-European Union travel document;
Provider of logical access to e-Government or local administration services or to private sector services
by housing personal credentials.
In order to support the above, it is noted that there will be certain minimum requirements upon any card
conforming to the ECC, specifically, the European Citizen Card will be at a minimum a smart card with
Identification, Authentication and electronic Signature (IAS) service capabilities. The ECC may act as a bridge
between different application requirements of an integrated circuit card and in so doing act to reduce the
number of different European specifications and standards required.
The ECC will be issued under the responsibility of a European National Public Administration in order to
provide a token supporting one of the above usage groupings by housing one or more relevant applications. In
addition, there is nothing to stop the ECC being used to support private applications and environments which
would therefore allow the ECC to be used in a shared public-private application scenario.
It is apparent that the ECC is intended to offer the card issuer/ service provider with a great deal of flexibility in
the services that the ECC provides, the authentication mechanisms supported and the local national specific
public policy with an special concern to protect the citizen privacy according to the applicable European
legislation.
2 Normative references
Not applicable.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
ECC Application Profile
set of ECC mandatory and optional features which is referred to by a unique registered identifier. An
Application Profile implements an interoperable ECC service
3.2
ECC Card Profile
profile made up of one or more ECC Application Profiles with their associated electrical interfaces and
possibly one or more ECC User Accessibility Profiles. In addition an ECC Card Profile may also include an
ECC Durability Profile. An ECC Card Profile is referred to by a unique registered identifier
3.3
ECC Conditional Feature
feature required by an ECC Application Profile
3.4
ECC Durability Profile
profile associated with an ECC, which provides information that relates to the card durability performance
3.5
ECC Layout Profile
optional profil
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.