CEN/TS 15480-3:2014
(Main)Identification card systems - European Citizen Card - Part 3: European Citizen Card Interoperability using an application interface
Identification card systems - European Citizen Card - Part 3: European Citizen Card Interoperability using an application interface
This Technical Specification provides an Interoperability Model, which will enable an eService compliant with technical requirements, to interoperate with different implementations of the European Citizen Card.
This Interoperability model will be developed as follows:
- starting from the ECC Part 2, Part 3 of the ECC series provides additional technical specifications for a middleware architecture based on ISO/IEC 24727 (all parts); this middleware will provide an API to an eService as per ISO/IEC 24727 3.
- a set of additional API provides the middleware stack with means to facilitate ECC services.
- a standard mechanism for the validation of the e-ID credential is stored in the ECC and retrieved by the eService.
In order to support the ECC services over an ISO/IEC 24727 middelware configuration, this part of the standard specifies the following:
- a set of mandatory requests to be supported by the middleware implementation based on ISO/IEC 24727 (all parts).
- data set content for interoperability to be personalised in the ECC.
- three middleware architecture solutions: one based on a stack of combined ISO/IEC 24727 configurations and the other based on Web Service configuration whereas the third one is relying on a SAL Lite component.
- an Application DiscoveryProfile featuring the guidelines for card-applications to fit in ISO/IEC 24727 framework.
Identifikationskartensysteme - Europäische Bürgerkarte - Teil 3: Anwendungsschnittstelle für die Interoperabilität von Europäischen Bürgerkarten
Systèmes de carte d’identification - Carte Européenne du Citoyen - Partie 3 : Interopérabilité de la Carte européenne du Citoyen utilisant une interface applicative
Sistemi z identifikacijskimi karticami - Kartica evropskih državljanov - 3. del: Interoperabilnost kartice evropskih državljanov z uporabo aplikacijskega vmesnika
CEN/TS 15480-3 predstavlja model medobratovalnosti, ki bo zagotovil skladnost elektronske storitve s tehničnimi zahtevami in s tem medsebojno delovanje z različnimi izvedbami kartice evropskih državljanov. Ta model medobratovalnosti bo razvit, kakor je opisano v nadaljevanju: – od 2. dela kartice evropskih državljanov 3. del kartice evropskih državljanov zagotavlja dodatne tehnične specifikacije za arhitekturo vmesniške programske opreme na podlagi standarda ISO/IEC 24727 (vsi deli); ta vmesniška programska oprema bo zagotavljala API za elektronsko storitev po standardu ISO/IEC 24727-3; – nabor dodatnih API-jev zagotavlja sklad vmesniške programske opreme z namenom olajševanja storitev kartice evropskih državljanov; – mehanizem standarda za potrditev elektronskih identifikacijskih poverilnic se shrani na kartici evropskih državljanov in ga elektronska storitev pridobi. V podporo storitvam kartice evropskih državljanov prek konfiguracije vmesniške programske opreme po ISO/IEC 24727 ta del standarda določa naslednje: – nabor obveznih zahtev, ki jih mora uvedba vmesniške programske opreme podpirati po standardu ISO/IEC 24727 (vsi deli); – vsebino nabora podatkov za medobratovalnost, prilagojeno za kartico evropskih državljanov; – tri arhitekturne rešitve vmesniške programske opreme: eno, zasnovano na skladu kombiniranih konfiguracij po ISO/IEC 24727, drugo, zasnovano na konfiguraciji spletne storitve, ter tretjo, ki je odvisna od komponente SAL Lite; – profil za odkritje aplikacije, ki vsebuje smernice za kartične aplikacije za skladnost z okvirjem po ISO/IEC 24727.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-julij-2014
1DGRPHãþD
SIST-TS CEN/TS 15480-3:2011
Sistemi z identifikacijskimi karticami - Kartica evropskih državljanov - 3. del:
Medobratovalnost kartice evropskih državljanov z uporabo aplikacijskega
vmesnika
Identification card systems - European Citizen Card - Part 3: European Citizen Card
Interoperability using an application interface
Identifikationskartensysteme - Europäische Bürgerkarte - Teil 3:
Anwendungsschnittstelle für die Interoperabilität von Europäischen Bürgerkarten
Systèmes de carte d’identification - Carte Européenne du Citoyen - Partie 3 :
Interopérabilité de la Carte européenne du Citoyen utilisant une interface applicative
Ta slovenski standard je istoveten z: CEN/TS 15480-3:2014
ICS:
35.240.15 Identifikacijske kartice in Identification cards and
sorodne naprave related devices
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
TECHNICAL SPECIFICATION
CEN/TS 15480-3
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
April 2014
ICS 35.240.15 Supersedes CEN/TS 15480-3:2010
English Version
Identification card systems - European Citizen Card - Part 3:
European Citizen Card Interoperability using an application
interface
Systèmes de carte d'identification - Carte Européenne du Identifikationskartensysteme - Europäische Bürgerkarte -
Citoyen - Partie 3 : Interopérabilité de la Carte européenne Teil 3: Anwendungsschnittstelle für die Interoperabilität von
du Citoyen utilisant une interface applicative Europäischen Bürgerkarten
This Technical Specification (CEN/TS) was approved by CEN on 14 October 2013 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 15480-3:2014 E
worldwide for CEN national Members.
Contents Page
Foreword .5
1 Scope .7
2 Normative references .7
3 Terms and definitions .8
4 Symbols and abbreviations .8
5 ECC fitting in ISO/IEC 24727 model . 10
5.1 ISO/IEC 24727 main features . 10
5.2 General security issues – Applicable ISO/IEC 24727-4 Stack Configurations for the ECC
environment . 12
5.3 ECC-3 Middleware Architecture . 16
5.3.1 General . 16
5.3.2 Service Access Layer (SAL) . 17
5.3.3 Generic Card Access Layer (GCAL) . 17
5.3.4 Interface Device Layer and API (IFD API) . 17
5.3.5 ECC-3 Stack Distribution and Connection Handling . 17
5.3.6 Multi-stack composed configuration . 20
5.3.7 A Web Service based architecture for ECC-3 framework . 22
5.3.8 XML-based SAL interface . 27
6 Card Discovery Mechanisms . 28
6.1 General . 28
6.2 Discovery decision tree . 29
6.3 Migration path towards ECC and provision for legacy cards . 29
6.3.1 General . 29
6.3.2 Interoperable access to the Repository . 30
6.4 Set of data for interoperability . 30
6.5 Application and Card Capability Descriptors . 31
6.6 ISO/IEC 7816-15 implementation . 34
6.6.1 General . 34
6.6.2 Profile designation within EF.DIR . 34
6.6.3 ISO/IEC 24727-3 data structures mapping . 35
6.6.4 ISO/IEC 24727-3 data structures storage onto the card . 35
6.6.5 General discovery mechanism . 37
6.7 Other data descriptor . 39
7 Authentication protocols . 39
7.1 General . 39
7.2 Authentication Mechanisms based on ISO/IEC 24727 SAL-API . 39
7.3 Asymmetric internal authentication. 40
7.4 Asymmetric external authentication . 40
7.5 Symmetric internal authentication . 41
7.6 Symmetric external authentication . 41
7.7 Mutual authentication with key establishment . 41
7.8 Device authentication with non traceability . 41
7.9 Key transport protocol based on RSA . 41
7.10 Terminal Authentication . 42
8 IFD-API Web Service Binding . 42
9 Card-Info Structure — Introduction . 42
10 XML-based Service Access Layer Interface . 43
11 Federative Framework-wise Authenticate API . 43
11.1 General . 43
11.2 Authenticate method . 44
11.3 Web Service Binding for Authenticate API . 47
11.3.1 General . 47
11.3.2 Authenticate.XSD definition . 47
11.3.3 Authenticate.WSDL definition . 48
Annex A (informative) Interface Device Layer Architecture and Management . 51
A.1 Scope . 51
A.2 IFD-Layer Architecture . 51
A.3 Resource Manager . 52
A.3.1 General . 52
A.3.2 IFD-Handlers . 52
A.3.3 Card transactions . 52
A.3.4 Application threads . 52
A.4 Administrative functions . 52
A.4.1 IFD-Handler related functions . 52
A.4.2 Interface Device related functions . 53
Annex B (informative) IFD-API – C Language Binding . 54
Annex C (informative) SAL-API Post-issuance personalisation requests . 60
C.1 General . 60
C.2 Post-issuance personalisation requests . 60
C.3 Canonical protocol . 60
C.3.1 General . 60
C.3.2 DataSetCreate . 61
C.3.3 DSICreate. 68
C.3.4 DIDCreate . 70
C.3.5 DIDUpdate . 71
C.3.6 CardApplicationServiceCreate . 72
C.4 General recommendation and conclusion . 74
Annex D (informative) Additional features versus ISO/IEC 24727 (all parts) . 75
D.1 General .
...
SLOVENSKI STANDARD
01-julij-2014
Nadomešča:
SIST-TS CEN/TS 15480-3:2011
Sistemi z identifikacijskimi karticami - Kartica evropskih državljanov - 3. del:
Interoperabilnost kartice evropskih državljanov z uporabo aplikacijskega vmesnika
Identification card systems - European Citizen Card - Part 3: European Citizen Card
Interoperability using an application interface
Identifikationskartensysteme - Europäische Bürgerkarte - Teil 3:
Anwendungsschnittstelle für die Interoperabilität von Europäischen Bürgerkarten
Systèmes de carte d’identification - Carte Européenne du Citoyen - Partie 3 :
Interopérabilité de la Carte européenne du Citoyen utilisant une interface applicative
Ta slovenski standard je istoveten z: CEN/TS 15480-3:2014
ICS:
35.240.15 Identifikacijske kartice. Čipne Identification cards. Chip
kartice. Biometrija cards. Biometrics
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
TECHNICAL SPECIFICATION
CEN/TS 15480-3
SPÉCIFICATION TECHNIQUE
TECHNISCHE SPEZIFIKATION
April 2014
ICS 35.240.15 Supersedes CEN/TS 15480-3:2010
English Version
Identification card systems - European Citizen Card - Part 3:
European Citizen Card Interoperability using an application
interface
Systèmes de carte d'identification - Carte Européenne du Identifikationskartensysteme - Europäische Bürgerkarte -
Citoyen - Partie 3 : Interopérabilité de la Carte européenne Teil 3: Anwendungsschnittstelle für die Interoperabilität von
du Citoyen utilisant une interface applicative Europäischen Bürgerkarten
This Technical Specification (CEN/TS) was approved by CEN on 14 October 2013 for provisional application.
The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.
CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United
Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2014 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 15480-3:2014 E
worldwide for CEN national Members.
Contents Page
Foreword .5
1 Scope .7
2 Normative references .7
3 Terms and definitions .8
4 Symbols and abbreviations .8
5 ECC fitting in ISO/IEC 24727 model . 10
5.1 ISO/IEC 24727 main features . 10
5.2 General security issues – Applicable ISO/IEC 24727-4 Stack Configurations for the ECC
environment . 12
5.3 ECC-3 Middleware Architecture . 16
5.3.1 General . 16
5.3.2 Service Access Layer (SAL) . 17
5.3.3 Generic Card Access Layer (GCAL) . 17
5.3.4 Interface Device Layer and API (IFD API) . 17
5.3.5 ECC-3 Stack Distribution and Connection Handling . 17
5.3.6 Multi-stack composed configuration . 20
5.3.7 A Web Service based architecture for ECC-3 framework . 22
5.3.8 XML-based SAL interface . 27
6 Card Discovery Mechanisms . 28
6.1 General . 28
6.2 Discovery decision tree . 29
6.3 Migration path towards ECC and provision for legacy cards . 29
6.3.1 General . 29
6.3.2 Interoperable access to the Repository . 30
6.4 Set of data for interoperability . 30
6.5 Application and Card Capability Descriptors . 31
6.6 ISO/IEC 7816-15 implementation . 34
6.6.1 General . 34
6.6.2 Profile designation within EF.DIR . 34
6.6.3 ISO/IEC 24727-3 data structures mapping . 35
6.6.4 ISO/IEC 24727-3 data structures storage onto the card . 35
6.6.5 General discovery mechanism . 37
6.7 Other data descriptor . 39
7 Authentication protocols . 39
7.1 General . 39
7.2 Authentication Mechanisms based on ISO/IEC 24727 SAL-API . 39
7.3 Asymmetric internal authentication. 40
7.4 Asymmetric external authentication . 40
7.5 Symmetric internal authentication . 41
7.6 Symmetric external authentication . 41
7.7 Mutual authentication with key establishment . 41
7.8 Device authentication with non traceability . 41
7.9 Key transport protocol based on RSA . 41
7.10 Terminal Authentication . 42
8 IFD-API Web Service Binding . 42
9 Card-Info Structure — Introduction . 42
10 XML-based Service Access Layer Interface . 43
11 Federative Framework-wise Authenticate API . 43
11.1 General . 43
11.2 Authenticate method . 44
11.3 Web Service Binding for Authenticate API . 47
11.3.1 General . 47
11.3.2 Authenticate.XSD definition . 47
11.3.3 Authenticate.WSDL definition . 48
Annex A (informative) Interface Device Layer Architecture and Management . 51
A.1 Scope . 51
A.2 IFD-Layer Architecture . 51
A.3 Resource Manager . 52
A.3.1 General . 52
A.3.2 IFD-Handlers . 52
A.3.3 Card transactions . 52
A.3.4 Application threads . 52
A.4 Administrative functions . 52
A.4.1 IFD-Handler related functions . 52
A.4.2 Interface Device related functions . 53
Annex B (informative) IFD-API – C Language Binding . 54
Annex C (informative) SAL-API Post-issuance personalisation requests . 60
C.1 General . 60
C.2 Post-issuance personalisation requests . 60
C.3 Canonical protocol . 60
C.3.1 General . 60
C.3.2 DataSetCreate . 61
C.3.3 DSICreate. 68
C.3.4 DIDCreate . 70
C.3.5 DIDUpdate . 71
C.3.6 CardApplicationServiceCreate . 72
C.4 General recommendation and conclusion . 74
Annex D (informative) Additional features versus ISO/IEC 24727 (all parts) . 75
D.1 General .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.