iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST EN 14890-2:2009

(Main)

Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services

Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services

Part 2 of this series contains Identification, Authentication and Digital Signature (IAS) services in addition to the SSCD services already described in Part 1 to enable interoperability and usage for IAS on a national or European level.
This part describes additional functionality to support generic Identification, Authentication and Digital Signature (IAS) services. It contains the functionality of Part 2 of CEN CWA 14890. This covers key decipherment and client (card holder) server authentication, signature verification and related cryptographic token information.
-   Additionally this document is enhanced in respect to
-   Client-Server (C/S) Authentication Protocols with ELC and their description in DF.CIA
-   Identity management on base of C/S Authentication
-   Card capability description and Application Capability Description
The following items are out of scope:
1.   The physical, electrical and transport protocol characteristics of the card,
2.   The error handling process.

Anwendungsschnittstelle für Smartcards als sichere Signaturerstellungseinheiten - Teil 1: Basisdienste

Teil 2 dieser Reihe enthält zusätzlich zu den bereits in Teil 1 beschriebenen Diensten Dienste zur
Identifizierung, Authentisierung und Signaturerstellung (IAS), um die Interoperabilität und Verwendung von
IAS auf nationaler bzw. europäischer Ebene zu ermöglichen.
Dieser Teil beschreibt zusätzliche Funktionen zur Unterstützung von Diensten zur generischen Identifizierung,
Authentisierung und Signaturerstellung (IAS). Er enthält die Funktionen von CEN CWA 14890, Teil 2. Dazu
gehören Schlüsseldechiffrierung und Client/Server-Authentisierung (wobei der Client der Karteninhaber ist),
Signaturüberprüfung sowie zugehörige kryptographische Tokeninformationen.
Darüber hinaus weist das vorliegende Dokument in folgenden Bereichen Ergänzungen auf:
- Protokolle für Client/Server-Authentisierung (C/S-Authentisierung) mit ELC und deren Beschreibung in
DF.CIA;
- Identitätsverwaltung auf der Grundlage der C/S-Authentisierung;
- Beschreibung von Kartenfähigkeit und Anwendungsfähigkeit.
Folgende Aspekte liegen außerhalb des Anwendungsbereichs dieser Norm:
1) die physikalischen, elektrischen und transportprotokollbezogenen Merkmale der Karte;
2) der Prozess der Fehlerhandhabung.

Interfaces applicatives des cartes à puce utilisées pour le création de signatures électroniques sécurisées - Partie 2: Services additionels

La partie 2 comprend les services IAS (Identification, Authentification et Signature numérique) en plus des services SSCD déjà décrits dans la partie 1 pour permettre l’interopérabilité et l’utilisation pour IAS au niveau national ou européen.
Cette partie décrit la fonctionnalité supplémentaire permettant de prendre en charge les services IAS (Identification, Authentification et Signature numérique) génériques. Elle comprend la fonctionnalité de la partie 2 de CEN CWA 14890. Celle-ci couvre le déchiffrement de clé et l’authentification client (détenteur de carte) / serveur, la vérification de signature et les informations associées sur les jetons de cryptographie.
   En outre, ce document a été amélioré eu égard aux
   protocoles d’authentification Client-Serveur (C/S) avec ELC et leur description dans DF.CIA
   Gestion des identités sur la base de l’authentification C/S
   Description des capacités de carte et description de capacités d’application
Les éléments suivants ne sont pas inclus :
1.   Les caractéristiques physiques, électriques et de protocole de transport de la carte,
2.   La méthode de traitement des erreurs.

Uporabniški vmesnik za pametne kartice, ki se uporabljajo kot naprave za izdelovanje varnega podpisa - 2. del: Dodatne storitve

General Information

Status
Withdrawn
Publication Date
23-Mar-2009
Withdrawal Date
03-Feb-2015
ICS
35.240.15 - Identification cards. Chip cards. Biometrics
Technical Committee
ITC - Information technology
Current Stage
9900 - Withdrawal (Adopted Project)
Start Date
16-Jan-2015
Due Date
08-Feb-2015
Completion Date
04-Feb-2015
Ref Project
EN 14890-2:2008 - Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services

Relations

Replaced By
SIST EN 419212-2:2015 - Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services
Effective Date
17-Dec-2014

Buy Standard

EN 14890-2:2009EN 14890-2:2009
PreviousNext
Standard
EN 14890-2:2009
English language
78 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Uporabniški vmesnik za pametne kartice, ki se uporabljajo kot naprave za izdelovanje varnega podpisa - 2. del: Dodatne storitveAnwendungsschnittstelle für Smartcards als sichere Signaturerstellungseinheiten - Teil 1: BasisdiensteInterfaces applicatives des cartes à puce utilisées pour le création de signatures électroniques sécurisées - Partie 2: Services additionelsApplication Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services35.240.15Identifikacijske kartice in sorodne napraveIdentification cards and related devicesICS:Ta slovenski standard je istoveten z:EN 14890-2:2008SIST EN 14890-2:2009en,fr,de01-april-2009SIST EN 14890-2:2009SLOVENSKI
STANDARD



SIST EN 14890-2:2009



EUROPEAN STANDARDNORME EUROPÉENNEEUROPÄISCHE NORMEN 14890-2November 2008ICS 35.240.15Supersedes CWA 14890-2:2004
English VersionApplication Interface for smart cards used as Secure SignatureCreation Devices - Part 2: Additional ServicesInterface d'application des cartes intelligentes utiliséescomme dispositifs sûrs de création de signature - Partie 2 :Services complémentairesAnwendungsschnittstelle für Chipkarten, die zur Erzeugungqualifizierter elektronischer Signaturen verwendet werden -Teil 2: Zusätzliche DiensteThis European Standard was approved by CEN on 5 October 2008.CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this EuropeanStandard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such nationalstandards may be obtained on application to the CEN Management Centre or to any CEN member.This European Standard exists in three official versions (English, French, German). A version in any other language made by translationunder the responsibility of a CEN member into its own language and notified to the CEN Management Centre has the same status as theofficial versions.CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland,France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal,Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom.EUROPEAN COMMITTEE FOR STANDARDIZATIONCOMITÉ EUROPÉEN DE NORMALISATIONEUROPÄISCHES KOMITEE FÜR NORMUNGManagement Centre: rue de Stassart, 36
B-1050 Brussels© 2008 CENAll rights of exploitation in any form and by any means reservedworldwide for CEN national Members.Ref. No. EN 14890-2:2008: ESIST EN 14890-2:2009



EN 14890-2:2008 (E) 2 Contents Page Foreword.5 1 Scope.6 2 Normative references.7 3 Terms and definitions.8 4 Abbreviations and notation.9 5 Additional Service Selection.11 6 Client/Server Authentication.13 6.1 General.13 6.2 Client/Server protocols.13 6.3 Steps preceding the client/server authentication.13 6.4 Padding format.14 6.4.1 PKCS #1 v 1-5.14 6.4.2 DSI according to PKCS #1 V 2.x (PSS).15 6.5 Client/Server protocol.16 6.5.1 General.16 6.5.2 Step 1 — Read certificate.17 6.5.3 Step 2 — Set signing key for client/server internal authentication.17 6.5.4 Step 3 — Internal authentication.19 6.5.5 Client/Server authentication execution flow.20 6.5.6 Command data field for the client server authentication.22 7 Role Authentication.23 7.1 Role Authentication of the card.23 7.2 Role Authentication of the server.23 7.3 Symmetrical external authentication.23 7.3.1 Protocol.23 7.3.2 Role description.26 7.4 Asymmetric external authentication.26 7.4.1 Protocol based on RSA.26 7.4.2 Role description.29 8 Encryption Key Decipherment.30 8.1 Steps preceding the key decryption.31 8.2 Key Management with RSA.31 8.2.1 General.31 8.2.2 OAEP padding.31 8.2.3 Execution flow.32 8.3 Diffie-Hellman key exchange.34 8.3.1 General.34 8.3.2 Execution flow.36 8.4 Algorithm Identifier for DECIPHER.37 9 Signature verification.39 9.1 Signature verification execution flow.39 9.1.1 Step 1: Receive Hash.40 9.1.2 Step 2: Select verification key.41 9.1.3 Step 3: Verify digital signature.42 10 Certificates for additional services.43 10.1 File structure.43 10.2 EF.C.CH.AUT.44 10.3 EF.C.CH.KE.44 SIST EN 14890-2:2009



EN 14890-2:2008 (E) 3 10.4 Reading Certificates and the public key of CAs.44 11 APDU data structures.45 11.1 Algorithm Identifiers.45 11.1.1 AlgIDs for Client/Server authentication.45 11.1.2 Algorithm Identifier for DECIPHER.45 11.2 CRTs.46 11.2.1 CRT DST for selection of ICC’s private client/server auth. key.46 11.2.2 CRT AT for selection of ICC’s private client/server auth. key.46 11.2.3 CRT CT for selection of ICC’s private key.47 11.2.4 CRT CT for selection of ICC’s DH encryption key.47 11.2.5 CRT DST for selection of IFD’s public key (signature verification).47 Annex A (normative)
Security Service Descriptor Templates.48 A.1 Introduction.48 A.2 Security Service Descriptor Concept.48 A.3 SSD Data Objects.49 A.3.1 DO Extended Header List, tag ‘4D’.49 A.3.2 DO Instruction set mapping (ISM), tag ‘80’.49 A.3.3 DO Command to perform (CTP), tag ‘52’ (refer to ISO/IEC 7816-6).49 A.3.4 DO Algorithm object identifier (OID), tag ‘06’ (refer to ISO/IEC 7816-6).49 A.3.5 DO Algorithm reference, tag ‘81’.49 A.3.6 DO Key reference, tag ‘82’.50 A.3.7 DO FID key file, tag ‘83’.50 A.3.8 DO Key group, tag ‘84’.50 A.3.9 DO FID base certificate file, tag ‘85’.50 A.3.10 DO FID adjoined certificate file, tag ‘86’.50 A.3.11 DO Certificate reference, tag ‘87’.50 A.3.12 DO Certificate qualifier, tag ‘88’.50 A.3.13 DO FID for file with public key of the certification authority PK(CA), tag ‘89’.50 A.3.14 DO PIN usage policy, tag ‘5F2F’.50 A.3.15 DO PIN reference, tag ‘8A’.51 A.3.16 DO Application identifier (AID), tag ‘4F’ (refer to ISO/IEC 7816-6).51 A.3.17 DO CLA coding, tag ‘8B’.51 A.3.18 DO Status information (SW1-SW2), tag ‘42’ (refer to ISO/IEC 7816-6).51 A.3.19 DO Discretionary data, tag ‘53’ (refer to ISO/IEC 7816-6).51 A.3.20 DO SE number, tag ‘8C’.52 A.3.21 DO SSD profile identifier, tag ‘8D’.52 A.3.22 DO FID mapping, tag ‘8E’.52 A.4 Location of the SSD templates.52 A.5 Examples for SSD templates.52 Annex B (informative)
Key and signature formats for elliptic curves over prime fields GF(p).54 B.1 General.54 B.2 Elliptic curve parameters.54 B.3 Public key point.55 B.4 ECDSA signature format.55 Annex C (informative)
Security environments.56 C.1 Introduction.56 C.2 Definition of CRTs (examples).57 C.2.1 General.57 C.2.2 CRT for Authentication (AT).58 C.2.3 CRT for Cryptographic Checksum (CCT).59 C.2.4 CRT for Digital Signature (DST).60 C.2.5 CRT for confidentiality (CT).61 C.3 Security Environments (example).62 C.3.1 General.62 C.3.2 Security Environment #10.62 C.3.3 Security Environment #11.62 C.4 Coding of access conditions (example).63 SIST EN 14890-2:2009



EN 14890-2:2008 (E) 4 C.4.1 General.63 C.4.2 Access Conditions.64 C.4.3 Access rule references.64 C.4.4 Access conditions for EF.ARR.66 C.4.5 EF.ARR records.66 Annex D (informative)
Interoperability aspects.69 D.1 General.69 D.2 Choosing device authentication.69 D.2.1 General.69 D.2.2 Signature generation flow with possible processing options.71 D.3 Choosing User verification method.72 Annex E (informative)
Example of DF.CIA.73 Bibliography.78
SIST EN 14890-2:2009



EN 14890-2:2008 (E) 5 Foreword This document (EN 14890-2:2008) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by DIN. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by May 2009, and conflicting national standards shall be withdrawn at the latest by May 2009. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN [and/or CENELEC] shall not be held responsible for identifying any or all such patent rights. This document supersedes CWA 14890-2:2004. This European Standard is to support the robust implementation of the European legal framework for electronic signatures. It incorporates CEN CWA 14890 Parts 1 and
2, defining the functional and security requirements for a smart card intended to be used as a Secure Signature Creation Device. This is in accordance with the Terms of the European Directive on Electronic Signature 1999/93, whereby a card compliant to the standard shall be able to produce a 'Qualified electronic signature' that fulfils the requirements of Article 5.1 of the Electronic Signature Directive, therefore giving it the equivalent status of a hand-written signature.
This standard additionally provides generic Identification, Authentication and Digital Signature (IAS) services and contains all additional cryptographic services specified in CEN CWA 14890 Part 2. The standard enables the development of interoperable cards issued by any card industry sector. The standard also describes an application interface and behaviour of the SSCD that should be possible to be implemented on native and interpreter based cards. The standard is compliant with other European standards developed in the framework of the European Directive 1999/93. This European Standard Application Interface for smart cards used as Secure Signature Creation Devices consists of two parts:  Part 1: “Basic Services” describes the mandatory specifications for an SSCD as part of generic IAS Services to be used in compliance to requirements of Article 5.1 of the Electronic Signature Directive [5].
 Part 2: “Additional Services” describes remaining services for IAS. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and the United Kingdom.
SIST EN 14890-2:2009



EN 14890-2:2008 (E) 6 1 Scope Part 2 of this series contains Identification, Authentication and Digital Signature (IAS) services in addition to the SSCD services already described in Part 1 to enable interoperability and usage for IAS on a national or European level. This part describes additional functionality to support generic Identification, Authentication and Digital Signature (IAS) services. It contains the functionality of Part 2 of CEN CWA 14890. This covers key decipherment and client (card holder) server authentication, signature verification and related cryptographic token information.  Additionally this document is enhanced in respect to  Client-Server (C/S) Authentication Protocols with ELC and their description in DF.CIA  Identity management on base of C/S Authentication  Card capability description and Application Capability Description The following items are out of scope: 1. The physical, electrical and transport protocol characteristics of the card, 2. The error handling process. SIST EN 14890-2:2009



EN 14890-2:2008 (E) 7 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 7816-4:2005, Identification cards — Integrated circuit cards — Part 4: Organization, security and commands for interchange ISO/IEC 7816-8:2004, Identification cards — Integrated circuit cards — Part 8: Commands for security operations ISO/IEC 7816-9:2004, Identification cards —- Integrated circuit cards —- Part 9: Commands for card management EN 14890-1:2008, Application Interface for smart cards used as Secure Signature Creation Devices — Basic Services ISO/IEC 15946, Information Technology — Security techniques — Cryptographic techniques based on elliptic curves
SIST EN 14890-2:2009



EN 14890-2:2008 (E) 8 3 Terms and definitions For the purposes of this document the terms and definitions given in ISO/IEC 7816-4:2005 and the following apply. 3.1 C/S external authentication authentication of the server by the client. The client is regarded as the combination of the PC and the ICC. This external authentication is out of the scope of this specification 3.2 C/S internal authentication authentication of the client by the server. The client is regarded as the combination of the PC and the ICC 3.3 IFD device or entity that belongs to the external world (outside the ICC) 3.4 Secured channel communication link between the ICC and a security module (possibly also an ICC) that provides authenticity and/or integrity and/or secrecy SIST EN 14890-2:2009



EN 14890-2:2008 (E) 9 4 Abbreviations and notation The abbreviations and notation is in accordance with those given in [1]. APDU Application protocol data unit ARR Access Rule Record AT CRT for Authentication C/S Client-Server CA Certificate authority CC Cryptographic checksum CCT Cryptographic checksum template CIA Cryptographic information application CMS Card Management System CRT Control Reference Template CT Confidentiality Template D[key](msg) Decipherment of with DES-3 Data Encryption Standard (Triple DES) DF Dedicated File DH Diffie-Hellman DO Data Object DS Digital Signature DSI Digital Signature Input DST CRT for Digital Signature E[key](msg) Encipherment of with EF Elementary File
FCI File Control Information FCP File Control Parameters H_ Hash function using algorithm ICC Integrated Circuit(s) Card ID Identifier IFD Interface Device INS Instruction byte KE Key Encipherment KEI Key Encipherment Input Format KID Key Identifier MD5 Message Digest 5 (hash algorithm)
MF Master File OAEP Optimal Asymmetric Encryption Padding P1-P2 Parameter bytes PI Padding Indicator SIST EN 14890-2:2009



EN 14890-2:2008 (E) 10 PKI Public Key Infrastructure PKCS Public Key Cryptography Standards PrK Private Key PSO PERFORM SEC. OPERATION PSS Probabilistic Signature Scheme PuK Public Key RCA RootCA RFU Reserved for Future Use RND Random number SE Security Environment SFI Short File Identifier SHA Secure Hash Algorithm SK Secret Key SM Secure Messaging SN Serial Number SSCD Secure Signature Creation Device SSD Secure Service Descriptor UQB Usage Qualifier SIST EN 14890-2:2009



EN 14890-2:2008 (E) 11 5 Additional Service Selection Additional services are typically used in the context of applications that use digital signatures. A well known additional service is the client/server authentication. In this case, the ICC is used as a crypto toolbox, e.g. in order to encrypt a challenge with a private key, being stored in the ICC. This is particularly helpful in applications, where a tamper resistant device is required for client/server authentication. An ICC does have the tamper resistant quality and may therefore be used efficiently to support the application in this context. A document decryption is another known service which may be performed by the IFD. A terminal application receives a document, typically encrypted with a symmetric key. The symmetric key is also encrypted with another public key. The ICC contains the appropriate private key, deciphers the symmetric key and returns it to the terminal application. While the typical usage of a signature card is the generation of a digital signature, an application might want to verify a signature with a public key, being stored in the ICC. In this case an additional service is invoked for the signature verification. Additional services provided in the ICC mandate the existence of an appropriate security environment. Associated security environments are described in Annex C. In addition to the descriptive information found in DF.CIA (refer to EN 14890-1:2008, Clause 16) information might be required that can be presented in Security Service Descriptors. The concept of security service descriptors is described in Annex A. User verification may be required prior to the usage of additional services. The password for this user verification shall be different from the password used for the signature generation. This is to maintain the purpose of the signature generation password for the sole purpose of a ‘declaration of will’ in the case of a signature generation. SIST EN 14890-2:2009



EN 14890-2:2008 (E) 12 Security ServicesICC/IFD -Device authenticationRead Display MsgRESETSelection of ESIGN applicationSelect/Read Cryptographic Infomation ObjectsUser VerificationBasic Signature ServicesAdditionalServicesRead DS-Certificate(s)Digital Signature ComputationDeactivation of ESIGN applicationCommands with Secure MessagingReadSN.ICCSelection of other applicationUser VerificationAdditional ServicesRead Security Service Descriptors Figure 1 — Example of additional service selection Figure 1 shows the selection of additional services in the context of the ESIGN application. User verification might be required for some of the additional services. The detailed access conditions are described in the appropriate security environments. SIST EN 14890-2:2009



EN 14890-2:2
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST-TS CEN/TS 17661:2022(Main)
Personal identification – European enrolment guide for biometric ID documents (EEG)
CEN/TS 17661:2021

This technical specification provides guidance on
• capturing of facial images to be used as reference images in identity or similar documents,
• capturing of fingerprint images to be used as reference images in identity or similar documents,
• data quality maintenance for biometric reference data,
• data authenticity maintenance for biometric reference data.
The TS addresses the following aspects which are specific for biometric reference data capturing:
• biometric data quality and interoperability ensurance,
• data authenticity ensurance,
• morphing and other presentation attack detection,
• accessibility and usability,
• privacy and data protection,
• optimal process design.
The following aspects are out of scope:
• IT security,
• data capturing for verification purposes, e.g., in ABC gates.
• self-taken images, although a section on this has been included

  • Technical specification
    73 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 17631:2021(Main)
Personal identification - Biometric group access control
CEN/TS 17631:2021

This technical specification provides guidance on providing access
• To areas with physical access control, e.g., entertainment facilities, train stations, shops, libraries,banks, or border control,
• For small groups of persons, e.g., families with small children or seniors, or other accompanied persons in need of support,
• By means of biometric authentication technologies, e.g., facial, fingerprint, or vein recognition,
• In the European regulatory context.
The TS addresses the following aspects which are specific for biometric and group access:
• Accessibility and usability,
• User guidance including group guidance and interaction control,
• Privacy including data set content,
• Presentation attack detection,
• Applicable biometric technologies,
• Storage of reference data,
• Biometric process integration,
• Specific needs considering biometrics for groups,
• Biometric performance and error rates, and
• Group internal linkage.
The following aspects which reflect on generic access control issues are out of scope:
• IT security,
• Application specific physical security,
• Policy definition,
• Processes not related to biometric authentication, and
• Specific performance requirements of identification (1:N) and verification (1:1) applications.

  • Technical specification
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST ISO/IEC 4909:2021(Main)
Identification cards -- Financial transaction cards -- Magnetic stripe data content for track 3
ISO/IEC 4909:2006

ISO/IEC 4909:2006 establishes specifications for financial transaction cards using track 3 and is intended to permit interchange based on the use of magnetic stripe encoded information. It specifies the data content and physical location of read/write information on track 3 and is to be used in conjunction with the relevant parts of ISO/IEC 7811 and ISO/IEC 7812.
ISO/IEC 4909:2006 recognizes the need for formats of track 3 which can be used independently of, or in conjunction with, track 2 as defined in ISO/IEC 7813. This approach is intended to permit the greatest degree of flexibility within the financial community in facilitating international interchange.
Using track 3 in conjunction with track 2 is a mode of operation in both on-line and off-line interchange environments. This mode of operation requires that the original encoded data on track 2 be read; the data on track 3 be read; and, if update is required, all the data on track 3 be rewritten.
Independent use of track 3 is an alternative mode of operation permitting both on-line interchange and off-line interchange based on mutual agreement between interested parties. It requires reading only of the data on track 3 and, if update is required, the rewriting of all the data on track 3.

  • Standard
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Standard
    14 pages
    English language
    sale 15% off
SIST
SIST-TS CEN/TS 17489-1:2020(Main)
Personal identification - Secure and interoperable European Breeder Documents - Part 1: Framework overview
CEN/TS 17489-1:2020

This document provides an overview of a framework on breeder documents. It introduces the document structure of FprCEN/TS 17489 (all parts) that specifies how citizens retain the control of breeder document data and how they can use them to support identity proofing and verification. Moreover, the framework provides methodologies to assess and increase the level of trust in breeder documents.
This framework specifies methods for:
-   defining physical and logical/digital representations of a secure breeder document (hardware based, paper-based, server-based),
-   securing breeder document processes,
-   linking the document to its legitimate holder.
The following types of breeder documents are in the scope of the framework:
-   birth certificates,
-   marriage and partnership certificates,
-   death certificates.
The following breeder documents management processes including first-time application, later-in-life registration of an identity, and content update (e.g. name-changing) are in the scope of this framework:
-   registration,
-   issuance,
-   renewal,
-   inspection/verification,
-   revocation.
The specification of policies is out of scope.

  • Technical specification
    14 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 1332-3:2020(Main)
Identification card systems - User Interface — Part 3: Key pads
EN 1332-3:2020

This European Standard covers the ergonomic layout and usability of keypads. The keypad may consist of numeric, command and function keys and alphanumeric characters. On the basis that keypad layout impacts performance (keying speed, and errors), this European Standard aims to:
-   enhance usability;
-   ensure ease of use through consistency;
-   increase customer confidence;
-   reduce customer error;
-   improve operating time;
-   ensure ergonomic data entry.
This European Standard specifies the arrangement, the number and location of numeric, function and command keys, including placement of alphabetic characters on numeric keys. Design requirements and recommendations are also provided.
This standard applies to all identification card systems with a numeric keypad for use by the public for stationary or non-stationary devices. This standard also covers keypads on touch sensitive devices.

  • Standard
    20 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 16794-2:2019(Main)
Public transport - Communication between contactless readers and fare media - Part 2: Test plan for ISO/IEC 14443
CEN/TS 16794-2:2019

This document comes as a complement to the technical requirements expressed in CEN/TS 16794-1, for ensuring contactless communication interoperability between Public Transport (PT) devices or between PT devices compliant to CEN/TS 16794-1 and NFC mobiles devices compliant to NFC Forum specifications.
This document lists all the test conditions to be performed on a PT reader or a PT object in order to ensure that all the requirements specified in CEN/TS 16794-1 are met for the PT device under test.
This document applies to PT devices only:
-   PT readers which are contactless fare management system terminals acting as a PCD contactless reader based on the ISO/IEC 14443 series;
-   PT objects which are contactless fare media acting as a PICC contactless object based on the ISO/IEC 14443 series.
This document applies solely to the contactless communication layers described in Parts 1 to 4 of the ISO/IEC 14443 series. Application-to-application exchanges executed once contactless communication has been established at RF level fall outside the scope of this document. However, a test application will be used so as to make end-to-end transactions during tests on the RF communication layer.
This document does not duplicate the contents of the ISO/IEC 14443 series or ISO/IEC DIS 10373-6 standard. It makes reference to the ISO/IEC DIS 10373-6 applicable test methods, specifies the test conditions to be used and describes the additional specific test conditions that may be run.
The list of test conditions applicable to the PT device under test will be conditioned by the Information Conformance Statement (ICS) declaration made by the device manufacturer. For each test case, the test conditions are clearly specified in order to determine the pertinence to run or not the test case in accordance with the device capabilities or in accordance with the device manufacturer’s choice.
In order to facilitate the test report issuance, a test report template is included in Annex A of this document.
Although this document aims at becoming the primary basis for certification of contactless communication protocol applicable to PT readers and PT objects, it does not describe any certification or qualification processes as such processes should be defined between local or global transit industry stakeholders.

  • Technical specification
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 16794-1:2019(Main)
Public transport - Communication between contactless readers and fare media - Part 1: Implementation requirements for ISO/IEC 14443
CEN/TS 16794-1:2019

This document constitutes the 3rd edition of CEN/TS 16794 1. It sets out the technical requirements to be met by contactless Public Transport (PT) devices in order to be able to interface together using the ISO/IEC 14443 series contactless communications protocol.
This document applies to PT devices:
-   PT readers which are contactless fare management system terminals acting as a PCD contactless reader based on the ISO/IEC 14443 series;
-   PT objects which are contactless fare media acting as a PICC contactless object based on the ISO/IEC 14443 series.
This edition addresses interoperability of consumer-market NFC mobile devices, compliant to NFC Forum specifications, with above mentioned PT devices, aligns with the 4th edition of the ISO/IEC 14443 series and maintains the possibility for PT readers to comply with the requirements from EMV Contactless Interface Specification [1] and the present document.
An interface–oriented test approach is used to evaluate the conformity of PT devices and is defined in CEN/TS 16794 2.
Application-to-application exchanges executed once contactless communication has been established at RF level fall outside the scope of this document. In line with the rules on independence between OSI protocol layers, this document works on the assumption that application-to-application exchanges are not contingent on the type of contactless communication established or the parameters used for the low-level protocol layers that serve as the platform for these application-to-application exchanges.

  • Technical specification
    38 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 17054:2019(Main)
Biometrics multilingual vocabulary based upon the English version of ISO/IEC 2382-37:2012
EN 17054:2019

This European Standard establishes a systematic description of the concepts in the field of biometrics pertaining to recognition of human beings and reconciles variant terms in use in pre-existing biometric standards against the preferred terms, thereby clarifying the use of terms in this field.
Excluded from the scope of this document are concepts (represented by terms) from information technology, pattern recognition, biology, mathematics, etc. Biometrics uses such fields of knowledge as a basis.
In principle, mode specific terms are outside the scope of this European Standard.
Words in bold are defined in this document. Words that are not in bold are to be understood in their natural language sense. The authority for natural language use of terms in this document is the Concise Oxford English Dictionary (COD), Thumb Index Edition (tenth edition, revised, 2002). Words used in their natural language sense are considered out-of-scope for further definition in this document.

  • Standard
    76 pages
    English, French and German language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    77 pages
    English, French and German language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 17261:2019(Main)
Biometric authentication for critical infrastructure access control - Requirements and Evaluation
CEN/TS 17261:2018

The technical specification
i) Specifies design, performance and attack resistance requirements for biometric systems used as part of an automated access control system protecting access to Critical Infrastructure (defined in Council directive 2008 /114 / EC)
ii) Describes methodologies for evaluation of biometric access control products against these requirements

  • Technical specification
    18 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST-TS CEN/TS 17262:2019(Main)
Personal identification - Robustness against biometric presentation attacks - Application to European Automated Border Control
CEN/TS 17262:2018

This Technical Specification is an application profile for the International Standard ISO/IEC 30107 Biometric presentation attack detection. It provides best practice recommendations for the implementation of Automated Border Control (ABC) systems in Europe.
Presentation Attack Detection (PAD) is addressed for facial and fingerprint recognition.
The biometric reference data can be stored in electronic Machine Readable Travel Documents (eMRTD) and/or EU Visa Information System (VIS).
The TS covers the robustness of the system, privacy and data protection aspects, usability and acceptance as well as countermeasures including their evaluation from the Biometrics perspective. Enrolment, issuance and verification applications of eMRTD other than border control are not in scope.

  • Technical specification
    23 pages
    English language
    sale 10% off
    e-Library read for
    1 day