EN 419212-5:2018
(Main)Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 5: Trusted eService
Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 5: Trusted eService
This part of this series contains Identification, Authentication and Digital Signature (IAS) services in addition to the QSCD mechanisms already described in Part 1 to enable interoperability and usage for IAS services on a national or European level.
It also specifies additional mechanisms like key decipherment, Client Server authentication, identity management and privacy related services.
Anwendungsschnittstelle für sichere Elemente zur elektronischen Identifikation, Authentisierung und für vertrauenswürdige Dienste - Teil 5: Vertrauenswürdige elektronische Dienste
Interface applicative des éléments sécurisés pour les services électroniques d'identification, d'authentification et de confiance - Partie 5 : Services électroniques de confiance
La Partie 5 de cette série couvre les services IAS (Identification, Authentification et Signature numérique) en plus des mécanismes QSCD déjà décrits dans la Partie 2 pour permettre l’interopérabilité et l’utilisation des services IAS au niveau national ou européen.
Elle spécifie également des mécanismes supplémentaires tels que le déchiffrement de clé, l'authentification client/serveur, la gestion des identités et les services liés à la protection de la vie privée.
Uporabniški vmesnik za varnostne elemente za elektronsko identifikacijo, avtentikacijo in zanesljivost storitev - 5. del: Zaupnost e-storitev
Ta del te skupine standardov vsebuje storitve za identifikacijo, avtentikacijo in digitalno podpisovanje (IAS), ki poleg mehanizmov za ustvarjanje kvalificiranih elektronskih podpisov (QSCD), ki so opisani v 1. Delu, omogočajo interoperabilnost in uporabo storitev IAS na nacionalni ali evropski ravni. Poleg tega določa dodatne mehanizme, kot so dešifriranje ključev, avtentikacijo sporočil med odjemalcem in strežnikom, upravljanje identitet in storitve, povezane z zasebnostjo.
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-julij-2018
1DGRPHãþD
SIST EN 419212-1:2015
SIST EN 419212-2:2015
Uporabniški vmesnik za varnostne elemente za elektronsko identifikacijo,
avtentikacijo in zanesljivost storitev - 5. del: Zaupnost e-storitev
Application Interface for Secure Elements for Electronic Identification, Authentication and
Trusted Services - Part 5: Trusted eService
Anwendungsschnittstelle für sichere Elemente, die als qualifizierte elektronische Signatur
-/Siegelerstellungseinheiten verwendet werden - Teil 5: Vertrauenswürdige elektronische
Dienste
Interface applicative des éléments sécurités pour les services électroniques
d'identification, d'authentification et de confiance - Partie 5 : Services électroniques de
confiance
Ta slovenski standard je istoveten z: EN 419212-5:2018
ICS:
35.240.15 ,GHQWLILNDFLMVNHNDUWLFHýLSQH Identification cards. Chip
NDUWLFH%LRPHWULMD cards. Biometrics
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EN 419212-5
EUROPEAN STANDARD
NORME EUROPÉENNE
April 2018
EUROPÄISCHE NORM
ICS 35.240.15 Supersedes EN 419212-1:2014, EN 419212-2:2014
English Version
Application Interface for Secure Elements for Electronic
Identification, Authentication and Trusted Services - Part
5: Trusted eService
Interface applicative des éléments sécurités pour les Anwendungsschnittstelle für sichere Elemente zur
services électroniques d'identification, elektronischen Identifikation, Authentisierung und für
d'authentification et de confiance - Partie 5 : Services vertrauenswürdige Dienste - Teil 5:
électroniques de confiance Vertrauenswürdige elektronische Dienste
This European Standard was approved by CEN on 6 February 2017.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2018 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN 419212-5:2018 E
worldwide for CEN national Members.
Contents Page
European foreword . 4
Introduction . 5
1 Scope . 6
2 Normative references . 6
3 Terms and definitions . 6
4 Abbreviations and notation. 6
5 Additional Service Selection. 6
6 Client/Server Authentication . 10
6.1 General . 10
6.2 Client/Server protocols . 10
6.3 Steps preceding the client/server authentication . 11
6.4 Padding format . 11
6.4.1 PKCS #1 v 1-5 Padding . 11
6.4.2 PKCS #1 V 2.x (PSS) Padding . 12
6.4.3 Building the DSI on ECDSA . 13
6.5 Client/Server protocol . 13
6.5.1 General . 13
6.5.2 Step 1 — Read certificate . 14
6.5.3 Step 2 — Set signing key for client/server internal authentication . 15
6.5.4 Step 3 — Internal authentication . 16
6.5.5 Client/Server authentication execution flow . 18
6.5.6 Command data field for the client server authentication . 19
7 Role Authentication . 20
7.1 Role Authentication of the card . 20
7.2 Role Authentication of the server . 20
7.3 Symmetrical external authentication . 20
7.3.1 Protocol . 20
7.3.2 Description of the cryptographic mechanisms . 24
7.3.3 Role description . 25
7.4 Asymmetric external authentication . 25
7.4.1 Protocol based on RSA . 25
8 Symmetric key transmission between a remote server and the ICC . 28
8.1 Steps preceding the key transport . 28
8.2 Key encryption with RSA . 28
8.2.1 General . 28
8.2.2 PKCS#1 v1.5 padding . 30
8.2.3 OAEP padding . 30
8.2.4 Execution flow . 31
8.3 Diffie-Hellman key exchange for key encipherment . 33
8.3.1 General . 33
8.3.2 Execution flow . 35
9 Signature verification . 37
9.1 General . 37
9.2 Signature verification execution flow . 37
9.2.1 General . 37
9.2.2 Step 1: Receive Hash . 37
9.2.3 Step 2: Select verification key . 39
9.2.4 Step 3: Verify digital signature . 39
10 Certificates for additional services . 40
10.1 File structure . 40
10.2 File structure . 41
10.3 EF.C_X509.CH.DS . 41
10.4 EF.C.CH.AUT . 41
10.5 EF.C.CH.KE. 42
10.6 Reading Certificates and the public key of CAs . 42
11 APDU data structures . 42
11.1 Algorithm Identifiers . 42
11.2 General . 42
11.3 CRTs . 43
11.3.1 General . 43
11.3.2 CRT DST for selection of ICC’s private client/server auth. key . 43
11.3.3 CRT AT for selection of ICC’s private client/server auth. key . 43
11.3.4 CRT CT for selection of ICC’s private key . 44
11.3.5 CRT DST for selection of IFD’s public key (signature verification) . 44
Annex A (informative) Security Service Descriptor Templates . 45
Annex B (informative) Example of DF.CIA . 51
Bibliography . 58
European foreword
This document (EN 419212-5:2018) has been prepared by Technical Committee CEN/TC 224 “Personal
identification and related personal devices with secure element, systems, operations and privacy in a
multi sectorial environment”, the secretariat of which is held by AFNOR.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by October 2018, and conflicting national standards shall
be withdrawn at the latest by October 2018.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN 4
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.