CEN/TC 224/WG 15 - European citizen card

This Technical Specification provides an Interoperability Model, which will enable an eService compliant with technical requirements, to interoperate with different implementations of the European Citizen Card.
This Interoperability model will be developed as follows:
-   starting from the ECC Part 2, Part 3 of the ECC series provides additional technical specifications for a middleware architecture based on ISO/IEC 24727 (all parts); this middleware will provide an API to an eService as per ISO/IEC 24727 3.
-   a set of additional API provides the middleware stack with means to facilitate ECC services.
-   a standard mechanism for the validation of the e-ID credential is stored in the ECC and retrieved by the eService.
In order to support the ECC services over an ISO/IEC 24727 middelware configuration, this part of the standard specifies the following:
-   a set of mandatory requests to be supported by the middleware implementation based on ISO/IEC 24727 (all parts).
-   data set content for interoperability to be personalised in the ECC.
-   three middleware architecture solutions: one based on a stack of combined ISO/IEC 24727 configurations and the other based on Web Service configuration whereas the third one is relying on a SAL Lite component.
-   an Application DiscoveryProfile featuring the guidelines for card-applications to fit in ISO/IEC 24727 framework.

1.1   Scope of CEN/TS 15480-5:2013
The scope of this Technical Specification is to provide a general description of the standard together with an introduction to each part of the ECC standard.
Informative Annex A maps the relationship between the various parts of the ECC standard and other ISO/IEC standards relating to the card platform.
1.2   Scope of the ECC standard
The European Citizen Card (ECC) standard addresses the difficulties presented to citizens when attempting to access various public services using a smart card as an access token. The scope of the ECC standard covers card capabilities and structures specified under the following headings:
- Specific definition of minimum features (for example, card surface print structure).
- Definition of optional features that may be required to provide the desired electronic services.
- Specification of discovery mechanisms to allow supported and in-use card capabilities and features to be identified.
- Besides covering the hardware and software of the card, the ECC standard also addresses interfaces to readers and servers through middleware components.
This simple concept can enable ECC cards to adopt a widely different set of personas, even though a common application may be housed on cards used in different environments and in different ways. Generically, we can consider ECC cards as being classed as one of the following groups, even though the same application may be loaded (alongside others) in each environment. These groupings are:
- eID Verification token;
- Inter-European Union travel document;
- Provider of logical access to e-Government or local administration services or to private sector services by housing personal credentials.
In order to support the above, it is noted that there will be certain minimum requirements upon any card conforming to the ECC, specifically, the European Citizen Card will be at a minimum a smart card with Identification, Authentication and electronic Signature (IAS) service capabilities. The ECC may act as a bridge between different application requirements of an integrated circuit card and in so doing act to reduce the number of different European specifications and standards required.
The ECC will be issued under the responsibility of a European National Public Administration in order to provide a token supporting one of the above usage groupings by housing one or more relevant applications. In addition, there is nothing to stop the ECC being used to support private applications and environments which would therefore allow the ECC to be used in a shared public-private application scenario.
It is apparent that the ECC is intended to offer the card issuer/ service provider with a great deal of flexibility in the services that the ECC provides, the authentication mechanisms supported and the local national specific public policy with an special concern to protect the citizen privacy according to the applicable European legislation.

This Technical Specification specifies Electronic Citizen Card (ECC) requirements.
The requirements described in this Technical Specification are used to:
1)   define a plastic body card with associated physical and logical securities;
2)   specify the electrical interface and data transport protocols for the ECC;
3)   support the basic set of identification and authentication elements visible at the card surface;
4)   provide guidance for the specification of the ECC Durability.
In addition to the above requirements, Informative Annex A in this document recommends different Physical Layouts for the ECC for two scenarios:
-   when the ECC is issued to act as a travelling document;
-   when the ECC is not issued to act as a travelling document.

This Technical Specification specifies the logical characteristics and security features at the card/system interface for the European Citizen Card.
The European Citizen Card is a smart card with Identification, Authentication and electronic Signature (IAS) services. Therefore:
-   the supported services are specified;
-   the supported data structures as well as the access to these structures are specified;
-   the command set is defined.
This Technical Specification aims to ensure the interoperability at card/system interface in the usage phase.
In order to reach the interoperability objective, IAS services are compliant with EN 14890 Part 1 and Part 2. As the EN documents offer options, this specification fully defines a complete profile.
This Technical Specification also considers ICAO Doc 9303.
This Technical Specification does not mandate the use of a particular technology, and is intended to allow both native and Java card technologies.
This specification encompasses mandatory and optional features. Optional features make up a toolbox of modular options from which issuers can pick up the necessary protocols to fulfil the requirements for use. Mandatory features shall be implemented for a smart card to be compliant with this Technical Specification. Mandatory features required for compliancy to ECC specification are given in Annex C, the optional features are given in Annex D. Two IAS-enabled smart cards issued by two different issuers, and compliant with this Technical Specification but implementing different application profiles out of this Technical Specification, can interoperate with a terminal provided that such a terminal supports both application profiles. Therefore, interoperability requires a specific agreement between issuers/governments in order to determine which cross-border services are to be shared, and consequently, which protocols are to be supported by the terminals in each country.
All the APDU commands described in this Technical Specification are in accordance with ISO/IEC 7816 Part 4 or Part 8. They are fully described here in order to provide the settings adopted by this specification and to prevent any ambiguity in case of several possible interpretations of the standards.
For physical, electrical and transport protocol characteristics, refer to CEN/TS 15480-1.

CEN/TS 15480-4 recommends card issuance and operational procedures including citizens' registration.
CEN/TS 15480-4 gives recommendations with regard to the end-user e.g. with respect to privacy and accessibility aspects.
CEN/TS 15480-4 also identifies a set of standard ECC card profiles (e.g. National ID Card, Health Card, Card issued by a Municipality), that can be used as basis for the specification of new ECC projects.
For each profile, this Technical Specification uses a specified template which
-  selects a subset of technical requirements from CEN/TS 15480-1, FprCEN/TS 15480-2:2011 and CEN/TS 15480-3:2010.
-  considers the operation of the ECC in its particular environment.
The target audience of CEN/TS 15480-4 is the card issuer.

ECC part 3 will provide an Interoperability Model, which will enable an eService compliant with technical requirements, to interoperate with different implementations of the European Citizen Card.
This Interoperability model will be developed as follows:
-   starting from the ECC part 2, part 3 of the ECC series will provide additional technical specifications for a middleware architecture based on ISO/IEC 24727. This middleware will provide an API to an eService as per ISO/IEC 24727-3;
-   a set of additional API provide the middleware stack with means to facilitate ECC services;
-   a standard mechanism for the validation of the e-ID credential stored in the ECC and retrieved by the service.
In order to support the ECC services over an ISO/IEC 24727 middelware configuration, this part of the standard specifies the following:
-   a set of mandatory requests to be supported by the middleware implementation based on ISO/IEC 24727;
-   data set content for interoperability to be personalized in the ECC;
-   two middleware architecture solutions: one based on a stack of combined ISO/IEC 24727 configurations and the other based on Web Service configuration;
-   a Global Profile featuring the guidelines for card-applications to fit in ISO/IEC 24727 framework.