CEN/TC 224/WG 16 - Application Interface for smart cards used as Secure Signature Creation Devices
Application Interface for smart cards used as Secure Signature Creation Devices
General Information
This part of this series contains Identification, Authentication and Digital Signature (IAS) services in addition to the QSCD mechanisms already described in Part 1 to enable interoperability and usage for IAS services on a national or European level.
It also specifies additional mechanisms like key decipherment, Client Server authentication, identity management and privacy related services.
- Standard58 pagesEnglish languagesale 10% offe-Library read for1 day
This part specifies mechanisms for SEs to be used as privacy-enabled devices in the context of IAS, and fulfil the requirements of Article 5 of the so-called eIDAS Regulation about data processing and protection.
It covers:
- Age verification
- Document validation
- Restricted identification
- eServices with trusted third party based on ERA protocol
- Standard22 pagesEnglish languagesale 10% offe-Library read for1 day
This part specifies mechanisms for SEs to be used as qualified signature creation devices covering:
• Signature creation and mobile signature creation
• User verification
• Password based authentication
The specified mechanisms are suitable for other purposes like services in the context of EU Regulation 910/2014 of the European Parliament and the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
The particular case of seal is also covered by the specification. The differences between seal and signature are exposed in Annex B. Annex B also explains how the mechanisms for SEs as qualified signature creation devices can be used for SEs as qualified seal creation devices.
Mobile signature is an alternative to the classical signature case which is performed by a secure element. Mobile signature is encouraged by the large widespread of mobile devices and the qualification authorized by the eIDAS Regulation. The particular case of remote signature (or server signing) is covered by this specification in Annex C.
In the rest of this document, except Annex B, there will be no particular notion of a seal since it technically compares to the signature.
- Standard115 pagesEnglish languagesale 10% offe-Library read for1 day
This part specifies device authentication to be used for QSCDs in various context including
Device authentication protocols
Establishment of a secure channel Data structures
CV-certificates Key management
The device authentication protocols shall apply to sole-control signature mandated by the EU-regulation eIDAS.
- Standard117 pagesEnglish languagesale 10% offe-Library read for1 day
This part is an informative introduction into the following parts. It gives guidance to the following parts in order to allow an efficient usage of the provided information. Therefore Part 1 provides history, application context, market perspective and a tutorial about the basic understanding of electronic signatures.
- Clause 3 provides "Terms and definitions" covering all parts of this standards. The specific parts will contain a similar section which refers to the clause of this Part 1.
- Clause 4 provides "Symbols and abbreviations" covering all parts of this standards. The specific parts will contain a similar section which refers to the clause of this Part 1.
- Clause 5 provides a Management Summary that describes the market context in which electronic signatures are typically
- Annex A provides the algorithm identifies for all parts of the standard.
- Annex B provides the algorithm identifies for all parts of the standard.
- Annex C provides the build scheme for object identifiers for all parts of the standard.
- Annex D "Tutorial on Signature Technology" provides a tutorial which helps the first reader to get familiar with signature technology and its relation to the society that it serves.
- Annex E "Guide to the EN 419212" explains the historical and technical evolution of the ESIGN activities which did finally lead to this version of the signature standard.
- Standard57 pagesEnglish languagesale 10% offe-Library read for1 day
The regulation on electronic identification and trusted eServices (eIDAS regulation) clearly extends the current Electronic Signature Directive from electronic signature towards electronic identification and electronic authentication. These two topics are closely linked to electronic signature and are considered in this context in this document. There are many documents, standards, industrial initiatives and European projects on identification and authentication, but the scope here is limited to electronic signature context, and wider to electronic transactions in the internal market.
The present Technical Report is twofold.
It firstly does a brief analysis of the implementing acts on electronic identities CIR 2015/1501 [29] and CIR 2015/1502 [30] and how this is addressed by the eID interoperability framework [31]. It secondly establishes what areas of existing standards are impacted by the eID framework and what further areas of standardization could assist nations in providing eID services.
- Technical report15 pagesEnglish languagesale 10% offe-Library read for1 day
This European Standard specifies mechanisms for smart cards to be used as secure signature creation devices covering:
- signature creation;
- user verification;
- password based authentication;
- device authentication;
- establishment of a secure channel.
The specified mechanisms are suitable for other purposes like services in the context of IAS.
- Standard250 pagesEnglish languagesale 10% offe-Library read for1 day
This European Standard contains Identification, Authentication and Digital Signature (IAS) services in addition to the SSCD mechanisms already described in EN 419212-1 to enable interoperability and usage for IAS services on a national or European level.
It also specifies additional mechanisms like key decipherment, Client Server authentication, identity management and privacy related services.
- Standard125 pagesEnglish languagesale 10% offe-Library read for1 day
Part 1 of this series specifies the application interface to Smart Cards during the usage phase, used as Secure Signature Creation Devices (SSCD) according to the Terms of the European Directive on Electronic Signature 1999/93 to enable interoperability and usage as SSCD on a national or European level.
This document describes the mandatory services for the usage of Smart Cards as SSCDs based on CEN CWA 14890. This covers the signing function, storage of certificates, the related user verification, establishment and use of trusted path and channel, requirements for key generation and the allocation and format of resources required for the execution of those functions and related cryptographic token information.
Thereby the functionality of CWA 14890-1 is enhanced in the following areas:
- Device authentication with Elliptic Curves (ELC) for existing asymmetric authentication protocols (RSA Transport, Privacy Protocol),
- Enhancement of existing asymmetric authentication protocols due to privacy and non-traceability constraints,
- Card Verifiable (CV) Certificate Formats (self descriptive) with ELC for all types of authentication and authorization protocols,
- Secure Messaging Tags and use of commands with Odd-INS Code in compliance to the actual ISO/IEC 7816-4,
- Further hash algorithms (SHA2–family) with corresponding Object identifier and Algorithm references,
- Use of AES in authentication protocols,
- Use of AES for secure messaging.
The following items are out of scope:
1) The physical, electrical and transport protocol characteristics of the card,
2) The external signature creation process and signature environment,
3) The elements required to verify an electronic signature produced by a card used as a SCCD,
4) The error handling process.
- Standard195 pagesEnglish languagesale 10% offe-Library read for1 day
Part 2 of this series contains Identification, Authentication and Digital Signature (IAS) services in addition to the SSCD services already described in Part 1 to enable interoperability and usage for IAS on a national or European level.
This part describes additional functionality to support generic Identification, Authentication and Digital Signature (IAS) services. It contains the functionality of Part 2 of CEN CWA 14890. This covers key decipherment and client (card holder) server authentication, signature verification and related cryptographic token information.
Additionally this document is enhanced in respect to
Client-Server (C/S) Authentication Protocols with ELC and their description in DF.CIA
Identity management on base of C/S Authentication
Card capability description and Application Capability Description
The following items are out of scope:
1. The physical, electrical and transport protocol characteristics of the card,
2. The error handling process.
- Standard78 pagesEnglish languagesale 10% offe-Library read for1 day