SIST EN 419212-2:2018
(Main)Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 2: Signature and Seal Services
Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 2: Signature and Seal Services
This part specifies mechanisms for SEs to be used as qualified signature creation devices covering:
• Signature creation and mobile signature creation
• User verification
• Password based authentication
The specified mechanisms are suitable for other purposes like services in the context of EU Regulation 910/2014 of the European Parliament and the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
The particular case of seal is also covered by the specification. The differences between seal and signature are exposed in Annex B. Annex B also explains how the mechanisms for SEs as qualified signature creation devices can be used for SEs as qualified seal creation devices.
Mobile signature is an alternative to the classical signature case which is performed by a secure element. Mobile signature is encouraged by the large widespread of mobile devices and the qualification authorized by the eIDAS Regulation. The particular case of remote signature (or server signing) is covered by this specification in Annex C.
In the rest of this document, except Annex B, there will be no particular notion of a seal since it technically compares to the signature.
Anwendungsschnittstelle für sichere Elemente, die als qualifizierte elektronische Signatur-/Siegelerstellungseinheiten verwendet werden - Teil 2: Zusätzliche Dienste
Identification personnelle et dispositifs associés, éléments de sécurité, systèmes, opérations et protection de la vie privée dans un environnement multisectoriel - Partie 2 : Services de signatures et de cachets
La présente partie spécifie les mécanismes pour l'utilisation de SE comme dispositifs de création de signatures qualifiés, qui recouvrent :
la création de signatures et création de signatures mobiles ;
la vérification de l’utilisateur ;
l’authentification par mot de passe.
Les mécanismes spécifiés conviennent à d'autres objectifs, tels que les services dans le cadre de [2].
Le cas particulier du cachet est également traité par la spécification. Les différences entre cachet et signature sont présentées dans l’Annexe B. L’Annexe B explique également comment les mécanismes des SE servant de dispositifs de création de signatures qualifiés peuvent être utilisés pour les SE servant de dispositifs de création de cachets qualifiés.
La signature mobile est une variante de la signature traditionnelle qui est exécutée par un élément de sécurité. La signature mobile bénéficie de la grande diffusion des dispositifs mobiles et de la qualification autorisée par le Règlement eIDAS [2]. Le cas particulier de la signature à distance (ou signature par serveur) est traité par la présente spécification dans l’Annexe C.
Dans la suite du présent document, à l’exception de l’Annexe B, il n’y aura aucune notion particulière relative au cachet, puisque, sur un plan technique, il est comparable à la signature.
Uporabniški vmesnik za varnostne elemente za elektronsko identifikacijo, avtentifikacijo in zanesljivost storitev - 2. del: Podpis in dodatne storitve
Ta del določa mehanizme za uporabo varnostnih elementov (SE) kot kvalificiranih naprav za elektronsko podpisovanje in zajema: • oblikovanje podpisa in mobilno oblikovanje podpisa,
• preverjanje uporabnika,
• preverjanje pristnosti na podlagi gesla.
Opredeljeni mehanizmi so primerni za druge namene, kot so storitve v okviru Uredbe (EU) št. 910/2014 Evropskega parlamenta in sveta z dne 23. julija 2014 o elektronski identifikaciji in storitvah zaupanja za elektronske transakcije na notranjem trgu ter razveljavitve Direktive 1999/93/ES. Specifikacija zajema tudi poseben primer žiga. Razlike med žigom in podpisom so izpostavljene v dodatku B. Dodatek B tudi pojasnjuje, kako se lahko mehanizmi za varnostne elemente kot kvalificirana sredstva za elektronsko podpisovanje uporabljajo za varnostne elemente kot naprave za ustvarjanje kvalificiranega elektronskega žiga. Alternativa običajnemu podpisu je mobilni podpis, ki ga izvede varnostni element. Mobilni podpis se spodbuja zaradi razširjenega obsega mobilnih naprav in kvalifikacij, odobrenih z uredbo o elektronski identifikaciji (eIDAS). Poseben primer podpisa na daljavo (ali strežniškega podpisa) je zajet v tej specifikaciji v dodatku C.
Preostanek dokumenta z izjemo dodatka B posebej ne omenja pomena žiga, saj je v tehničnem smislu podoben podpisu.
General Information
Relations
Standards Content (Sample)
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Uporabniški vmesnik za varnostne elemente za elektronsko identifikacijo, avtentifikacijo in zanesljivost storitev - 2. del: Podpis in dodatne storitveAnwendungsschnittstelle für sichere Elemente, die als qualifizierte elektronische Signatur-/Siegelerstellungseinheiten verwendet werden - Teil 2: Zusätzliche DiensteApplication Interface for Secure Elements for Electronic Identification, Authentication and Trusted Services - Part 2: Signature and Seal Services35.240.15Identification cards. Chip cards. BiometricsICS:Ta slovenski standard je istoveten z:EN 419212-2:2017SIST EN 419212-2:2018en,fr,de01-april-2018SIST EN 419212-2:2018SLOVENSKI
STANDARDSIST EN 419212-2:2015SIST EN 419212-1:20151DGRPHãþD
SIST EN 419212-2:2018
EUROPEAN STANDARD NORME EUROPÉENNE EUROPÄISCHE NORM
EN 419212-2
December
t r s y ICS
u wä t v rä s w Supersedes EN
v s { t s tæ sã t r s vá EN
v s { t s tæ tã t r s vEnglish Version
Application Interface for Secure Elements for Electronic Identificationá Authentication and Trusted Services æ Part
tã Signature and Seal Services Interface applicative des éléments sécurisés utilisés comme dispositifs de création de signature signatures et de cachets
Anwendungsschnittstelle für sichere Elementeá die als qualifizierte elektronische SignaturæZusätzliche Dienste This European Standard was approved by CEN on
x February
t r s yä
egulations which stipulate the conditions for giving this European Standard the status of a national standard without any alterationä Upætoædate lists and bibliographical references concerning such national standards may be obtained on application to the CENæCENELEC Management Centre or to any CEN memberä
translation under the responsibility of a CEN member into its own language and notified to the CENæCENELEC Management Centre has the same status as the official versionsä
CEN members are the national standards bodies of Austriaá Belgiumá Bulgariaá Croatiaá Cyprusá Czech Republicá Denmarká Estoniaá Finlandá Former Yugoslav Republic of Macedoniaá Franceá Germanyá Greeceá Hungaryá Icelandá Irelandá Italyá Latviaá Lithuaniaá Luxembourgá Maltaá Netherlandsá Norwayá Polandá Portugalá Romaniaá Serbiaá Slovakiaá Sloveniaá Spainá Swedená Switzerlandá Turkey and United Kingdomä
EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre:
Avenue Marnix 17,
B-1000 Brussels
9
t r s y CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Membersä Refä Noä EN
v s { t s tæ tã t r s y ESIST EN 419212-2:2018
EN 419212-2:2017 (E) 3 Contents Page European foreword .6 1 Scope .8 2 Normative references .8 3 Terms and definitions .9 4 Symbols and abbreviations .9 5 Signature application .9 5.1 Application Flow .9 5.2 Trusted environment versus untrusted environment . 11 5.3 Selection of ESIGN application . 12 5.3.1 General . 12 5.3.2 Exceptions for Secure Messaging . 13 5.4 Selection of cryptographic information application . 13 5.5 Concurrent usage of signature applications . 13 5.5.1 General . 13 5.5.2 Methods of channel selection . 14 5.5.3 Security issues on multiple channels . 14 5.6 Security environment selection . 14 5.7 Key selection . 14 5.8 Security Services . 15 6 User verification . 15 6.1 General . 15 6.2 Knowledge based user verification . 16 6.2.1 General . 16 6.2.2 Explicit user verification . 16 6.2.3 Password-based mechanisms . 18 6.2.4 Presentation formats . 18 6.2.5 Retry and Usage counters . 18 6.2.6 Password Change . 19 6.2.7 Reset of RC and setting a new password . 19 6.3 Biometric user verification . 20 6.3.1 General . 20 6.3.2 Retrieval of the Biometric Information Template . 21 6.3.3 Performing the biometric user verification . 22 6.3.4 Reset of RC . 24 7 Digital Signature Service . 24 7.1 General . 24 7.2 Signature generation algorithms . 25 7.3 Activation of digital signature service . 25 7.4 General aspects . 25 7.5 Signature Generation . 27 7.5.1 General . 27 7.5.2 No hashing in Card. 27 7.5.3 Partial hashing . 27 7.5.4 All hashing in ICC . 29 7.6 Selection of different keys, algorithms and input formats . 30 7.6.1 General . 30 7.6.2 Restore an existing SE . 31 SIST EN 419212-2:2018
EN 419212-2:2017 (E) 4 7.6.3 Setting the Hash Template (HT) of a current Security Environment (SE) . 31 7.6.4 Modify the Digital Signature Template (DST) of a current Security Environment (SE) . 32 7.7 Read certificates and certificate related information . 32 7.7.1 General . 32 7.7.2 Read certificate related CIOs . 33 7.7.3 Read signer's certificate from ICC . 33 7.7.4 Retrieval of the signer's certificate from a directory service . 34 8 Password-based authentication protocols . 35 8.1 General . 35 8.2 Notation . 35 8.3 Authentication steps . 36 8.3.1 General . 36 8.3.2 Step 1 — Reading the protocol relevant public parameters . 37 8.3.3 Step 2 — Set PBM parameters and generate blinding point. 38 8.3.4 Step 3 — Get encrypted nonce . 39 8.3.5 Step 4.1 — Map nonce and compute generator point for generic mapping . 40 8.3.6 Step 4.2 — Map nonce and compute generator point for integrated mapping. 41 8.3.7 Step 5 — Generate session keys . 43 8.3.8 Step 6 — Explicit key authentication . 43 9 Secure Messaging . 44 9.1 General . 44 9.2 CLA byte . 45 9.3 TLV coding of command and response message . 45 9.4 Treatment of SM-Errors . 45 9.5 Padding for checksum calculation . 46 9.6 Send sequence counter (SSC) . 46 9.7 Message structure of Secure Messaging APDUs . 46 9.7.1 Cryptograms . 46 9.7.2 Cryptographic Checksums . 48 9.7.3 Final command APDU construction . 51 9.8 Response APDU protection . 52 9.9 Use of TDES and AES . 56 9.9.1 TDES/AES encryption/decryption . 56 9.9.2 CBC mode. 57 9.9.3 Retail MAC with TDES . 57 9.9.4 EMAC with AES . 58 9.9.5 CMAC with AES . 59 10 Key Generation. 59 10.1 General . 59 10.2 Signature key and certificate generation . 60 11 Key identifiers and parameters . 61 11.1 General . 61 11.2 Key identifiers (KID) . 62 11.2.1 General . 62 11.2.2 Secret and private keys . 62 11.3 Public Key parameters . 62 11.3.1 General . 62 11.3.2 RSA public key parameters . 62 11.4 Diffie-Hellman key exchange parameters . 63 11.5 Authentication tokens in the protocols mEACv2 and PCA . 63 11.5.1 General . 63 SIST EN 419212-2:2018
EN 419212-2:2017 (E) 5 11.5.2 TDES. 63 11.5.3 AES. 63 11.5.4 Ephemeral Public Key Data Object . 63 11.6 The compression function Comp() . 63 11.7 DSA with ELC public key parameters . 64 11.7.1 General . 64 11.7.2 The plain format of a digital signature . 65 11.7.3 The uncompressed encoding . 65 11.8 ELC key exchange public parameters . 65 12 AlgIDs, Hash- and DSI Formats . 66 12.1 General . 66 12.2 Algorithm Identifiers and OIDs . 66 12.3 Hash Input-Formats . 66 12.3.1 General . 66 12.3.2 PSO:HASH without command chaining . 67 12.3.3 PSO:HASH with command Chaining . 67 12.4 Formats of the Digital Signature Input (DSI) . 68 12.4.1 General . 68 12.4.2 DSI according to ISO/IEC 14888-2 (scheme 2) . 69 12.4.3 DSI according to PKCS #1 V 1.5 . 69 12.4.4 Digest Info for SHA-X Hash:Digest Info SHA:Digest Info . 71 12.4.5 DSI according to PKCS #1 V 2.x MGF function . 73 12.4.6 DSA with DH key parameters . 74 12.4.7 Elliptic Curve Digital Signature Algorithm - ECDSA . 74 13 Files . 74 13.1 General . 74 13.2 File structure . 74 13.3 File IDs . 75 13.4 EF.DIR . 75 13.5 EF.SN.ICC . 76 13.6 EF.DH . 76 13.7 EF.ELC . 77 13.8 EF.C.ICC.AUT . 77 13.9 EF.C.CAICC.CS-AUT . 78 13.10 EF.C_X509.CH.DS . 78 13.11 EF.C_X509.CA.CS (DF.ESIGN) . 79 13.12 EF.DM . 79 14 Cryptographic Information Application . 79 14.1 General . 79 14.2 ESIGN cryptographic information layout example . 81 14.2.1 General . 81 14.2.2 EF.CIAInfo . 82 14.2.3 EF.AOD . 84 14.2.4 EF.PrKD . 88 14.2.5 EF.PuKD . 92 14.2.6 EF.CD . 93 14.2.7 EF.DCOD. 95 Annex A (normative)
Security environments . 100 Annex B (informative)
Seals and Signatures . 108 Annex C (informative)
Remote Signatures . 111 SIST EN 419212-2:2018
EN 419212-2:2017 (E) 6 European foreword This document (EN 419212-2:2017) has been prepared by Technical Committee CEN/TC 224 “Furniture”, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by June 2018, and conflicting national standards shall be withdrawn at the latest by June 2018. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN shall not be held responsible for identifying any or all such patent rights. This document supersedes EN 419212-1:2014 and EN 419212-2:2014. This standard supports services in the context of electronic IDentification, Authentication and Trust Services (eIDAS) including signatures. In EN 419212 Part 2, the standard allows support of implementations of the European legal framework for electronic signatures, defining the functional and security features for a Secure Elements (SE) (e.g. smart cards) intended to be used as a Qualified electronic Signature Creation Device (QSCD) according to the Terms of the “European Regulation on Electronic Identification and Trust Services for electronic transactions in the internal market” [2]. A Secure Element (SE) compliant to the standard will be able to produce a “qualified electronic signature” that fulfils the requirements of Article of the Electronic Signature Regulation ” [2] and therefore can be considered equivalent to a hand-written signature. This standard consists of five parts: Part 1: “Introduction and common definitions” describes the history, application context, market perspective and a tutorial about the basic understanding of electronic signatures. It also provides common terms and references valid for the entire 419212 series. Part 2: “Signature and Seal Services” describes the specifications for signature generation according to the eIDAS regulation.
Part 3: “Device Authentication” describes the device authentication protocols and the related key management services to establish a secure channel.
Part 4: “Privacy specific Protocols” describes functions and services to provide privacy to identification services.
Part 5: “Trusted eServices” describes services that may be used in conjunction with signature services described in Part 2.
This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. According to the CEN-CENELEC Internal Regulations, the national standards organisations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. SIST EN 419212-2:2018
EN 419212-2:2017 (E) 7 Introduction Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting documentation. The European Committee for Standardization (CEN) draws attention to the fact that it is claimed that compliance with this document may involve the use of a patent concerning the mapping function given in Part 2, clause 8.3.6. The patent relates to “Sagem, MorphoMapping Patents FR09-54043 and FR09-54053, 2009”. CEN takes no position concerning the evidence, validity and scope of this patent right. The holder of this patent right has ensured CEN that he/she is willing to negotiate licences under reasonable and non-discriminatory terms and conditions with applicants throughout the world. In this respect, the statement of the holder of this patent right is registered with CEN. Information may be obtained from: Morpho 11, boulevard Galliéni 92
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.