iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST-TS CEN/TS 15480-2:2012

(Main)

Identification card systems - European Citizen Card - Part 2: Logical data structures and security services

Identification card systems - European Citizen Card - Part 2: Logical data structures and security services

This Technical Specification specifies the logical characteristics and security features at the card/system interface for the European Citizen Card. The European Citizen Card is a smart card with Identification, Authentication and electronic Signature (IAS) services. Therefore: - the supported services are specified; - the supported data structures as well as the access to these structures are specified; - the command set is defined. This Technical Specification aims to ensure the interoperability at card/system interface in the usage phase. In order to reach the interoperability objective, IAS services are compliant with EN 14890 Part 1 and Part 2. As the EN documents offer options, this specification fully defines a complete profile. This Technical Specification also considers ICAO Doc 9303. This Technical Specification does not mandate the use of a particular technology, and is intended to allow both native and Java card technologies. This specification encompasses mandatory and optional features. Optional features make up a toolbox of modular options from which issuers can pick up the necessary protocols to fulfil the requirements for use. Mandatory features shall be implemented for a smart card to be compliant with this Technical Specification. Mandatory features required for compliancy to ECC specification are given in Annex C, the optional features are given in Annex D. Two IAS-enabled smart cards issued by two different issuers, and compliant with this Technical Specification but implementing different application profiles out of this Technical Specification, can interoperate with a terminal provided that such a terminal supports both application profiles. Therefore, interoperability requires a specific agreement between issuers/governments in order to determine which cross-border services are to be shared, and consequently, which protocols are to be supported by the terminals in each country. All the APDU commands described in this Technical Specification are in accordance with ISO/IEC 7816 Part 4 or Part 8. They are fully described here in order to provide the settings adopted by this specification and to prevent any ambiguity in case of several possible interpretations of the standards. For physical, electrical and transport protocol characteristics, refer to CEN/TS 15480-1.

Identifikationskartensysteme - Europäische Bürgerkarte - Teil 2: Logische Datenstrukturen und Sicherheitsfunktionen

Systèmes de cartes d’identification - Carte Européenne du Citoyen - Partie 2: structures de données logiques et services de sécurité

Sistemi z identifikacijskimi karticami - Kartica evropskih državljanov - 2. del: Logične strukture podatkov in storitve v zvezi z varnostjo

Ta tehnična specifikacija določa logične značilnosti in varnostne funkcije kartice/sistemskega vmesnika za kartico evropskih državljanov. Kartica evropskih državljanov je pametna kartica, ki omogoča storitve identifikacije, preverjanja pristnosti in elektronskega podpisa (IAS). Zato: – navaja podprte storitve; – navaja podprte strukture podatkov ter dostop do teh struktur; – določa nabor ukazov. Cilj te tehnične specifikacije je zagotoviti interoperabilnost kartice/sistemskega vmesnika v fazi uporabe. Zaradi doseganja interoperabilnosti so storitve identifikacije, preverjanja pristnosti in elektronskega podpisa skladne s 1. in 2. delom standarda EN 14890. Dokumenta EN ponujata možnosti, ta specifikacija pa v celoti določa popoln profil. Ta tehnična specifikacija upošteva tudi dokument ICAO št. 9303. Ta tehnična specifikacija ne določa uporabe določene tehnologije ter dovoljuje obstoječe tehnologije in tehnologijo Java Card. Ta specifikacija zajema obvezne in izbirne funkcije. Izbirne funkcije sestavljajo zbirko orodij za možnosti modula, izmed katerih lahko izdajatelji izberejo potrebne protokole za izpolnitev zahtev za uporabo. Obvezne funkcije je treba uporabiti, da je pametna kartica v skladu s to tehnično specifikacijo. Obvezne funkcije, ki se zahtevajo za skladnost s specifikacijo za kartico evropskega državljana, so navedene v dodatku C, izbirne funkcije pa v dodatku D. Pametni kartici, ki omogočata storitve identifikacije, preverjanja pristnosti in elektronskega podpisa, ki sta ju izdala različna izdajatelja ter sta skladni s to tehnično specifikacijo, vendar uporabljata različna profila aplikacij iz te tehnične specifikacije, sta lahko interoperabilni na terminalu, če ta terminal podpira oba profila aplikacij. Zato je za interoperabilnost potreben poseben sporazum med izdajatelji/vladami, da se določi, katere čezmejne storitve naj se delijo in katere protokole naj terminali v vsaki državi posledično podpirajo. Vsi ukazi podatkovne enote aplikacijskega protokola (APDU) iz te tehnične specifikacije so v skladu s 4. ali 8. delom standarda ISO/IEC 7816. V tem standardu so v celoti opisani, da se zagotovijo nastavitve, ki jih sprejema ta specifikacija, in prepreči morebitna dvoumnost v primeru več možnih razlag standardov. Za značilnosti fizičnih in električnih protokolov ter protokolov prenosa glejte standard CEN/TS 15480-1.

General Information

Status
Published
Publication Date
25-Jul-2012
ICS
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
ITC - Information technology
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
03-Jul-2012
Due Date
07-Sep-2012
Completion Date
26-Jul-2012
Ref Project
CEN/TS 15480-2:2012 - Identification card systems - European Citizen Card - Part 2: Logical data structures and security services

Relations

Replaces
SIST-TS CEN/TS 15480-2:2009 - Identification card systems - European Citizen Card - Part 2: Logical data structures and card services
Effective Date
01-Sep-2012

Buy Standard

TS CEN/TS 15480-2:2012 - BARVETS CEN/TS 15480-2:2012 - BARVE
PreviousNext
Technical specification
TS CEN/TS 15480-2:2012 - BARVE
English language
176 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST-TS CEN/TS 15480-2:2012
01-september-2012
1DGRPHãþD
SIST-TS CEN/TS 15480-2:2009
6LVWHPL]LGHQWLILNDFLMVNLPLNDUWLFDPL.DUWLFDHYURSVNLKGUåDYOMDQRYGHO
/RJLþQHVWUXNWXUHSRGDWNRYLQVWRULWYHY]YH]L]YDUQRVWMR
Identification card systems - European Citizen Card - Part 2: Logical data structures and
security services
Identifikationskartensysteme - Europäische Bürgerkarte - Teil 2: Logische
Datenstrukturen und Sicherheitsfunktionen
Systèmes de cartes d’identification - Carte Européenne du Citoyen - Partie 2: structures
de données logiques et services de sécurité
Ta slovenski standard je istoveten z: CEN/TS 15480-2:2012
ICS:
35.240.15 Identifikacijske kartice in Identification cards and
sorodne naprave related devices
SIST-TS CEN/TS 15480-2:2012 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TS CEN/TS 15480-2:2012

---------------------- Page: 2 ----------------------

SIST-TS CEN/TS 15480-2:2012


TECHNICAL SPECIFICATION
CEN/TS 15480-2

SPÉCIFICATION TECHNIQUE

TECHNISCHE SPEZIFIKATION
June 2012
ICS 35.240.15
English Version
Identification card systems - European Citizen Card - Part 2:
Logical data structures and security services
Systèmes de cartes d'identification - Carte Européenne du Identifikationskartensysteme - Europäische Bürgerkarte -
Citoyen - Partie 2: structures de données logiques et Teil 2: Logische Datenstrukturen und Sicherheitsfunktionen
services de sécurité
This Technical Specification (CEN/TS) was approved by CEN on 9 January 2012 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2012 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 15480-2:2012: E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST-TS CEN/TS 15480-2:2012
CEN/TS 15480-2:2012 (E)
Contents Page
Foreword .4
1 Scope .5
2 Normative references .5
3 Terms and definitions .6
4 Abbreviations .7
4.1 Abbreviations .7
4.2 Coding conventions and notation.9
5 Data elements and data structures . 10
5.1 Supported data Structures . 10
5.2 Access to data structures . 10
5.3 Answer to reset (ATR) / answer to select (ATS) . 11
5.4 General architecture and file supported . 15
5.5 Selection of data structures . 16
5.6 Access to files . 17
6 Basic card services . 18
6.1 General . 18
6.2 Identification . 18
6.3 User verification . 20
6.4 Device authentication . 20
6.5 Digital signature . 23
6.6 Client/Server Authentication . 24
6.7 Encryption key decipherment . 24
7 Extended card services . 25
7.1 General . 25
7.2 Biometrics – on card matching . 25
7.3 Passive Authentication . 25
7.4 Basic Access Control . 25
7.5 Active Authentication . 25
7.6 Extended Access Control . 26
7.7 Role authentication. 26
7.8 Restricted Identification (RI) . 27
7.9 Age, Validity or Auxiliary Data Verification . 28
7.10 Modular Enhanced Role Authentication (mERA) . 28
Annex A (normative) Command set . 29
A.1 CLASS byte coding. 29
A.2 Command chaining mechanisms . 29
A.3 Extended length mechanism . 30
A.4 Logical channels . 31
A.5 Short and extended length fields . 31
A.6 Status words . 31
A.7 Command set . 32
Annex B (normative) Cryptographic Information Application . 54
B.1 Description . 54
B.2 CIA data organisation . 63
Annex C (normative) Mandatory features . 83
C.1 General . 83
C.2 Data elements and data structures . 83
2

---------------------- Page: 4 ----------------------

SIST-TS CEN/TS 15480-2:2012
CEN/TS 15480-2:2012 (E)
C.3 Card services . 84
C.4 Command set . 84
C.5 Device Authentication and Key Derivation . 85
C.6 Digital signature . 85
C.7 Client/Server Authentication . 86
C.8 Encryption Key Decipherment . 86
Annex D (informative) Optional features . 87
D.1 General . 87
D.2 Data elements and data structures . 87
D.3 Card services . 88
D.4 Command set . 88
D.5 Device Authentication and Key Derivation . 89
D.6 Digital signature . 89
Annex E (informative) Application Profiles . 90
E.1 General . 90
E.2 Application Profile 1: ICAO Application with EAC features . 90
E.3 Application Profile 2: Travel Document Application . 96
E.4 Application Profile 3: eID Application . 101
E.5 Application Profile 4: Digital Signature Application . 111
E.6 E.6 Application Profile 5: eServices Application using a trusted third party . 121
E.7 Application Profile 6: Health Insurance Application . 136
E.8 Application Profile 7: Combined eID and signature application . 152
E.9 Application Profile 8: Multi-Service application . 156
Annex F (informative) Access rules in expanded format . 161
F.1 Object protection by access rules in expanded format . 161
F.2 Access rules in expanded format . 161
F.3 Security attribute referencing expanded format . 162
F.4 Security attribute template for physical interfaces . 163
Annex G (informative) Example of data structure: the Security Data Objects concept . 164
G.1 SDO concept . 164
Bibliography . 176


3

---------------------- Page: 5 ----------------------

SIST-TS CEN/TS 15480-2:2012
CEN/TS 15480-2:2012 (E)
Foreword
This document (CEN/TS 15480-2:2012) has been prepared by Technical Committee CEN/TC 224 “Personal
identification, electronic signature and cards and their related systems and operations”, the secretariat of
which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
This document supersedes CEN/TS 15480-2:2007.
CEN/TS 15480 Identification card systems — European Citizen Card consists of the following four parts:
Part 1, Physical, electrical and transport protocol characteristics
Part 2, Logical data structures and card services
Part 3, European Citizen Card Interoperability using an application interface
Part 4, Recommendations for European Citizen Card issuance, operation and use
According to the CEN/CENELEC Internal Regulations, the national standards organisations of the following
countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus,
Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia,
Spain, Sweden, Switzerland, Turkey and the United Kingdom.
4

---------------------- Page: 6 ----------------------

SIST-TS CEN/TS 15480-2:2012
CEN/TS 15480-2:2012 (E)
1 Scope
This Technical Specification specifies the logical characteristics and security features at the card/system
interface for the European Citizen Card.
The European Citizen Card is a smart card with Identification, Authentication and electronic Signature (IAS)
services. Therefore:
 the supported services are specified;
 the supported data structures as well as the access to these structures are specified;
 the command set is defined.
This Technical Specification aims to ensure the interoperability at card/system interface in the usage phase.
In order to reach the interoperability objective, IAS services are compliant with EN 14890 Part 1 and Part 2. As
the EN documents offer options, this specification fully defines a complete profile.
This Technical Specification also considers ICAO Doc 9303.
This Technical Specification does not mandate the use of a particular technology, and is intended to allow
both native and Java card technologies.
This specification encompasses mandatory and optional features. Optional features make up a toolbox of
modular options from which issuers can pick up the necessary protocols to fulfil the requirements for use.
Mandatory features shall be implemented for a smart card to be compliant with this Technical Specification.
Mandatory features required for compliancy to ECC specification are given in Annex C, the optional features
are given in Annex D. Two IAS-enabled smart cards issued by two different issuers, and compliant with this
Technical Specification but implementing different application profiles out of this Technical Specification, can
interoperate with a terminal provided that such a terminal supports both application profiles. Therefore,
interoperability requires a specific agreement between issuers/governments in order to determine which
cross-border services are to be shared, and consequently, which protocols are to be supported by the
terminals in each country.
All the APDU commands described in this Technical Specification are in accordance with ISO/IEC 7816 Part 4
or Part 8. They are fully described here in order to provide the settings adopted by this specification and to
prevent any ambiguity in case of several possible interpretations of the standards.
For physical, electrical and transport protocol characteristics, refer to CEN/TS 15480-1.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
EN 14890-1:2008:2008, Application Interface for smart cards used as Secure Signature Creation Devices —
Part 1: Basic requirements
ISO/IEC 7816-3, Information technology — Identification cards — Integrated circuit(s) cards with contacts —
Part 3: Electronic signals and transmission protocols
ISO/IEC 7816-4:2005, Identification cards — Integrated circuit(s) cards — Part 4: Organisation, security and
commands for interchange
5

---------------------- Page: 7 ----------------------

SIST-TS CEN/TS 15480-2:2012
CEN/TS 15480-2:2012 (E)
ISO/IEC 7816-4:2005/PDAM 2.1:2008, Identification cards — Integrated circuit(s) cards — Part 4:
Organisation, security and commands for interchange, AMENDMENT 2: Handling of Extended Length
Information (Working Draft)
ISO/IEC 7816-11, Identification cards — Integrated circuit cards — Part 11: Personal verification through
biometric methods
ISO/IEC 7816-15, Identification cards — Integrated circuit cards with contact — Part 15: Cryptographic
information application
ISO/IEC 7816-15:2004/Amd 1:2007, Identification cards — Integrated circuit cards with contact — Part 15:
Cryptographic information application, AMENDMENT 1: Examples of the use of the cryptographic information
application
ISO/IEC 7816-15:2004/Amd 2:2008, Identification cards — Integrated circuit cards with contact — Part 15:
Cryptographic information application, AMENDMENT 2: Error corrections and extensions for multi-application
environments
ISO/IEC 9796-2, Information technology — Security techniques — Digital signature schemes giving message
recovery — Part 2: Integer factorisation based mechanisms
ISO/IEC 14443-4, Identification cards — Contactless integrated circuit(s) cards — Proximity cards — Part 4:
Transmission protocol
ISO/IEC 19794-2, Information technology — Biometric data interchange formats — Part 2: Finger minutiae
data
ANSI X9.63, Public Key Cryptography For the Financial Services Industry: Key Agreement and Key Transport
th
Using Elliptic Curve Cryptography, January 8 1999
BSI TR-03110 Version 1.11, Advanced Security Mechansims for Machine Readable Travel Documents –
Extended Access Control (EAC)
BSI TR-03111 Version 1.11, Technical Guideline Elliptic Curve Cryptography
ICAO Doc 9303, Machine Readable Travel Documents, Part 3 – Machine Readable Official Travel Documents
– Volume 2 Specifications for Electronically Enabled MRtds with Biometric Identification Capability, Third
Edition, 2008
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
Application Dedicated File (ADF)
structure hosting an application in a card
3.2
root
Master File MF in case of a native operating system, the applet instance having the default selection privilege
in case of a Java card implementation
6

---------------------- Page: 8 ----------------------

SIST-TS CEN/TS 15480-2:2012
CEN/TS 15480-2:2012 (E)
4 Abbreviations
4.1 Abbreviations
ADF Application Dedicated File
AID Application Identifier
AMB Access Mode Byte
AT Authentication Template
ATR Answer to Reset
ATS Answer to Select
BER Basic Encoding Rules
BHT Biometric Header Template
BIT Biometric Information Template
CA Certification Authority
CAR Certification Authority Reference
CCT Cryptographic Checksum Template
CED Certificate Effective Date
CHA Certificate Holder Authorisation
CHR Certificate Holder Reference
CIA Cryptographic Information Application
CPI Certificate Profile Identifier
CRT Control Reference Template
CT Confidentiality Template
CV Card Verifiable
CXD Certificate Expiration Date
DES Data Encryption Standard
DF Dedicated File
DH Diffie Hellman
DOCP Data Object Control Parameters
DST Digital Signature Template
ECDH Elliptic Curve DH
7

---------------------- Page: 9 ----------------------

SIST-TS CEN/TS 15480-2:2012
CEN/TS 15480-2:2012 (E)
ELC Elliptic Curve Cryptosystem
ECDSA Elliptic Curve Digital Signature Algorithm
EF Elementary File
FCI File Control Information
FCP File Control Parameters
HT Hash Template
IAS Identification, Authentication and electronic Signature
ICC Integrated Circuit Card
IFD Interface Device
KAT Control reference template for key agreement
LSB Least Significant Byte
MAC Message Authentication Code
MF Master File
MSE Manage Security Environment
OID Object Identifier
PAN Primary Account Number
PIN Personal Identification Number
PK – DH Public key – Diffie Hellman (asymmetric key base algorithm)
PSO Perform Security Operation
RFU Reserved for Future Use
RSA Rivest Shamir Adleman
SDO Security Data Object
SCB Security Condition Byte
SE Security Environment
SEID Security Environment IDentifier byte
SM Secure Messaging
TLV Tag Length Value
UQB Usage Qualifier Byte
8

---------------------- Page: 10 ----------------------

SIST-TS CEN/TS 15480-2:2012
CEN/TS 15480-2:2012 (E)
4.2 Coding conventions and notation
4.2.1 Coding conventions
The following coding conventions apply throughout the Technical Specification:
‘0’ to ‘9’ and ‘A’ to ‘F’ the sixteen hexadecimal digits;
" . " ASCII-string;
B1 || B2 concatenation of bytes B1 (the most significant byte) and B2 (the least significant byte).
4.2.2 Notation
For private and public keys as well as for certificates the following simplified Backus-Naur notation is used:
::= |
::= ..
::= |
::= PrK
::= PuK
::= |
::= CH
::= | |
::= ICC
::= IFD
::= S
::= | | |

::= AUT
::= KA
::= RA
::= KE
::= ..
::= |
::= C_CV
::= C_X509
9

---------------------- Page: 11 ----------------------

SIST-TS CEN/TS 15480-2:2012
CEN/TS 15480-2:2012 (E)
::= |
EXAMPLES:
1) PrK.ICC.AUT = Private key of the ICC for device authentication;
2) PuK.S.KA = Public key of the sender used for key agreement;
3) C_X509.CH.AUT = Certificate of the card holder for client/server authentication.
In addition, the following notation is used:
K Randomness provided by ICC and IFD used for session key derivation
ICC/IFD
RND.ICC Random number of the ICC
RND.IFD Random number of the IFD
SN.ICC Serial number of the ICC
SN.IFD Serial number of the IFD
5 Data elements and data structures
5.1 Supported data Structures
The European Citizen Card shall support the data structures described in 5.2. These data structures are used
to store externally accessed data (certificates, card serial number, .). Exceptions from this rule, i.e. cases
where data objects are used that can be accessed by a GET DATA command are listed in the description of
the services.
In addition, the card may support further data structures including proprietary structures to handle data as long
as these structures have no effect on the services defined in this Technical Specification, i.e. on the
interoperability. For example, the storage of private and secret keys, the storage of PIN reference data and of
security environments is not defined in this Technical Report. The storage of these entities is out of the scope
of this Technical Specification and implementation specific.
5.2 Access to data structures
5.2.1 File system considerations
The European Citizen Card might embed a virtual machine or be a native operating system.
1) The card may include an MF. The differentiation between cards with or without an MF is based on
the card ATR/ATS or the content of EF.ATR/INFO. See ISO/IEC 7816-4:2005, 8.1 – card service
data byte. Consequently, the card shall include the card service data byte when returning the
ATR/ATS.
2) If an application is selected implicitly, i.e., always selected at the card reset, it has the default
selection privilege. The corresponding AID shall be indicated in the historical bytes or the EF.ATR.
3) The root is the MF or the applet instance having the default selection privilege. This depends on the
card manufacturer implementation choice (native or JavaCard implementation).
4) Three basic file types are supported (refer to ISO/IEC 7816-4 for definitions of EF, DF and ADF):
10

---------------------- Page: 12 ----------------------

SIST-TS CEN/TS 15480-2:2012
CEN/TS 15480-2:2012 (E)
i) transparent EF;
ii) dedicated files DF;
iii) application dedicated files ADF
5) For cards without MF, each applet instance matches with at least one application DF (ADF).
6) All cards shall contain an EF.DIR file.
i) The EF.DIR is always under the root.
ii) The file identifier of EF.DIR is: '2F00', the short EF identifier is 30 = '1E' =11110 bin.
5.3 Answer to reset (ATR) / answer to select (ATS)
5.3.1 General
The ATR of the card shall follow the rules indicated in ISO/IEC 7816-3 and ISO/IEC 7816-4. The ATS of the
card shall follow the rules specified in ISO/IEC 14443-4.
Data objects for card identification shall be provided in the historical data bytes of the ATR/ATS or in an
optional EF.ATR/INFO (see, 5.3.3). In case of ISO/IEC 14443-4 and protocol type B no ATS is available and
for this reason the presence of the EF.ATR/INFO is mandatory in this case.
Table 1 provides the list of data objects which may be supported by the card in the ATR/ATS in the Compact-
TLV format as defined in ISO/IEC 7816-4, Table 2 provides the data objects in EF.ATR/INFO for the BER-TLV
structure. The data objects defined in Table 1 and Table 2 have to be used as given in the tables, these are
not application specific.
5.3.2 Historical bytes
The ATR/ATS contains configuration data so that ICC and IFD can communicate together (protocol, speed,
etc.).
The category indicator as the first historical byte shall be set to the value '00'. Therefore, the last three bytes
shall be a status indicator, i.e. a card life cycle status indicator followed by two status bytes SW1-SW2.
Transmission in historical bytes for the data objects "card service data" and "card capabilities" is mandatory.
For other data objects the decision is left to the card manufacturer.
If a data object from Table 1 is used in the historical bytes the length of the DO shall be used as defined in the
table. Furthermore, the definitions for the coding of content of the data objects given in the table are
mandatory. The coding of further parameters in the content of the data objects is left to the choice of the
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST-TS CEN/TS 17661:2022(Main)
Personal identification – European enrolment guide for biometric ID documents (EEG)
CEN/TS 17661:2021

This technical specification provides guidance on
• capturing of facial images to be used as reference images in identity or similar documents,
• capturing of fingerprint images to be used as reference images in identity or similar documents,
• data quality maintenance for biometric reference data,
• data authenticity maintenance for biometric reference data.
The TS addresses the following aspects which are specific for biometric reference data capturing:
• biometric data quality and interoperability ensurance,
• data authenticity ensurance,
• morphing and other presentation attack detection,
• accessibility and usability,
• privacy and data protection,
• optimal process design.
The following aspects are out of scope:
• IT security,
• data capturing for verification purposes, e.g., in ABC gates.
• self-taken images, although a section on this has been included

  • Technical specification
    73 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 17631:2021(Main)
Personal identification - Biometric group access control
CEN/TS 17631:2021

This technical specification provides guidance on providing access
• To areas with physical access control, e.g., entertainment facilities, train stations, shops, libraries,banks, or border control,
• For small groups of persons, e.g., families with small children or seniors, or other accompanied persons in need of support,
• By means of biometric authentication technologies, e.g., facial, fingerprint, or vein recognition,
• In the European regulatory context.
The TS addresses the following aspects which are specific for biometric and group access:
• Accessibility and usability,
• User guidance including group guidance and interaction control,
• Privacy including data set content,
• Presentation attack detection,
• Applicable biometric technologies,
• Storage of reference data,
• Biometric process integration,
• Specific needs considering biometrics for groups,
• Biometric performance and error rates, and
• Group internal linkage.
The following aspects which reflect on generic access control issues are out of scope:
• IT security,
• Application specific physical security,
• Policy definition,
• Processes not related to biometric authentication, and
• Specific performance requirements of identification (1:N) and verification (1:1) applications.

  • Technical specification
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST ISO/IEC 4909:2021(Main)
Identification cards -- Financial transaction cards -- Magnetic stripe data content for track 3
ISO/IEC 4909:2006

ISO/IEC 4909:2006 establishes specifications for financial transaction cards using track 3 and is intended to permit interchange based on the use of magnetic stripe encoded information. It specifies the data content and physical location of read/write information on track 3 and is to be used in conjunction with the relevant parts of ISO/IEC 7811 and ISO/IEC 7812.
ISO/IEC 4909:2006 recognizes the need for formats of track 3 which can be used independently of, or in conjunction with, track 2 as defined in ISO/IEC 7813. This approach is intended to permit the greatest degree of flexibility within the financial community in facilitating international interchange.
Using track 3 in conjunction with track 2 is a mode of operation in both on-line and off-line interchange environments. This mode of operation requires that the original encoded data on track 2 be read; the data on track 3 be read; and, if update is required, all the data on track 3 be rewritten.
Independent use of track 3 is an alternative mode of operation permitting both on-line interchange and off-line interchange based on mutual agreement between interested parties. It requires reading only of the data on track 3 and, if update is required, the rewriting of all the data on track 3.

  • Standard
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    14 pages
    English language
    sale 15% off
SIST
SIST-TS CEN/TS 17489-1:2020(Main)
Personal identification - Secure and interoperable European Breeder Documents - Part 1: Framework overview
CEN/TS 17489-1:2020

This document provides an overview of a framework on breeder documents. It introduces the document structure of FprCEN/TS 17489 (all parts) that specifies how citizens retain the control of breeder document data and how they can use them to support identity proofing and verification. Moreover, the framework provides methodologies to assess and increase the level of trust in breeder documents.
This framework specifies methods for:
-   defining physical and logical/digital representations of a secure breeder document (hardware based, paper-based, server-based),
-   securing breeder document processes,
-   linking the document to its legitimate holder.
The following types of breeder documents are in the scope of the framework:
-   birth certificates,
-   marriage and partnership certificates,
-   death certificates.
The following breeder documents management processes including first-time application, later-in-life registration of an identity, and content update (e.g. name-changing) are in the scope of this framework:
-   registration,
-   issuance,
-   renewal,
-   inspection/verification,
-   revocation.
The specification of policies is out of scope.

  • Technical specification
    14 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 1332-3:2020(Main)
Identification card systems - User Interface — Part 3: Key pads
EN 1332-3:2020

This European Standard covers the ergonomic layout and usability of keypads. The keypad may consist of numeric, command and function keys and alphanumeric characters. On the basis that keypad layout impacts performance (keying speed, and errors), this European Standard aims to:
-   enhance usability;
-   ensure ease of use through consistency;
-   increase customer confidence;
-   reduce customer error;
-   improve operating time;
-   ensure ergonomic data entry.
This European Standard specifies the arrangement, the number and location of numeric, function and command keys, including placement of alphabetic characters on numeric keys. Design requirements and recommendations are also provided.
This standard applies to all identification card systems with a numeric keypad for use by the public for stationary or non-stationary devices. This standard also covers keypads on touch sensitive devices.

  • Standard
    20 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 16794-1:2019(Main)
Public transport - Communication between contactless readers and fare media - Part 1: Implementation requirements for ISO/IEC 14443
CEN/TS 16794-1:2019

This document constitutes the 3rd edition of CEN/TS 16794 1. It sets out the technical requirements to be met by contactless Public Transport (PT) devices in order to be able to interface together using the ISO/IEC 14443 series contactless communications protocol.
This document applies to PT devices:
-   PT readers which are contactless fare management system terminals acting as a PCD contactless reader based on the ISO/IEC 14443 series;
-   PT objects which are contactless fare media acting as a PICC contactless object based on the ISO/IEC 14443 series.
This edition addresses interoperability of consumer-market NFC mobile devices, compliant to NFC Forum specifications, with above mentioned PT devices, aligns with the 4th edition of the ISO/IEC 14443 series and maintains the possibility for PT readers to comply with the requirements from EMV Contactless Interface Specification [1] and the present document.
An interface–oriented test approach is used to evaluate the conformity of PT devices and is defined in CEN/TS 16794 2.
Application-to-application exchanges executed once contactless communication has been established at RF level fall outside the scope of this document. In line with the rules on independence between OSI protocol layers, this document works on the assumption that application-to-application exchanges are not contingent on the type of contactless communication established or the parameters used for the low-level protocol layers that serve as the platform for these application-to-application exchanges.

  • Technical specification
    38 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 16794-2:2019(Main)
Public transport - Communication between contactless readers and fare media - Part 2: Test plan for ISO/IEC 14443
CEN/TS 16794-2:2019

This document comes as a complement to the technical requirements expressed in CEN/TS 16794-1, for ensuring contactless communication interoperability between Public Transport (PT) devices or between PT devices compliant to CEN/TS 16794-1 and NFC mobiles devices compliant to NFC Forum specifications.
This document lists all the test conditions to be performed on a PT reader or a PT object in order to ensure that all the requirements specified in CEN/TS 16794-1 are met for the PT device under test.
This document applies to PT devices only:
-   PT readers which are contactless fare management system terminals acting as a PCD contactless reader based on the ISO/IEC 14443 series;
-   PT objects which are contactless fare media acting as a PICC contactless object based on the ISO/IEC 14443 series.
This document applies solely to the contactless communication layers described in Parts 1 to 4 of the ISO/IEC 14443 series. Application-to-application exchanges executed once contactless communication has been established at RF level fall outside the scope of this document. However, a test application will be used so as to make end-to-end transactions during tests on the RF communication layer.
This document does not duplicate the contents of the ISO/IEC 14443 series or ISO/IEC DIS 10373-6 standard. It makes reference to the ISO/IEC DIS 10373-6 applicable test methods, specifies the test conditions to be used and describes the additional specific test conditions that may be run.
The list of test conditions applicable to the PT device under test will be conditioned by the Information Conformance Statement (ICS) declaration made by the device manufacturer. For each test case, the test conditions are clearly specified in order to determine the pertinence to run or not the test case in accordance with the device capabilities or in accordance with the device manufacturer’s choice.
In order to facilitate the test report issuance, a test report template is included in Annex A of this document.
Although this document aims at becoming the primary basis for certification of contactless communication protocol applicable to PT readers and PT objects, it does not describe any certification or qualification processes as such processes should be defined between local or global transit industry stakeholders.

  • Technical specification
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 17054:2019(Main)
Biometrics multilingual vocabulary based upon the English version of ISO/IEC 2382-37:2012
EN 17054:2019

This European Standard establishes a systematic description of the concepts in the field of biometrics pertaining to recognition of human beings and reconciles variant terms in use in pre-existing biometric standards against the preferred terms, thereby clarifying the use of terms in this field.
Excluded from the scope of this document are concepts (represented by terms) from information technology, pattern recognition, biology, mathematics, etc. Biometrics uses such fields of knowledge as a basis.
In principle, mode specific terms are outside the scope of this European Standard.
Words in bold are defined in this document. Words that are not in bold are to be understood in their natural language sense. The authority for natural language use of terms in this document is the Concise Oxford English Dictionary (COD), Thumb Index Edition (tenth edition, revised, 2002). Words used in their natural language sense are considered out-of-scope for further definition in this document.

  • Standard
    76 pages
    English, French and German language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    77 pages
    English, French and German language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 17261:2019(Main)
Biometric authentication for critical infrastructure access control - Requirements and Evaluation
CEN/TS 17261:2018

The technical specification
i) Specifies design, performance and attack resistance requirements for biometric systems used as part of an automated access control system protecting access to Critical Infrastructure (defined in Council directive 2008 /114 / EC)
ii) Describes methodologies for evaluation of biometric access control products against these requirements

  • Technical specification
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 17262:2019(Main)
Personal identification - Robustness against biometric presentation attacks - Application to European Automated Border Control
CEN/TS 17262:2018

This Technical Specification is an application profile for the International Standard ISO/IEC 30107 Biometric presentation attack detection. It provides best practice recommendations for the implementation of Automated Border Control (ABC) systems in Europe.
Presentation Attack Detection (PAD) is addressed for facial and fingerprint recognition.
The biometric reference data can be stored in electronic Machine Readable Travel Documents (eMRTD) and/or EU Visa Information System (VIS).
The TS covers the robustness of the system, privacy and data protection aspects, usability and acceptance as well as countermeasures including their evaluation from the Biometrics perspective. Enrolment, issuance and verification applications of eMRTD other than border control are not in scope.

  • Technical specification
    23 pages
    English language
    sale 10% off
    e-Library read for
    1 day