SIST-TS CEN/TS 15480-4:2012

SLOVENSKI STANDARD
SIST-TS CEN/TS 15480-4:2012
01-maj-2012
6LVWHPL]LGHQWLILNDFLMVNLPLNDUWLFDPL.DUWLFDHYURSVNLKGUåDYOMDQRYGHO
3ULSRURþLOD]DL]GDMDQMHGHORYDQMHLQXSRUDERNDUWLFHYURSVNLKGUåDYOMDQRY
Identification card systems - European Citizen Card - Part 4: Recommendations for
European Citizen Card issuance, operation and use
Identifikationskartensysteme - Europäische Bürgerkarte - Teil 4: Empfehlungen für
Ausgabe, Arbeitsweise und Benutzung der Europäischen Bürgerkarte
Systèmes de cartes d’identification - Carte Européenne du Citoyen - Partie 4:
Recommandations pour l’émission, l’exploitation et l’utilisation de la Carte Européenne
du Citoyen
Ta slovenski standard je istoveten z: CEN/TS 15480-4:2012
ICS:
35.240.15 Identifikacijske kartice in Identification cards and
sorodne naprave related devices
SIST-TS CEN/TS 15480-4:2012 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST-TS CEN/TS 15480-4:2012

---------------------- Page: 2 ----------------------

SIST-TS CEN/TS 15480-4:2012


TECHNICAL SPECIFICATION
CEN/TS 15480-4

SPÉCIFICATION TECHNIQUE

TECHNISCHE SPEZIFIKATION
March 2012
ICS 35.240.15
English Version
Identification card systems - European Citizen Card - Part 4:
Recommendations for European Citizen Card issuance,
operation and use
Systèmes de cartes d'identification - Carte Européenne du Identifikationskartensysteme - Europäische Bürgerkarte -
Citoyen - Partie 4: Recommandations pour l'émission, Teil 4: Empfehlungen für Ausgabe, Arbeitsweise und
l'exploitation et l'utilisation de la Carte Européenne du Benutzung der Europäischen Bürgerkarte
Citoyen
This Technical Specification (CEN/TS) was approved by CEN on 23 January 2012 for provisional application.

The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their
comments, particularly on the question whether the CEN/TS can be converted into a European Standard.

CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available
promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS)
until the final decision about the possible conversion of the CEN/TS into an EN is reached.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland,
Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.





EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2012 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TS 15480-4:2012: E
worldwide for CEN national Members.

---------------------- Page: 3 ----------------------

SIST-TS CEN/TS 15480-4:2012
CEN/TS 15480-4:2012 (E)
Contents Page
Foreword .5
1 Scope .6
2 Normative references .6
3 Abbreviations .6
4 General recommendations on card issuance and operational procedures .7
4.1 Initial considerations for an ECC project .7
4.2 ECC Management System and ECC lifecycle description .9
4.3 ECC Management System functional organization . 11
4.4 ECC Management System Architecture . 12
4.4.1 General principles. 12
4.4.2 ARIS: Application Registration and Issuance Subsystem . 13
4.4.3 IVAS: Identity Authentication and Verification Subsystem . 14
4.5 ECC Management System Security Policy . 14
4.5.1 Common principles . 14
4.5.2 Establishing Detailed Security Requirements for specific ECC profiles – Data Access . 15
4.5.3 Basic set of requirements for ECC Digital Signature. 16
5 Recommendations with regard to the end user . 17
5.1 Privacy principles for card issuance and operation . 17
5.1.1 General . 17
5.1.2 Protection of the data . 18
5.1.3 Transparency . 18
5.1.4 Consent in data collection . 18
5.1.5 Preference for opt-in . 18
5.1.6 Limitation of purpose . 18
5.1.7 Limitation of period of retention . 18
5.1.8 Adherence to performance criteria . 18
5.1.9 Access rights of the data subject . 18
5.1.10 Secure audit . 18
5.1.11 Data transfer between jurisdictions . 18
5.2 Accessibility . 19
5.3 Usability . 20
5.3.1 Introduction . 20
5.3.2 Usability and the physical environment . 20
5.3.3 Location . 20
5.3.4 Ease of use . 21
5.3.5 Help . 21
5.3.6 Further issues . 21
6 Privacy features of the ECC . 21
7 ECC security evaluation . 22
7.1 General . 22
7.2 Digital signature services . 22
7.3 Other services provided by an ECC. 23
7.3.1 General . 23
7.3.2 Security evaluation recommendations . 23
7.3.3 Security criteria for interoperability . 23
8 Card profiles for the ECC . 25
8.1 General . 25
8.2 User accessibility profile . 26
8.3 Card profile template . 26
2

---------------------- Page: 4 ----------------------

SIST-TS CEN/TS 15480-4:2012
CEN/TS 15480-4:2012 (E)
8.3.1 General . 26
8.3.2 User accessibility profile . 26
8.3.3 Card durability requirements . 27
8.3.4 Card layout requirements . 27
8.3.5 Applications . 27
8.3.6 Selected card services . 27
8.3.7 Card Info . 27
8.3.8 Cross application services . 27
8.3.9 References . 28
8.4 Identification scheme for ECC profiles . 28
8.4.1 Card profile . 28
8.4.2 User accessibility profile . 28
Annex A (informative) Card profiles . 29
A.1 General . 29
A.2 Card Profile 1: eID Application with mandatory ICAO functionality and conditional digital
signature functionality . 29
A.2.1 OID . 29
A.2.2 General . 29
A.2.3 Applications . 29
A.2.4 Selected card services . 30
A.2.5 Card Info . 30
A.2.6 Cross application services . 31
A.2.7 References . 31
A.3 Card Profile 2: Dual-chip card with respective eID and ICAO Application . 32
A.3.1 OID . 32
A.3.2 General . 32
A.3.3 Applications . 32
A.3.4 Selected card services for ICAO application . 32
A.3.5 References . 33
A.4 Card Profile 3: eServices using a trusted Third Party . 34
A.4.1 OID . 34
A.4.2 General . 34
A.4.3 Applications . 34
A.4.4 Selected card services . 34
A.4.5 References . 34
A.5 Card Profile 4: Health Insurance Card . 35
A.5.1 OID . 35
A.5.2 General . 35
A.5.3 Applications . 35
A.5.4 Selected card services . 35
A.5.5 References . 35
A.6 Card Profile 5: Mono-application / Multi-service . 36
A.6.1 OID . 36
A.6.2 General . 36
A.6.3 Card durability requirements . 36
A.6.4 Applications . 36
A.6.5 Selected card services . 36
A.6.6 References . 39
Annex B (informative) User accessibility profile . 40
B.1 General . 40
B.2 User accessibility profile according to ISO/IEC 12905:2011 . 40
B.2.1 OID . 40
B.2.2 General . 40
B.2.3 Interfaces / transport protocols . 40
B.2.4 Data elements and data structures . 41
B.2.5 Card services . 42
B.2.6 Command set . 42
B.2.7 Data structure of Global UCI . 43
3

---------------------- Page: 5 ----------------------

SIST-TS CEN/TS 15480-4:2012
CEN/TS 15480-4:2012 (E)
B.2.8 Data structure of Local UCI . 43
B.2.9 References . 43
Annex C (informative) Reference documents . 44
C.1 EU legal acts . 44
C.2 Security documents . 44
C.3 Technical standards (non-normative references) . 44
C.4 Other relevant documents . 45

4

---------------------- Page: 6 ----------------------

SIST-TS CEN/TS 15480-4:2012
CEN/TS 15480-4:2012 (E)
Foreword
This document (CEN/TS 15480-4:2012) has been prepared by Technical Committee CEN/TC 224 “Personal
identification, electronic signature and cards and their related systems and operations”, the secretariat of
which is held by AFNOR.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights.
CEN/TS 15480 "Identification card systems — European Citizen Card" consists of the four following parts:
Part 1: Physical, electrical and transport protocol characteristics;
Part 2: Logical data structures and card services;
Part 3: European Citizen Card Interoperability using an application interface;
Part 4: Recommendations for European Citizen Card issuance, operation and use.
According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following
countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus,
Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia,
Spain, Sweden, Switzerland, Turkey and the United Kingdom.

5

---------------------- Page: 7 ----------------------

SIST-TS CEN/TS 15480-4:2012
CEN/TS 15480-4:2012 (E)
1 Scope
CEN/TS 15480-4 recommends card issuance and operational procedures including citizens' registration.
CEN/TS 15480-4 gives recommendations with regard to the end-user e.g. with respect to privacy and
accessibility aspects.
CEN/TS 15480-4 also identifies a set of standard ECC card profiles (e.g. National ID Card, Health Card, Card
issued by a Municipality), that can be used as basis for the specification of new ECC projects.
For each profile, this Technical Specification uses a specified template which
 selects a subset of technical requirements from CEN/TS 15480-1, CEN/TS 15480-2:2011 and
CEN/TS 15480-3:2010.
 considers the operation of the ECC in its particular environment.
The target audience of CEN/TS 15480-4 is the card issuer.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
CEN/TS 15480-1, Identification card systems — European Citizen Card — Part 1: Physical, electrical and
transport protocol characteristics
CEN/TS 15480-2:2011, Identification card systems — European Citizen Card — Part 2: Logical data
structures and card services
CEN/TS 15480-3:2010, Identification card systems — European Citizen Card — Part 3: European Citizen
Card Interoperability using an application interface
ISO/IEC 12905:2011, Integrated circuit cards — Enhanced Terminal Accessibility using cardholder preference
interface
3 Abbreviations
For the purposes of this document, the following abbreviations apply.
ARIS Applicant Registration and Issuance System
ECC European Citizen Card
EMS ECC management system
ID card Identification Card
IVAS Identity Authentication and Verification System
MRTD Machine Readable Travelling Document
PKI Public Key Infrastructure
6

---------------------- Page: 8 ----------------------

SIST-TS CEN/TS 15480-4:2012
CEN/TS 15480-4:2012 (E)
4 General recommendations on card issuance and operational procedures
4.1 Initial considerations for an ECC project
CEN/TS 15480-4 does not aim at providing an overall solution on how to design and run a complete EMS.
It provides some guidance to overcome common challenges that the organisations responsible for the
conception and management of the system are likely to face, including the following issues.
 Clear identification of the main purposes of the system and of the nature of the assets to be protected
shall lead to the early definition of the security policy to run the system
The ECC may be issued for different purposes: it can act for example as a national ID card, travelling
card, e-government or health insurance card. Following its intended purpose, the EMS main purpose can
diverge: to enhance security, to increase efficiency in the provision of services, to reduce identity fraud or
to cut expenses by establishing a system of privileges upon card and user's authentication. It is assumed
that privacy protection is a common objective. The use cases will define the applications to be selected by
the card. In this Technical Specification, use cases translate into ECC profiles (see Annex A), that
precisely describe card security mechanisms.
The practical work of the project can be summarized in the next four points:
 the analysis of risks based on the ECC use case;
 the definition of security policies to minimize the impact of those risks;
 the integration of those security policies within a modular architectural framework;
 the choice of technologies for implementation of the modules and of the communication interfaces
between the system components.
 A secure, trusted and cost-effective scheme should be carefully studied in order to make the appropriate
decisions for the inevitable trade-offs in terms of security / cost and security / privacy.
The ECC provisions have been specified having in mind the system integrator once the system objectives
have been set. For instance CEN/TS 15480-3:2010 provides guidance in relation with the key choices
relative to the physical and logical distributions of functionalities, the security architecture model and the
definition of interfaces for interoperability. The architectures proposed in this Technical Specification, are
aimed at avoiding unnecessary system complexity.
 An early decision is the sharing of the security functions between the components of the EMS and the
type of e-government services to be provided and their associated risks. Then there are two key issues:
 to identify the case for strong authentication requiring access to card services;
 to grant access or not to these services by cardholders external to the domestic system. Then to set
the access conditions.
Cross-Border access represents a case for strong authentication. The scheme can be able to trust a non-
domestic e-identity with a similar level of confidence to that of an e-identity issued by the system itself.
Transparent access to an e-government server, using the ECC as an authenticator, requires some
degree of harmonization between the infrastructures. This Technical Specification encourages
deployment of middleware-based access to services according to CEN/TS 15480-3:2010 provisions. This
architecture is intended to support the interoperability of electronic identity credentials.
Clearing and settlement infrastructures for cross-border e-government services are out of the scope of
this Technical Specification.
7

---------------------- Page: 9 ----------------------

SIST-TS CEN/TS 15480-4:2012
CEN/TS 15480-4:2012 (E)
 Trust on e-identity requires confidence on the enrolment and issuance processes through, for instance,
the use of the same or similar practices.
A set of recommendations is provided in 4.4.2 ff. The EMS should be constructed of separate modules.
Each module performs its own function. The solution should be device/equipment independent so that
personalization equipments from several machinery suppliers may be considered.
One way to capitalize past investment is by the introduction of a module in the enrolment subsystem able
to authenticate and read an electronic document (as an electronic passport) in order to verify the
applicant’s identity at the beginning of the enrolment process
At present, limited harmonization exists at European level and significant differences remain between EU
Member States about privacy requirements. ID card issuance and operation is at present under national
laws that can differ substantially. Notice as well the lack of legal basis for the cross-border recognition of
electronic identities.
However, EU legislation might be relevant for the ECC which regards the following:
 data protection during the personal data capture, personalisation, issuance, and operational process,
including card renewal. Subclauses 5.1 ff. introduce this issue;
 the core identification, authentication and digital signature supported by the card that shall comply
with European Directive 1999/93/EC [2];
 the services provided by the card: The ECC is intended to facilitate access to cross-border shared e-
Government services as well as to simplify and strengthen the right of free movement and residence
of all EU citizens. In that respect, references to the European Directive 2006/123/EC [5] as well as to
the European Directive 2004/38/EC [4] are relevant.
Performing an EMS Private Impact Assessment can help to early identify potentially conflict
...