iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
ISO

ISO/IEC 24727-5:2011

(Main)

Identification cards — Integrated circuit card programming interfaces — Part 5: Testing procedures

Identification cards — Integrated circuit card programming interfaces — Part 5: Testing procedures

ISO/IEC 24727 is a set of programming interfaces for interactions between integrated circuit cards and external applications to include generic services for multi-sector use. ISO/IEC 24727-5:2011 specifies conformance testing procedures designed to determine if interfaces developed with the ISO/IEC 24727 series meet the requirement of ISO/IEC 24727. By conforming to ISO/IEC 24727-5:2011, interoperable implementations of ISO/IEC 24727 can be realized. Test procedures for ISO/IEC 24727-2, ISO/IEC 24727-3 and ISO/IEC 24727-4 are described with sufficient detailing in support of ISO/IEC 24727 interoperability requirements, i.e. the connectivity, ISO/IEC 24727 security mechanisms and discovery mechanisms between the client-application and the card-application. This part of ISO/IEC 24727 defines calls on ISO/IEC 24727-3 in an ordered sequence. It also defines the confirmation of integrity of transmitted data by an implementation under test, as well as the syntax of that data received from the implementation under test for the marshalling procedures defined in ISO/IEC 24727-3 and ISO/IEC 24727-4. For each test procedure, the conditions required for its execution are defined, along with the conditions under which it has to be executed and the expected results. Structures and entities used for the tests, as well as common set of recurring sequences used for the various procedures, are identified and documented in ISO/IEC 24727-5:2011.

Cartes d'identification — Interfaces programmables de cartes à puce — Partie 5: Essais

General Information

Status
Published
Publication Date
13-Mar-2011
ICS
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
ISO/IEC JTC 1/SC 17 - Cards and security devices for personal identification
Drafting Committee
ISO/IEC JTC 1/SC 17/WG 4 - Generic interfaces and protocols for security devices
Current Stage
9093 - International Standard confirmed
Completion Date
08-Oct-2021
Ref Project

Buy Standard

ISO/IEC 24727-5:2011 - Identification cards -- Integrated circuit card programming interfacesISO/IEC 24727-5:2011 - Identification cards -- Integrated circuit card programming interfaces
PreviousNext
Standard
ISO/IEC 24727-5:2011 - Identification cards -- Integrated circuit card programming interfaces
English language
5656 pages
sale 15% off
Preview
sale 15% off
Preview
ISO/IEC 24727-5:2011 - Identification cards -- Integrated circuit card programming interfacesISO/IEC 24727-5:2011 - Identification cards -- Integrated circuit card programming interfaces
PreviousNext
Standard
ISO/IEC 24727-5:2011 - Identification cards -- Integrated circuit card programming interfaces
English language
5656 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 24727-5
First edition
2011-03-15

Identification cards — Integrated circuit
card programming interfaces —
Part 5:
Testing procedures
Cartes d'identification — Interfaces programmables de cartes à puce —
Partie 5: Essais




Reference number
ISO/IEC 24727-5:2011(E)
©
ISO/IEC 2011

---------------------- Page: 1 ----------------------
ISO/IEC 24727-5:2011(E)

PDF disclaimer
PDF files may contain embedded typefaces. In accordance with Adobe's licensing policy, such files may be printed or viewed but shall
not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading a PDF file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create the PDF file(s) constituting this document can be found in the General Info relative to
the file(s); the PDF-creation parameters were optimized for printing. Every care has been taken to ensure that the files are suitable for
use by ISO member bodies. In the unlikely event that a problem relating to them is found, please inform the Central Secretariat at the
address given below.

This CD-ROM contains the publication ISO/IEC 24727-5:2011 in portable document format (PDF), which can
be viewed using Adobe® Acrobat® Reader.
Adobe and Acrobat are trademarks of Adobe Systems Incorporated.


COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2011
All rights reserved. Unless required for installation or otherwise specified, no part of this CD-ROM may be reproduced, stored in a retrieval
system or transmitted in any form or by any means without prior permission from ISO. Requests for permission to reproduce this product
should be addressed to
ISO copyright office • Case postale 56 • CH-1211 Geneva 20 • Switzerland
Internet copyright@i
...

INTERNATIONAL ISO/IEC
STANDARD 24727-5
First edition
2011-03-15


Identification cards — Integrated circuit
card programming interfaces —
Part 5:
Testing procedures
Cartes d'identification — Interfaces programmables de cartes à puce —
Partie 5: Essais





Reference number
ISO/IEC 24727-5:2011(E)
©
ISO/IEC 2011

---------------------- Page: 1 ----------------------
ISO/IEC 24727-5:2011(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2011
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2011 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 24727-5:2011(E)
Contents Page
Foreword .vi
Introduction.vii
1 Scope.1
2 Normative references.1
3 Terms and definitions .2
4 Symbols and abbreviated terms .3
5 Testing methodology .4
5.1 Terms of testing.4
5.1.1 Purpose of testing.4
5.1.2 Testing objective .4
5.1.3 Testing Principles.4
5.1.4 GCI under test:.6
5.1.5 SAL under test:.6
5.1.6 Conformance attainment .7
5.2 Conformance vector.8
5.3 Structure of tests.10
5.4 Test environment.12
5.4.1 Stack configurations.12
5.4.2 Card-application emulators.12
5.4.3 Verification and logging capability of components.12
5.4.4 Procedural element .12
6 Components.12
6.1 Service access layer API .12
6.1.1 Basic tests.12
6.1.2 Discoverability tests.12
6.2 Generic card interface.15
6.2.1 Basic test.15
6.2.2 Processing tests.15
6.2.3 Discoverability tests.17
6.2.4 Generic card interface acted on ISO/IEC 24727-2 implementation (i.e. CLA = "FF") .18
6.3 Interface device API .19
6.4 Trusted channel API.19
6.4.1 TC_API_Open.19
6.4.2 TC_API_Close .19
6.4.3 TC_API Write.19
6.4.4 TC_API Read .19
6.5 SAL on-card implementation component testing .20
7 Authentication protocols.20
7.1 General .20
7.2 SAL security test sequences .21
7.2.1 Cryptographic operations .22
7.2.2 Simple assertion.26
7.2.3 Asymmetric internal authenticate.27
7.2.4 Asymmetric external authenticate.28
7.2.5 Symmetric internal authenticate.30
7.2.6 Symmetric external authenticate.31
7.2.7 Compare .33
7.2.8 PIN compare.35
© ISO/IEC 2011 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 24727-5:2011(E)
7.2.9 Biometric compare .36
7.2.10 Mutual authentication with key establishment .37
7.2.11 Client-application mutual authentication with key establishment .39
7.2.12 Client-application asymmetric external authenticate .41
7.2.13 Modular extended access control protocol (M-EAC).43
7.2.14 Key transport with mutual authentication based on RSA .45
7.2.15 Age attainment.47
7.2.16 Asymmetric session key establishment .48
7.2.17 Secure PIN compare.49
7.2.18 EC key agreement with card-application authentication.51
7.2.19 EC key agreement with mutual authentication.52
7.2.20 Simple EC-DH key agreement .54
7.2.21 GP asymmetric authentication.55
7.2.22 GP symmetric authentication (explicit mode) .56
7.2.23 GP symmetric authentication (implicit mode) .58
8 Secure messaging .60
9 Marshalling.61
9.1 ASN.1 representation .61
9.2 Web-services representation.61
10 Stack configuration testing .61
10.1 Testable interface definitions.61
10.1.1 Full-network-stack .63
10.1.2 Loyal-stack .64
10.1.3 Opaque-ICC-stack.65
10.1.4 Remote-loyal-stack.66
10.1.5 ICC-resident-stack .67
10.1.6 Remote-ICC-stack.68
11 Operational testing .68
11.1 SAL test sequences.69
12 Operational test reporting.69
13 ISO/IEC 24727-6 authentication protocol testing .69
13.1 SAL test sequences.70
13.1.1 ISO/IEC 24727-6 defined authentication protocol .70
13.2 Reference model implementations .70
13.2.1 Off card-application.70
13.2.2 Card-application emulator or test card use .70
Annex A (normative) SAL operational test sequence descriptions.71
A.1 Application management – alpha card-application data structure construction .71
A.2 Application management – first application data structure construction.92
A.3 Application management – application data structure construction error conditions.148
A.4 Application management – second application data structure construction .163
A.5 Data manipulation - card application path .207
A.6 Data manipulation – general.215
A.7 Data manipulation - global authentication .255
A.8 Application management - data structure destruction.282
Annex B (informative) Envelope APDU implementation ICC-Resident stack expected component
test inputs and outputs .326
B.1 Application management - alpha card-application data structure construction .326
B.2 Application management - first application data structure construction.434
B.3 Application management - application data structure construction error conditions.755
B.4 Application management - second application data structure construction.907
B.5 Data manipulation - card application path .1156
B.6 Data manipulation – general.1271
B.7 Data manipulation - global authentication .1633
B.8 Application management - data structure destruction.1913
iv © ISO/IEC 2011 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 24727-5:2011(E)
Annex C (informative) Non ICC-Resident stack expected component test inputs and outputs.2346
C.1 Application management - alpha card-application data structure construction.2346
C.2 Application management - first application data structure construction .2443
C.3 Application management - application data structure construction error conditions .2734
C.4 Application management - second application data structure construction.2884
C.5 Data manipulation - card application path.3112
C.6 Data manipulation – general .3228
C.7 Data manipulation - global authentication.3579
C.8 Application management - data structure destruction.3855
Annex D (informative) TLS implementation ICC-Resident stack expected component test inputs
and outputs .4277
D.1 Application management - alpha card-application data structure construction.4277
D.2 Application management - first application data structure construction .4329
D.3 Application management - application data structure construction error conditions .4501
D.4 Application management - second application data structure construction.4578
D.5 Data manipulation – general .4711
D.6 Data manipulation - global authentication.4908
D.7 Application management - data structure destruction.5060
Annex E (informative) WSDL encoded IFD data structures.5307
E.1 Establish Context .5307
E.2 ReleaseContext.5308
E.3 ListIFDs .5308
E.4 GetIFDCapabilities.5309
E.5 GetStatus.5310
E.6 Wait .5312
E.7 Cancel.5314
E.8 ControlIFD .5315
E.9 Connect .5315
E.10 Disconnect .5316
E.11 BeginTransaction .5317
E.12 EndTransaction .5317
E.13 Transmit .5318
E.14 VerifyUser.5319
E.15 ModifyVerificationData.5320
E.16 Output.5321
E.17 SignalEvent .5322
Annex F (informative) ISO/IEC 24727-3 C language binding for common definitions.5323
Annex G (informative) ISO/IEC 24727-4 C language binding for algorithm definitions.5326
Annex H (informative) ISO/IEC 24727-4 C language binding for API and authentication protocol
data .5329
Annex I (informative) ISO/IEC 24727-4 C language binding for TC-API .5374
Annex J (informative) ISO/IEC 24727-4 C language binding for IFD-API .5379
Annex K (informative) ISO/IEC 24727 Java language binding for common definitions .5396
Annex L (informative) ISO/IEC 24727-3 Java language binding for API and authentication protocol
data .5398
Annex M (informative) ISO/IEC 24727-3 Java language binding for algorithms.5590
Annex N (informative) ISO/IEC 24727-4 Java language binding for TC-API .5592
Annex O (informative) ISO/IEC 24727-4 Java language binding for IFD-API .5614
Bibliography.5656

© ISO/IEC 2011 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO/IEC 24727-5:2011(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 24727-5 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 17, Cards and personal identification.
ISO/IEC 24727 consists of the following parts, under the general title Identification cards — Integrated circuit
card programming interfaces:
⎯ Part 1: Architecture
⎯ Part 2: Generic card interface
⎯ Part 3: Application interface
⎯ Part 4: Application programming interface (API) administration
⎯ Part 5: Testing procedures
⎯ Part 6: Registration authority procedures for the authentication protocols for interoperability
vi © ISO/IEC 2011 – All rights reserved

---------------------- Page: 6 ----------------------
ISO/IEC 24727-5:2011(E)
Introduction
ISO/IEC 24727 is a set of programming interfaces for interactions between integrated circuit cards (ICCs) and
external applications to include generic services for multi-sector use. The organization and the operation of
the ICCs conform to ISO/IEC 7816-4.
ISO/IEC 24727 is relevant to ICC applications desiring interoperability among diverse application domains.
ISO/IEC 7498-1:1994, Information technology — Open Systems Interconnection — Basic Reference Model:
The Basic Model, is used as the layered architecture of the client-application to card-application connectivity.
That is, the client-application, through the Application Interface, assumes that there is a protocol stack through
which it will exchange information and transactions among card-applications using commands conveyed
through the message structures defined in ISO/IEC 7816. The semantics of action requests through the
interface defined in ISO/IEC 24727-3 refers to application protocol data units (APDUs) as characterized
through the interface defined in ISO/IEC 24727-2 and in the following International Standards:
⎯ ISO/IEC 7816-4:2005, Identification cards — Integrated circuit cards — Part 4: Organization, security and
commands for interchange
⎯ ISO/IEC 7816-8:2004, Identification cards — Integrated circuit cards — Part 8: Commands for security
operations
⎯ ISO/IEC 7816-9:2004, Identification cards — Integrated circuit cards — Part 9: Commands for card
management
The goal of ISO/IEC 24727 is to maximize the applicability and solution space of software tools that provide
application interface support to card-aware client-applications. This effort includes supporting the evolution of
card systems as the cards become more powerful, peer-level partners with existing and future applications
while minimizing the impact to existing solutions conforming to this part of ISO/IEC 24727.
This part of ISO/IEC 24727 specifies an application-independent and implementation-independent testing
regimen through which conformance of specific implementations to the relevant part of ISO/IEC 24727 can be
confirmed. It is assumed that such testing will be performed through test environments and procedures
developed in accordance with this part of ISO/IEC 24727.

© ISO/IEC 2011 – All rights reserved vii

---------------------- Page: 7 ----------------------
INTERNATIONAL STANDARD ISO/IEC 24727-5:2011(E)

Identification cards — Integrated circuit card programming
interfaces —
Part 5:
Testing procedures
1 Scope
ISO/IEC 24727 is a set of programming interfaces for interactions between integrated circuit cards and
external applications to include generic services for multi-sector use.
This part of ISO/IEC 24727 specifies conformance testing procedures designed to determine if interfaces
developed with the ISO/IEC 24727 series meet the requirement of ISO/IEC 24727. By conforming to this part
of ISO/IEC 24727, interoperable implementations of ISO/IEC 24727 can be realized.
Test procedures for ISO/IEC 24727-2, ISO/IEC 24727-3 and ISO/IEC 24727-4 are described with sufficient
detailing in support of ISO/IEC 24727 interoperability requirements, i.e. the connectivity, ISO/IEC 24727
security mechanisms and discovery mechanisms between the client-application and the card-application. This
part of ISO/IEC 24727 defines calls on ISO/IEC 24727-3 in an ordered sequence. It also defines the
confirmation of integrity of transmitted data by an implementation under test, as well as the syntax of that data
received from the implementation under test for the marshalling procedures defined in ISO/IEC 24727-3 and
ISO/IEC 24727-4.
For each test procedure, the conditions required for its execution are defined, along with the conditions under
which it has to be executed and the expected results. Structures and entities used for the tests, as well as a
common set of recurring sequences used for the various procedures, are identified and documented in this
part of ISO/IEC 24727.
2 Normative references
The following referenced documents are indispensable for the applicati
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

ISO
ISO/IEC TS 23465-3:2023(Main)
Card and security devices for personal identification — Programming interface for security devices — Part 3: Proxy

This document describes the software (SW) layer called “proxy”. It supports the programming interface to security devices and the application using this API to access the application related security devices defined in ISO/IEC TS 23465-2. This document is applicable to: — proxy requirements, functionality and layers; — resolving mechanisms for API functions; — data structures related to security device handling; — translation for security device communication; — serialization/de-serialization syntax and methods.

  • Technical specification
    19 pages
    English language
    sale 15% off
  • Draft
    19 pages
    English language
    sale 15% off
  • Draft
    19 pages
    English language
    sale 15% off
ISO
ISO/IEC 18013-3:2017/Amd 2:2023(Amendment)
Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation — Amendment 2: Updates for passive authentication
  • Standard
    8 pages
    English language
    sale 15% off
  • Draft
    9 pages
    English language
    sale 15% off
  • Draft
    9 pages
    English language
    sale 15% off
ISO
ISO/IEC 18013-2:2020/Amd 1:2023(Amendment)
Personal identification — ISO-compliant driving licence — Part 2: Machine-readable technologies — Amendment 1: DG11 length for compact encoding
  • Standard
    9 pages
    English language
    sale 15% off
  • Draft
    10 pages
    English language
    sale 15% off
  • Draft
    10 pages
    English language
    sale 15% off
ISO
ISO/IEC 7816-6:2023(Main)
Identification cards — Integrated circuit cards — Part 6: Interindustry data elements for interchange

This document specifies directly or by reference, data elements, including composite data elements that are applicable to interindustry interchange. It identifies the following characteristics of each data element: — identifier; — name; — description and reference; — format and coding (if not available in other ISO standards or parts of the ISO/IEC 7816 series). The layout of each data element is described as seen at the interface between the interface device and the card. This document provides the definition of data elements without consideration of any restrictions on the usage of the data elements. It does not cover the internal implementation within the card and/or the outside world. With the exception of login data objects (6.5), only application class tags are eligible in this document. When using an interindustry template, an application is allowed to nest context-specific class tags (see ISO/IEC 7816-4) under such a template unless it is previously marked as reserved for future use by ISO/IEC JTC 1/SC 17.

  • Standard
    27 pages
    English language
    sale 15% off
  • Draft
    28 pages
    English language
    sale 15% off
ISO
ISO/IEC 23465-1:2023(Main)
Card and security devices for personal identification — Programming interface for security devices — Part 1: Introduction and architecture description

This document introduces and describes the concept of the application programming interface (API) to security devices with the intention to simplify the usage of commands and mechanisms defined by the ISO/IEC 7816 series. This document gives guidelines on: — the system overview and description of the system of the programming interface; — the architecture description; — the data model in general, used by the API; — the use cases and the usage model of the API.

  • Standard
    22 pages
    English language
    sale 15% off
ISO
ISO/IEC TS 23465-2:2023(Main)
Card and security devices for personal identification — Programming interface for security devices — Part 2: API definition

This document describes the following aspects of the programming interface between the client application dealing with the security device and the proxy, based on the framework outlined in ISO/IEC 23465-1: — the generic API definition; — state and security models for use cases; — class and API definitions of functionality, defined in other standards, e.g. the ISO/IEC 7816 series.

  • Technical specification
    55 pages
    English language
    sale 15% off
ISO
ISO/IEC 23220-1:2023(Main)
Cards and security devices for personal identification — Building blocks for identity management via mobile devices — Part 1: Generic system architectures of mobile eID systems

This document specifies generic system architectures and generic life-cycle phases of mobile eID systems in terms of building blocks for mobile eID system infrastructures. It standardizes interfaces and services for mdoc apps and mobile verification applications. It is applicable to entities involved in specifying, architecting, designing, testing, maintaining, administering and operating a mobile eID system in parts or entirely.

  • Standard
    48 pages
    English language
    sale 15% off
  • Standard
    48 pages
    English language
    sale 15% off
ISO
ISO/IEC 7816-11:2022(Main)
Identification cards — Integrated circuit cards — Part 11: Personal verification through biometric methods

This document specifies security-related interindustry commands that are intended to be used for personal verification through biometric methods in integrated circuit cards. It also defines the data structure and data access methods for use of the card as a carrier of the biometric reference and/or as the device to perform the verification of the cardholder's biometric probe (on-card biometric comparison). Identification of persons using biometric methods is outside the scope of this document.

  • Standard
    25 pages
    English language
    sale 15% off
ISO
ISO/IEC 18013-3:2017/Amd 1:2022(Amendment)
Information technology — Personal identification — ISO-compliant driving licence — Part 3: Access control, authentication and integrity validation — Amendment 1: PACE protocol
  • Standard
    14 pages
    English language
    sale 15% off
  • Draft
    14 pages
    English language
    sale 15% off
ISO
ISO/IEC 18328-2:2021(Main)
Identification cards — ICC-managed devices — Part 2: Physical characteristics and test methods for cards with devices

This document defines physical characteristics and test methods for cards with devices, including but not limited to, power supplying devices, displays, sensors, microphones, loudspeakers, buttons or keypads. This document also covers aspects of coexistence of technologies of devices on the card and other machine-readable card technologies. Additional requirements related to biometric capture devices are defined in ISO/IEC 17839-2. Such requirements can be applied in addition to the ones defined in this document. ISO/IEC 17839-2 defines a type S2 card; the physical dimensions of the type S2 card are specified in Annex A.

  • Standard
    25 pages
    English language
    sale 15% off
  • Draft
    25 pages
    English language
    sale 15% off