ISO/IEC 24727-5:2011

INTERNATIONAL ISO/IEC
STANDARD 24727-5
First edition
2011-03-15
Identification cards — Integrated circuit
card programming interfaces —
Part 5:
Testing procedures
Cartes d'identification — Interfaces programmables de cartes à puce —
Partie 5: Essais
Reference number
©
ISO/IEC 2011
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO/IEC 2011
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2011 – All rights reserved

Contents Page
Foreword .vi
Introduction.vii
1 Scope.1
2 Normative references.1
3 Terms and definitions .2
4 Symbols and abbreviated terms .3
5 Testing methodology .4
5.1 Terms of testing.4
5.1.1 Purpose of testing.4
5.1.2 Testing objective .4
5.1.3 Testing Principles.4
5.1.4 GCI under test:.6
5.1.5 SAL under test:.6
5.1.6 Conformance attainment .7
5.2 Conformance vector.8
5.3 Structure of tests.10
5.4 Test environment.12
5.4.1 Stack configurations.12
5.4.2 Card-application emulators.12
5.4.3 Verification and logging capability of components.12
5.4.4 Procedural element .12
6 Components.12
6.1 Service access layer API .12
6.1.1 Basic tests.12
6.1.2 Discoverability tests.12
6.2 Generic card interface.15
6.2.1 Basic test.15
6.2.2 Processing tests.15
6.2.3 Discoverability tests.17
6.2.4 Generic card interface acted on ISO/IEC 24727-2 implementation (i.e. CLA = "FF") .18
6.3 Interface device API .19
6.4 Trusted channel API.19
6.4.1 TC_API_Open.19
6.4.2 TC_API_Close .19
6.4.3 TC_API Write.19
6.4.4 TC_API Read .19
6.5 SAL on-card implementation component testing .20
7 Authentication protocols.20
7.1 General .20
7.2 SAL security test sequences .21
7.2.1 Cryptographic operations .22
7.2.2 Simple assertion.26
7.2.3 Asymmetric internal authenticate.27
7.2.4 Asymmetric external authenticate.28
7.2.5 Symmetric internal authenticate.30
7.2.6 Symmetric external authenticate.31
7.2.7 Compare .33
7.2.8 PIN compare.35
© ISO/IEC 2011 – All rights reserved iii

7.2.9 Biometric compare .36
7.2.10 Mutual authentication with key establishment .37
7.2.11 Client-application mutual authentication with key establishment .39
7.2.12 Client-application asymmetric external authenticate .41
7.2.13 Modular extended access control protocol (M-EAC).43
7.2.14 Key transport with mutual authentication based on RSA .45
7.2.15 Age attainment.47
7.2.16 Asymmetric session key establishment .48
7.2.17 Secure PIN compare.49
7.2.18 EC key agreement with card-application authentication.51
7.2.19 EC key agreement with mutual authentication.52
7.2.20 Simple EC-DH key agreement .54
7.2.21 GP asymmetric authentication.55
7.2.22 GP symmetric authentication (explicit mode) .56
7.2.23 GP symmetric authentication (implicit mode) .58
8 Secure messaging .60
9 Marshalling.61
9.1 ASN.1 representation .61
9.2 Web-services representation.61
10 Stack configuration testing .61
10.1 Testable interface definitions.61
10.1.1 Full-network-stack .63
10.1.2 Loyal-stack .64
10.1.3 Opaque-ICC-stack.65
10.1.4 Remote-loyal-stack.66
10.1.5 ICC-resident-stack .67
10.1.6 Remote-ICC-stack.68
11 Operational testing .68
11.1 SAL test sequences.69
12 Operational test reporting.69
13 ISO/IEC 24727-6 authentication protocol testing .69
13.1 SAL test sequences.70
13.1.1 ISO/IEC 24727-6 defined authentication protocol .70
13.2 Reference model implementations .70
13.2.1 Off card-application.70
13.2.2 Card-application emulator or test card use .70
Annex A (normative) SAL operational test sequence descriptions.71
A.1 Application management – alpha card-application data structure construction .71
A.2 Application management – first application data structure construction.92
A.3 Application management – application data structure construction error conditions.148
A.4 Application management – second application data structure construction .163
A.5 Data manipulation - card application path .207
A.6 Data manipulation – general.215
A.7 Data manipulation - global authentication .255
A.8 Application management - data structure destruction.282
Annex B (informative) Envelope APDU implementation ICC-Resident stack expected component
test inputs and outputs .326
B.1 Application management - alpha card-application data structure construction .326
B.2 Application management - first application data structure construction.434
B.3 Application management - application data structure construction error conditions.755
B.4 Application management - second application data structure construction.907
B.5 Data manipulation - card application path .1156
B.6 Data manipulation – general.1271
B.7 Data manipulation - global authentication .1633
B.8 Application management - data structure destruction.1913
iv © ISO/IEC 2011 – All rights reserved

Annex C (informative) Non ICC-Resident stack expected component test inputs and outputs.2346
C.1 Application management - alpha card-application data structure construction.2346
C.2 Application management - first application data structure construction .2443
C.3 Application management - application data structure construction error conditions .2734
C.4 Application management - second application data structure construction.2884
C.5 Data manipulation - card application path.3112
C.6 Data manipulation – general .3228
C.7 Data manipulation - global authentication.3579
C.8 Application management - data structure destruction.3855
Annex D (informative) TLS implementation ICC-Resident stack expected component test inputs
and outputs .4277
D.1 Application management - alpha card-application data structure construction.4277
D.2 Application management - first application data structure construction .4329
D.3 Application management - application data structure construction error conditions .4501
D.4 Application management - second application data structure construction.4578
D.5 Data manipulation – general .4711
D.6 Data manipulation - global authentication.4908
D.7 Application management - data structure destruction.5060
Annex E (informative) WSDL encoded IFD data structures.5307
E.1 Establish Context .5307
E.2 ReleaseContext.5308
E.3 ListIFDs .5308
E.4 GetIFDCapabilities.5309
E.5 GetStatus.5310
E.6 Wait .5312
E.7 Cancel.5314
E.8 ControlIFD .5315
E.9 Connect .5315
E.10 Disconnect .5316
E.11 BeginTransaction .5317
E.12 EndTransaction .5317
E.13 Transmit .5318
E.14 VerifyUser.5319
E.15 ModifyVerificationData.5320
E.16 Output.5321
E.17 SignalEvent .5322
Annex F (informative) ISO/IEC 24727-3 C language binding for common definitions.5323
Annex G (informative) ISO/IEC 24727-4 C language binding for algorithm definitions.5326
Annex H (informative) ISO/IEC 24727-4 C language binding for API and authentication protocol
data .5329
Annex I (informative) ISO/IEC 24727-4 C language binding for TC-API .5374
Annex J (informative) ISO/IEC 24727-4 C language binding for IFD-API .5379
Annex K (informative) ISO/IEC 24727 Java language binding for common definitions .5396
Annex L (informative) ISO/IEC 24727-3 Java language binding for API and authentication protocol
data .5398
Annex M (informative) ISO/IEC 24727-3 Java language binding for algorithms.5590
Annex N (informative) ISO/IEC 24727-4 Java language binding for TC-API .5592
Annex O (informative) ISO/IEC 24727-4 Java language binding for IFD-API .5614
Bibliography.5656

© ISO/IEC 2011 – All rights reserved v

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 24727-5 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 17, Cards and personal identification.
ISO/IEC 24727 consists of the following parts, under the general title Identification cards — Integrated circuit
card programming interfaces:
⎯ Part 1: Architecture
⎯ Part 2: Generic card interface
⎯ Part 3: Application interface
⎯ Part 4: Application programming interface (API) administration
⎯ Part 5: Testing procedures
⎯ Part 6: Registration authority procedures for the authentication protocols for interoperability
vi © ISO/IEC 2011 – All rights reserved

Introduction
ISO/IEC 24727 is a set of programming interfaces for interactions between integrated circuit cards (ICCs) and
external applications to include generic services for multi-sector use. The organization and the operation of
the ICCs conform to ISO/IEC 7816-4.
ISO/IEC 24727 is relevant to ICC applications desiring interoperability among diverse application domains.
ISO/IEC 7498-1:1994, Information technology — Open Systems Interconnection — Basic Reference Model:
The Basic Model, is used as the layered architecture of the client-application to card-application connectivity.
That is, the client-application, through the Application Interface, assumes that there is a protocol stack through
which it will exchange information and transactions among card-applications using commands conveyed
through the message structures defined in ISO/IEC 7816. The semantics of action requests through the
interface defined in ISO/IEC 24727-3 refers to application protocol data units (APDUs) as characterized
through the interface defined in ISO/IEC 24727-2 and in the following International Standards:
⎯ ISO/IEC 7816-4:2005, Identification cards — Integrated circuit cards — Part 4: Organization, security and
commands for interchange
⎯ ISO/IEC 7816-8:2004, Identification cards — Integrated circuit cards — Part 8: Commands for security
operations
⎯ ISO/IEC 7816-9:2004, Identification cards — Integrated circuit cards — Part 9: Commands for card
management
The goal of ISO/IEC 24727 is to maximize the applicability and solution space of software tools that provide
application interface support to card-aware client-applications. This effort includes supporting the evolution of
card systems as the cards become more powerful, peer-level partners with existing and future applications
while minimizing the impact to existing solutions conforming to this part of ISO/IEC 24727.
This part of ISO/IEC 24727 specifies an application-independent and implementation-independent testing
regimen through which conformance of specific implementations to the relevant part of ISO/IEC 24727 can be
confirmed. It is assumed that such testing will be performed through test environments and procedures
developed in accordance with this part of ISO/IEC 24727.

© ISO/IEC 2011 – All rights reserved vii

INTERNATIONAL STANDARD ISO/IEC 24727-5:2011(E)

Identification cards — Integrated circuit card programming
interfaces —
Part 5:
Testing procedures
1 Scope
ISO/IEC 24727 is a set of programming interfaces for interactions between integrated circuit cards and
external applications to include generic services for multi-sector use.
This part of ISO/IEC 24727 specifies conformance testing procedures designed to determine if interfaces
developed with the ISO/IEC 24727 series meet the requirement of ISO/IEC 24727. By conforming to this part
of ISO/IEC 24727, interoperable implementations of ISO/IEC 24727 can be realized.
Test procedures for ISO/IEC 24727-2, ISO/IEC 24727-3 and ISO/IEC 24727-4 are described with sufficient
detailing in support of ISO/IEC 24727 interoperability requirements, i.e. the connectivity, ISO/IEC 24727
security mechanisms and discovery mechanisms between the client-application and the card-application. This
part of ISO/IEC 24727 defines calls on ISO/IEC 24727-3 in an ordered sequence. It also defines the
confirmation of integrity of transmitted data by an implementation under test, as well as the syntax of that data
received from the implementation under test for the marshalling procedures defined in ISO/IEC 24727-3 and
ISO/IEC 24727-4.
For each test procedure, the conditions required for its execution are defined, along with the conditions under
which it has to be executed and the expected results. Structures and entities used for the tests, as well as a
common set of recurring sequences used for the various procedures, are identified and documented in this
part of ISO/IEC 24727.
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.
ISO/IEC 24727-2:2008, Identification cards — Integrated circuit card programming interfaces — Part 2:
Generic card interface
ISO/IEC 24727-3:2008, Identification cards — Integrated circuit card programming interfaces — Part 3:
Application interface
ISO/IEC 24727-4:2008, Identification cards — Integrated circuit card programming interfaces — Part 4:
Application programming interface (API) administration
© ISO/IEC 2011 – All rights reserved 1

3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
certification
formal confirmation of successful conformance testing by a certified party
3.2
component
executable code comprising a processing layer accessed with ISO/IEC 24727 defined application
programming interfaces
[ISO/IEC 24727-4:2008]
3.3
component-under-test
ISO/IEC 24727 component being tested
3.4
conformance-testing
formal demonstration that a component complies with specified critera established by a standard
3.5
conformance-vector
concatenation of the tuple element values
3.6
dimension-of-conformance
tuple element of a conformance-vector
3.7
native-implementation
on-card implementation connected to ISO/IEC 24727-2 layer either directly or via a procedural element
3.8
card-application emulator
processing component accessed through the interface device application programming interface (IFD-API)
that simulates the behaviour of a smart card-application
3.9
card emulator
processing component accessed through the interface device application programming interface (IFD-API)
that simulates the behaviour of a card
3.10
stack-configuration
series of processing components connected by communication channels that connect a client-application to a
card-application as specified by the ISO/IEC 24727-4 protocol stacks
3.11
test-component
ISO/IEC 24727 trusted component that is provided and used by the testee
3.12
test-environment
systems, personnel and standard procedures to perform conformance-testing
2 © ISO/IEC 2011 – All rights reserved

3.13
test-implementation
ISO/IEC 24727 stack including the component(s) under test and testing components
3.14
testing-body
organization providing a test-environment, test-implementation and means to perform conformance-testing
4 Symbols and abbreviated terms
ACA alpha card application
ACD application capability description
ACL  access control list
AK  asymmetric key
APDU application protocol data unit
API  application programming interface
AR  access rule
CA  card application
CCD card capability description
CIA  cryptographic information application
CUT component under test
DER-TLV distinguished encoding rules – tag length value
DF  dedicated file
DID  differential identity
DS  data set
DSI  data structure for interoperability
EF  elementary file
GCI  generic card interface
IFD  interface device
MF  master file
PC/SC personal computer / smart card consortium
RMI  reference model implementation
RFU reserved for future use
SAL  service access layer
© ISO/IEC 2011 – All rights reserved 3

SE  security environment
TC  test component
TLS  transport layer security
5 Testing methodology
ISO/IEC 24727 establishes the facilities for interoperability through the specification of a number of interfaces.
Independent implementations of each interface shall be interchangeable and thus provide for interoperability
at each interface. Consequently, ISO/IEC 24727 enables a wide variety of interoperability. This part of
ISO/IEC 24727 shall provide a methodology for conformance-testing such that distinct interface
implementations can be affirmed as being interchangeable with other independent implementations.
The testing methodology assumes a test-environment that presents standard characteristics that include:
1) Equipment configuration interfaces
2) Test-implementations
3) Test-specifications
Given these standard characteristics a testing-body can make use of this test-environment to confirm the
behaviour of the various interfaces through which interoperability is enabled.
This part of ISO/IEC 24727 does not test the following:
1) Tests for quality, performance, robustness
2) Testing of standards and protocols that are referenced within
3) Testing of proprietary card application services, their creation and execution
4) Error conditions that cannot be produced by a correctly functioning implementation
5.1 Terms of testing
5.1.1 Purpose of testing
The purpose of ISO/IEC 24727-5 is to provide testing specifications at a level that allow independent testing
bodies to conduct testing with the assurance of independent equivalent results.
5.1.2 Testing objective
The objective of ISO/IEC 24727-5 is to specify a testing regimen that enables independent, equivalent
implementations. Independent testing bodies can thereby evaluate conformance to ISO/IEC 24727 with
equivalent results. Levels of certification can then indicate which component or set of components is ISO/IEC
24727 conformant.
5.1.3 Testing Principles
The testing principles are derived from the ISO/IEC 24727 objective of interoperability. Interoperability is
achieved by specifying interfaces and behaviour through which a component is accessed. Since each
component is tested independently there will be varying levels of conformance and a distinct set of
certification levels will be defined that address single components as well as a concatenation of components
that form ISO/IEC 24727 component-configurations.
4 © ISO/IEC 2011 – All rights reserved

ISO/IEC 24727-5 defines test configurations and unique parameters to be applied uniformly to each
component for different implementations to assure conformance.
It is assumed that automated testing tools can be used for:
• the generation of test data that is used as input and output during testing to ensure that all user data is
differs for each test execution;
• consistent definition;
• performance of tests; and
• result reporting.
ISO/IEC 24727 certification is enabled through ISO/IEC 24727-5 tests that can be administered by testing
bodies.
Table 1 —Testing Principles
Principle
To attain conformance, all aspects of the ISO/IEC 24727 interfaces for the Component-under-test
1.
shall comply with ISO/IEC 24727.
ISO/IEC 24727-5 testing shall only include behavioural testing at the component interfaces.
2.
Testing shall encompass one or more of the following ISO/IEC 24727 components:
3.
i. ASN.1 DER-TLV defined APIs;
ii. communication interfaces;
iii. C language bindings for API marshalling and binding of the APIs;
iv. stack configurations;
v. authentication protocols.
A test facility shall provide a reference test implementation that permits a component under test to be
4.
tested in a complete stack test configuration.
The use of automated testing tools is assumed for generating tests and to aid the certification
5.
process.
ISO/IEC 24727-5 should enable the development of conformance and certification testing abilities to
6.
be derived in a consistent manner.
Every component under test shall be subject to tests defined at the ISO/IEC 24727-3 API.
7.
Only services and actions as defined by ISO/IEC 24727-3 shall be tested. The testing of proprietary
8.
services, actions and the associated creation and loading of these is out of scope.
Test inputs and results shall vary each time a test is performed in order to ascertain that tests are not
9.
predictable.
ISO/IEC 24727-3 testing verifies the request and response of the interface and the APDUs it
10.
generates.
ISO/IEC 24727-3 proxy testing verifies the request and response of the interface plus the DER-TLV
11.
that it generates.
ISO/IEC 24727-3 (including proxy) tests shall be run against blank and populated (partially
12.
provisioned) smart cards.
Interoperability is only fully tested in the C language implementation (until other language binding is
13.
provided)
Any other languages shall use an agent to translate the messages (e.g. DER-TLV) into language
14.
© ISO/IEC 2011 – All rights reserved 5

Principle
specific bindings.
Data transfer over communication channels is intercepted by a "man in the middle" and compared to
15.
the test data (protocol analysers).
The only testable interface at the card application is the ISO/IEC 24727-3 on-card implementation.
16.
Only IFD API syntax (i.e. the structure and not the containing data) shall be tested. The testing of
17.
data contained within the IFD API syntax is out of scope.
Only TC API syntax shall be tested. The testing of data contained within the TC API syntax is out of
18.
scope.
Testing of procedural element low-level coding and functions is out of scope
19.
Testing of other standards that are referenced within ISO/IEC 24727 is out of scope
20.
Testing of other protocols (i.e. not ISO/IEC 24727 authentication protocols) that are referenced within
21.
ISO/IEC 24727 is out of scope
Testing of error conditions that cannot be produced by a correctly functioning implementation is out
22.
of scope
Testing of proprietary services, actions and the associated creation and loading of these is out of
23.
scope.
The standard shall not test application specific software module.
24.
Checking of CIA updates is out of scope.
25.
5.1.4 GCI under test:
The GCI under test shall be submitted to test that shall confirm the following minimum set features:
• Whenever procedural elements are present, all the incoming APDUs that are part of the GCI shall be
submitted to these procedural elements. Therefore, the GCI under test capability to handle the request
and response APDUs shall be tested. The GCI under test shall pass on the request APDU from SAL to
Procedural Elements, and the response APDU from the ICC to procedural elements. The procedural
elements testing component shall require a “probe” to prove such APDU processing.
• GCI under test shall be capable to parse CCD and to ensure availability of interoperability data to the SAL.
The CCD content shall be retrieved according to the bootstrap mechanism. Some CCD data object values
may be loaded from remote location specified in the CCD.
• GCI under test capability to deliver upon request the CCD content to the SAL.
• ISO/IEC 24727-2 interface (request and response) (only for C language binding).
• GCI under test capability to handle request APDUs with CLA=’FF’ (packageA) intended for GCI
internal/resources management
• GCI under test capability to forward any APDU that is neither part of ISO/IEC 24727-2 Table 2 nor Table 3
directly to ICC without any processing.
• GCI under test capability to call IFD-API functions.
5.1.5 SAL under test:
The SAL under test shall be submitted to test that shall confirm the following minimum set features:
6 © ISO/IEC 2011 – All rights reserved

• SAL shall be able to recover the whole data mapping between off-card data representation an on-card
data representation using the CIA containing within the ACD.
• SAL shall be enabled to parse the CIA values and to generate all the discovery data and to encode it
according to ISO/IEC 24727-3, Annex C ASN.1 normative definitions.
• Upon or prior to the call to CardApplicationEndSession action, any change impacting the CIA entries (as
per ISO/IEC 24727-2) that occurred during the transaction shall be updated in the CIA that is either stored
or referenced in the ACD.
• The retrieved (by ISO/IEC 24727-3) CIA must reflect the card implementation and any changes that have
been applied.
• ISO/IEC 24727-3 interface (request and response) (only for C language binding), generated APDUs and
ASN.1 DER-TLV (for proxies)
• The off-card SAL shall be enabled to act on client-application requests according to the related ACL (e.g
denied actions shall not be translated into APDUs)
• SAL claiming compatibility with a given Authentication Protocol shall prove capability to translate generic
requests into specific set of request APDUs according to the Protocol OID description and the rest of
information provided in the DID bearing this Protocol.
• Authentication protocols that are internal to ISO/IEC 24727-3 are tested using a trusted test
implementation below the ISO/IEC 24727-3 layer.
• Authentication protocols that are internal to ISO/IEC 24727-3 are tested using a trusted test ISO/IEC
24727-3 implementation.
• Specified authentication protocol algorithms and their use are verified by the trusted test components.
• DIDCreate and DIDUpdate requests shall uniquely be executed by the SAL according to existing
specification of these requests parameters in ISO/IEC 24727-3, Annex A.
• SAL shall be enabled to translate ExecuteAction requests into IFD-API calls without resorting to GCI
under test layer. The SAL shall be able to extract the parameter “request” from within ExecuteAction call
and to deliver it unchanged as InputAPDU parameter to the Transmit command from IFD-API.
• SAL shall be enabled to process post-issuance personalization data as a separate package of requests.
This package is comprised of the following SAL-API calls:
i) DIDCreate
ii) DIDUpdate
iii) DataSetCreate
iv) DSICreate
5.1.6 Conformance attainment
For a component-under-test to attain conformance all its mandatory features, as defined in all other parts of
ISO/IEC 24727, shall be implemented.
All tests contained within ISO/IEC 24727-5 shall be mandatory for each relevant component-under-test.
Distinct tests shall identify the component-under-test interface behaviour.
© ISO/IEC 2011 – All rights reserved 7

A test report shall be generated stating what aspects of the component-under-test interface do and do not
conform to ISO/IEC 24727.
Testing shall be performed on a single component or on component-configurations comprising one or more of
the stack models specified in ISO/IEC 24727-4.
The following clause identifies a conformance-vector comprised of a tuple of dimension-of-conformance. The
dimensions of this conformance-vector are defined by ISO/IEC 24727 component, ISO/IEC 24727-3
authentication protocol, ISO/IEC 24727-4 stack, ISO/IEC 24727-4 marshalli
...