iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
CEN

EN 14890-1:2008

(Main)

Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services

Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services

Part 1 of this series specifies the application interface to Smart Cards during the usage phase, used as Secure Signature Creation Devices (SSCD) according to the Terms of the European Directive on Electronic Signature 1999/93 to enable interoperability and usage as SSCD on a national or European level.
This document describes the mandatory services for the usage of Smart Cards as SSCDs based on CEN CWA 14890. This covers the signing function, storage of certificates, the related user verification, establishment and use of trusted path and channel, requirements for key generation and the allocation and format of resources required for the execution of those functions and related cryptographic token information.
Thereby the functionality of CWA 14890-1 is enhanced in the following areas:
- Device authentication with Elliptic Curves (ELC) for existing asymmetric authentication protocols (RSA Transport, Privacy Protocol),
- Enhancement of existing asymmetric authentication protocols due to privacy and non-traceability constraints,
- Card Verifiable (CV) Certificate Formats (self descriptive) with ELC for all types of authentication and authorization protocols,
- Secure Messaging Tags and use of commands with Odd-INS Code in compliance to the actual ISO/IEC 7816-4,
- Further hash algorithms (SHA2–family) with corresponding Object identifier and Algorithm references,
- Use of AES in authentication protocols,
- Use of AES for secure messaging.
The following items are out of scope:
1)   The physical, electrical and transport protocol characteristics of the card,
2)   The external signature creation process and signature environment,
3)   The elements required to verify an electronic signature produced by a card used as a SCCD,
4)   The error handling process.

Anwendungsschnittstelle für Chipkarten, die zur Erzeugung qualifizierter elektronischer Signaturen verwendet werden — Teil 1: Allgemeine Dienste

Teil 1 dieser Reihe legt die Anwendungsschnittstelle für Chipkarten während ihrer Verwendung zur Erzeugung
gesicherter Signaturen entsprechend den Bedingungen der Europäischen Richtlinie 1999/93 über
elektronische Signaturen zur Ermöglichung der Interoperabilität und Verwendung als sichere
Signaturerstellungseinheiten (Secure Signature Creation Devices, SSCD) auf nationaler oder europäischer
Ebene fest.
Dieses Dokument beschreibt die obligatorischen Dienste für die Verwendung von Chipkarten als SSCD auf
der Grundlage von CEN CWA 14890 (alle Teile). Dazu gehören die Signierfunktion, das Speichern von
Zertifikaten, die entsprechende Benutzerüberprüfung, die Einrichtung und Verwendung vertrauenswürdiger
Pfade und Kanäle, Anforderungen an die Schlüsselerzeugung sowie die Zuteilung und das Format von
Betriebsmitteln, die zur Ausführung dieser Funktionen erforderlich sind sowie entsprechende
kryptographische Tokeninformationen.
Somit wird die Funktionalität von CWA 14890-1 in den folgenden Bereichen verbessert:
- Geräteauthentisierung mit elliptischen Kurven (Elliptic Curves, ELC) für bestehende asymmetrische
Authentisierungsprotokolle (RSA Transport, Privacy Protocol);
- Verbesserung bestehender asymmetrischer Authentisierungsprotokolle aufgrund von Einschränkungen
im Hinblick auf den Schutz personenbezogener Daten (Privacy) und Nichtbeweisbarkeit
(Non-Traceability);
- kartenverifizierbare (Card Verifiable, CV) Zertifikatformate (selbstbeschreibend) mit ELC für alle Arten von
Authentisierungs- und Berechtigungsprotokollen;
- Tags für Secure Messaging (sichere Nachrichtenübermittlung) und Verwendung von Befehlen mit
Odd-INS-Code entsprechend ISO/IEC 7816-4;
- weitere Hash-Algorithmen (SHA2-Familie) mit entsprechendem Objektbezeichner und Algorithmenreferenzen;
- Verwendung von AES in Authentisierungsprotokollen;
- Verwendung von AES für Secure Messaging.

Interface applicative des cartes à puces utilisées comme dispositifs de création de signature numérique sécurisés - Partie 1 : Services de bases

La partie 1 de la présente série de normes spécifie l’interface applicative, pendant la phase d’utilisation, des cartes à puces utilisées comme dispositifs de création de signature sécurisés (SSCD), selon les termes de la Directive européenne 1999/93 relative aux signatures électroniques, cette interface applicative devant permettre l’interopérabilité des cartes et leur utilisation comme SSCD à un échelon national ou européen.
Le présent document décrit les services obligatoires pour l’utilisation de cartes à puce comme SSCD sur la base du CWA CEN 14890. Il couvre la fonction de signature, l’archivage de certificats, la vérification d’utilisateur associée, l’établissement et l’utilisation d’un canal et d’un chemin sécurisés, les exigences relatives à la génération de clés. Il traite également de l’allocation et du format des ressources requises pour l’exécution de ces fonctions, ainsi que des informations sur le dispositif cryptographique associé.
À ce titre, la fonctionnalité du CWA 14890-1 est améliorée dans les domaines suivants :
   l’authentification des dispositifs au moyen de courbes elliptiques (ELC) dans le cadre des protocoles d’authentification asymétrique existants (transport RSA, protocole relatif à la protection de la vie privée) ;
   l’amélioration des protocoles d’authentification asymétrique existants en fonction des contraintes de non-traçabilité et de protection de la vie privée ;
   les formats de certificats (explicites) vérifiables par la carte (CV) au moyen des ELC, pour tous les types de protocoles d’authentification et d’autorisation ;
   les étiquettes de messagerie de sécurité et l’utilisation de commandes avec un code Odd-INS, en conformité avec la norme ISO/IEC 7816-4 effective ;
   les algorithmes de hachage supplémentaires (famille SHA2) avec l’identifiant d’objet et les références d’algorithmes correspondants ;
   l’utilisation d’AES dans les protocoles d’authentification ;
   l’utilisation d’AES pour la messagerie de sécurité.

Uporabniški vmesnik za pametne kartice, ki se uporabljajo kot naprave za izdelovanje varnega podpisa - 1. del: Osnovne storitve

General Information

Status
Withdrawn
Publication Date
02-Dec-2008
Withdrawal Date
09-Dec-2014
ICS
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
CEN/TC 224 - Machine-readable cards, related device interfaces and operations
Drafting Committee
CEN/TC 224/WG 16 - Application Interface for smart cards used as Secure Signature Creation Devices
Current Stage
9960 - Withdrawal effective - Withdrawal
Completion Date
10-Dec-2014
Ref Project
SIST EN 14890-1:2009 - Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services

Relations

Replaced By
EN 419212-1:2014 - Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services
Effective Date
24-Oct-2011

Buy Standard

EN 14890-1:2009EN 14890-1:2009
PreviousNext
Standard
EN 14890-1:2009
English language
195 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Uporabniški vmesnik za pametne kartice, ki se uporabljajo kot naprave za izdelovanje varnega podpisa - 1. del: Osnovne storitveAnwendungsschnittstelle für Chipkarten, die zur Erzeugung gesicherter Signaturen verwendet werden — Teil 1: Basis-AnforderungenInterfaces applicatives des cartes à puce utilisées pour le création de signatures électroniques sécurisées - Partie 1: Services de baseApplication Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services35.240.15Identifikacijske kartice in sorodne napraveIdentification cards and related devicesICS:Ta slovenski standard je istoveten z:EN 14890-1:2008SIST EN 14890-1:2009en,de01-april-2009SIST EN 14890-1:2009SLOVENSKI
STANDARD



SIST EN 14890-1:2009



EUROPEAN STANDARDNORME EUROPÉENNEEUROPÄISCHE NORMEN 14890-1December 2008ICS 35.240.15Supersedes CWA 14890-1:2004
English VersionApplication Interface for smart cards used as Secure SignatureCreation Devices - Part 1: Basic servicesInterface applicative des cartes à puces utilisées commedispositifs de création de signature numérique sécurisés -Partie 1 : Services de basesAnwendungsschnittstelle für Chipkarten, die zur Erzeugungqualifizierter elektronischer Signaturen verwendet werden -Teil 1: Allgemeine DiensteThis European Standard was approved by CEN on 27 September 2008.CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this EuropeanStandard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such nationalstandards may be obtained on application to the CEN Management Centre or to any CEN member.This European Standard exists in three official versions (English, French, German). A version in any other language made by translationunder the responsibility of a CEN member into its own language and notified to the CEN Management Centre has the same status as theofficial versions.CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland,France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.EUROPEAN COMMITTEE FOR STANDARDIZATIONCOMITÉ EUROPÉEN DE NORMALISATIONEUROPÄISCHES KOMITEE FÜR NORMUNGManagement Centre: rue de Stassart, 36
B-1050 Brussels© 2008 CENAll rights of exploitation in any form and by any means reservedworldwide for CEN national Members.Ref. No. EN 14890-1:2008: ESIST EN 14890-1:2009



EN 14890-1:2008 (E) 2 Contents Foreword.6 1 Scope.7 2 Normative references.8 3 Terms and definitions.8 4 Symbols and abbreviations.11 5 Signature application.13 5.1 Application Flow.13 5.2 Trusted environment versus untrusted environment.16 5.3 Selection of ESIGN application.16 5.3.1 General.16 5.3.2 Exceptions for Secure Messaging.17 5.4 Selection of cryptographic information application.17 5.5 Concurrent usage of signature applications.17 5.5.1 General.17 5.5.2 Methods of channel selection.17 5.5.3 Security issues on multiple c
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
CEN/TR 17982:2023(Main)
European Digital Identity Wallets standards Gap Analysis
SIST-TP CEN/TR 17982:2024

This document identifies relevant existing standards and standards work in progress around European Digital Identity Wallets. It also identifies missing work items and overlaps in standards and is supposed to work as a roadmap for future standardization projects in the area.

  • Technical report
    39 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEC 2382-37:2023(Main)
Information technology - Vocabulary - Part 37: Biometrics (ISO/IEC 2382-37:2022)
SIST EN ISO/IEC 2382-37:2024

This document establishes a systematic description of the concepts in the field of biometrics pertaining to recognition of human beings. This document also reconciles variant terms in use in pre-existing International Standards on biometrics against the preferred terms, thereby clarifying the use of terms in this field.
This document does not cover concepts (represented by terms) from information technology, pattern recognition, biology, mathematics, etc. Biometrics uses such fields of knowledge as a basis.
In principle, mode-specific terms are outside of scope of this document.

  • Standard
    42 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 17661:2021(Main)
Personal identification – European enrolment guide for biometric ID documents (EEG)
SIST-TS CEN/TS 17661:2022

This document consolidates information relating to successful and high quality biometric enrolment processes of facial and fingerprint systems, while indicating risk factors and providing appropriate mitigations. This information supports decisions regarding procurement, design, deployment and operation of these biometric systems.
This document provides guidance on:
—   capturing of facial images to be used as reference images in identity and secure documents;
—   capturing of fingerprint images to be used as reference images in identity and secure documents;
—   data quality maintenance for biometric reference data;
—   data authenticity maintenance for biometric reference data.
The document addresses the following aspects which are specific for biometric reference data capturing:
—   biometric data quality and interoperability ensurance;
—   data authenticity ensurance;
—   morphing and other presentation attack detection as well as other unauthorized changes;
—   accessibility and usability;
—   privacy and data protection;
—   optimal enrolment design.
The following aspects are out of scope:
—   IT security;
—   data capturing for verification purposes, e.g. in ABC gates;
—   capturing biometric data for enrolment in other systems different from data enrolment for integration in secure MRTD, like entry/exit systems.
This document consolidates the role of the enrolment process in a biometric system and differentiates the enrolment from the authentication, while mentioning key factors of the enrolment process that are feature independent.
Interests of the existing stakeholders are broken down and provide an insight on different views of the enrolment. In addition, organisational enrolment approaches are covered.
This document is not concerned with IT requirements or the capturing of biometric data for inspection, identification or verification purposes without the required step of creating an identity document using the captured data.

  • Technical specification
    73 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 17631:2021(Main)
Personal identification - Biometric group access control
SIST-TS CEN/TS 17631:2021

This document provides guidance on providing access:
— to areas with physical access control, e.g. entertainment facilities, train stations, shops, libraries, banks, or border control,
— for small groups of persons, e.g. families with small children or seniors, or other accompanied persons in need of support,
— by means of biometric authentication technologies, e.g. facial, fingerprint, or vein recognition,
— in the European regulatory context.
The document addresses the following aspects, which are specific for biometric and group access:
— accessibility and usability,
— user guidance including group guidance and interaction control,
— privacy including data set content,
— presentation attack detection,
— applicable biometric technologies,
— storage of reference data,
— biometric process integration,
— specific needs considering biometrics for groups,
— biometric performance and error rates, and
— group internal linkage.
The following aspects which reflect on generic access control issues are out of scope:
— IT security,
— application specific physical security,
— policy definition,
— processes not related to biometric authentication, and
— specific performance requirements of identification (1:N) and verification (1:1) applications.

  • Technical specification
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 17489-1:2020(Main)
Personal identification - Secure and interoperable European Breeder Documents - Part 1: Framework overview
SIST-TS CEN/TS 17489-1:2020

This document provides an overview of a framework on breeder documents. It introduces the document structure of CEN/TS 17489 (all parts) that specifies how citizens retain the control of breeder document data and how they can use them to support identity proofing and verification. Moreover, the framework provides methodologies to assess and increase the level of trust in breeder documents.
This framework specifies methods for:
-   defining physical and logical/digital representations of a secure breeder document (hardware based, paper-based, server-based),
-   securing breeder document processes,
-   linking the document to its legitimate holder.
The following types of breeder documents are in the scope of the framework:
-   birth certificates,
-   marriage and partnership certificates,
-   death certificates.
The following breeder documents management processes including first-time application, later-in-life registration of an identity, and content update (e.g. name-changing) are in the scope of this framework:
-   registration,
-   issuance,
-   renewal,
-   inspection/verification,
-   revocation.
The specification of policies is out of scope.

  • Technical specification
    14 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 1332-3:2020(Main)
Identification card systems - User Interface - Part 3: Key pads
SIST EN 1332-3:2020

This document covers the ergonomic layout and usability of keypads. The keypad consists of numeric, command and function keys and alphanumeric characters. On the basis that keypad layout impacts performance (keying speed, and errors), this document aims to:
-   enhance usability,
-   ensure ease of use through consistency,
-   increase customer confidence,
-   reduce customer error,
-   improve operating time,
-   ensure ergonomic data entry.
This document specifies the arrangement, the number and location of numeric, function and command keys, including placement of alphabetic characters on numeric keys. Design requirements and recommendations are also provided.
This document applies to all identification card systems with a numeric keypad for use by the public for stationary or non-stationary devices. This document also covers keypads on touch sensitive devices.

  • Standard
    20 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
CEN/TS 17261:2018(Main)
Biometric authentication for critical infrastructure access control - Requirements and Evaluation
SIST-TS CEN/TS 17261:2019

This document addresses biometric recognition systems that are used as part of an automated access control system to provide a second and independent authentication factor of the individual using the AACS to access secured areas of critical infrastructure.
This document:
-   specifies requirements for biometric recognition systems to be used as part of an AACS for critical infrastructure,
-   describes a methodology for the evaluation of biometric authentication for AACSs against the specified requirements.
The requirements and test methods address biometric authentication for AACS that: (i) operate in an internal environment constituting part of a larger site, access to which is restricted and controlled by a separate access control system; and (ii) use biometrics as a second authentication factor to a token or proximity card.
This document does not consider access by the general public, e.g. passengers in an airport, or visitors to a hospital.
Products that meet the requirements of this document will comprise (i) a biometric sensor(s) external to the secured area, which reads the biometric characteristics of the user at the point of access; and (ii) a biometric server system performing biometric enrolment, signal processing, storage of biometric references and biometric comparison within a secured area.
This document does not address AACS or AACS portals (turnstiles) but is only concerned with the biometric components which integrate with the AACS. Other standards address requirements and testing of the non-biometric parts of the AACS.

  • Technical specification
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 419212-5:2018(Main)
Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 5: Trusted eService
SIST EN 419212-5:2018

This part of this series contains Identification, Authentication and Digital Signature (IAS) services in addition to the QSCD mechanisms already described in Part 1 to enable interoperability and usage for IAS services on a national or European level.
It also specifies additional mechanisms like key decipherment, Client Server authentication, identity management and privacy related services.

  • Standard
    58 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 419212-4:2018(Main)
Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 4: Privacy specific Protocols
SIST EN 419212-4:2018

This part specifies mechanisms for SEs to be used as privacy-enabled devices in the context of IAS, and fulfil the requirements of Article 5 of the so-called eIDAS Regulation about data processing and protection.
It covers:
- Age verification
- Document validation
- Restricted identification
- eServices with trusted third party based on ERA protocol

  • Standard
    22 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN 419212-2:2017(Main)
Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 2: Signature and Seal Services
SIST EN 419212-2:2018

This part specifies mechanisms for SEs to be used as qualified signature creation devices covering:
•   Signature creation and mobile signature creation
•   User verification
•   Password based authentication
The specified mechanisms are suitable for other purposes like services in the context of EU Regulation 910/2014 of the European Parliament and the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
The particular case of seal is also covered by the specification. The differences between seal and signature are exposed in Annex B. Annex B also explains how the mechanisms for SEs as qualified signature creation devices can be used for SEs as qualified seal creation devices.
Mobile signature is an alternative to the classical signature case which is performed by a secure element. Mobile signature is encouraged by the large widespread of mobile devices and the qualification authorized by the eIDAS Regulation. The particular case of remote signature (or server signing) is covered by this specification in Annex C.
In the rest of this document, except Annex B, there will be no particular notion of a seal since it technically compares to the signature.

  • Standard
    115 pages
    English language
    sale 10% off
    e-Library read for
    1 day