ISO/IEC JTC 1/SC 17/WG 4 - Generic interfaces and protocols for security devices

This document describes the software (SW) layer called “proxy”. It supports the programming interface to security devices and the application using this API to access the application related security devices defined in ISO/IEC TS 23465-2. This document is applicable to: — proxy requirements, functionality and layers; — resolving mechanisms for API functions; — data structures related to security device handling; — translation for security device communication; — serialization/de-serialization syntax and methods.

This document specifies directly or by reference, data elements, including composite data elements that are applicable to interindustry interchange. It identifies the following characteristics of each data element: — identifier; — name; — description and reference; — format and coding (if not available in other ISO standards or parts of the ISO/IEC 7816 series). The layout of each data element is described as seen at the interface between the interface device and the card. This document provides the definition of data elements without consideration of any restrictions on the usage of the data elements. It does not cover the internal implementation within the card and/or the outside world. With the exception of login data objects (6.5), only application class tags are eligible in this document. When using an interindustry template, an application is allowed to nest context-specific class tags (see ISO/IEC 7816-4) under such a template unless it is previously marked as reserved for future use by ISO/IEC JTC 1/SC 17.

This document describes the following aspects of the programming interface between the client application dealing with the security device and the proxy, based on the framework outlined in ISO/IEC 23465-1: — the generic API definition; — state and security models for use cases; — class and API definitions of functionality, defined in other standards, e.g. the ISO/IEC 7816 series.

This document introduces and describes the concept of the application programming interface (API) to security devices with the intention to simplify the usage of commands and mechanisms defined by the ISO/IEC 7816 series. This document gives guidelines on: — the system overview and description of the system of the programming interface; — the architecture description; — the data model in general, used by the API; — the use cases and the usage model of the API.

This document specifies generic system architectures and generic life-cycle phases of mobile eID systems in terms of building blocks for mobile eID system infrastructures. It standardizes interfaces and services for mdoc apps and mobile verification applications. It is applicable to entities involved in specifying, architecting, designing, testing, maintaining, administering and operating a mobile eID system in parts or entirely.

This document specifies interindustry commands which can be used for security operations. This document also provides informative directives on how to construct security mechanisms with commands defined in ISO/IEC 7816‑4. The choice and conditions of use of cryptographic mechanism in security operations can affect card exportability. The evaluation of the suitability of algorithms and protocols is outside the scope of this document. It does not cover the internal implementation within the card and/or the outside world.

This document specifies the requirements for a protocol derived from HCI/HCP (see ETSI TS 102 622) enabling communication for devices regardless of data link and physical layers. This document covers the following: a) outline of a system comprised of one or more hosts and one controller; b) extension of connection topology between hosts and host controller (i.e. star topology and additional other topologies); c) segregation between existing system using ETSI TS102 613 and new system compliant to this document (this document refers ETSI TS 102 613, but does not change its specification and does not use RFU). For ETSI TS 102 622, data link layer and physical layer like SWP specified in ETSI TS 102 613 is out of the scope. Albeit questioned in this document, the duplication of OSI transport layer by e.g. enforcing encapsulation of HCP into T=1 or the reverse, is out of the scope.

This document is intended to be used in any sector of activity. It specifies: — contents of command-response pairs exchanged at the interface, — means of retrieval of data elements and data objects in the card, — structures and contents of historical bytes to describe operating characteristics of the card, — structures for applications and data in the card, as seen at the interface when processing commands, — access methods to files and data in the card, — a security architecture defining access rights to files and data in the card, — means and mechanisms for identifying and addressing applications in the card, — methods for secure messaging, — access methods to the algorithms processed by the card. It does not describe these algorithms. It does not cover the internal implementation within the card or the outside world. This document is independent from the physical interface technology. It applies to cards accessed by one or more of the following methods: contacts, close coupling and radio frequency. If the card supports simultaneous use of more than one physical interface, the relationship between what happens on different physical interfaces is out of the scope of this document.

This document defines test methods for characteristics of integrated circuit cards with contacts and related interface devices according to the definition given in ISO/IEC 7816-3. Each test method is cross‑referenced to one or more base standards, which can be ISO/IEC 7810 that defines the information storage technologies employed in identification card applications. NOTE Criteria for acceptability do not form part of this document but can be found in the International Standards mentioned above. This document defines test methods which are specific to integrated circuit technology with contacts. ISO/IEC 10373-1 defines test methods which are common to one or more card technologies and other parts of the ISO/IEC 10373 series define other technology‑specific tests. Test methods defined in this document are intended to be performed separately and independently. A given card is not required to pass through all the tests sequentially. The test methods defined in this document are based on ISO/IEC 7816-3. Conformance of cards and IFDs determined using the test methods defined in this document does not preclude failures in the field. Reliability testing is outside the scope of this document. This document does not define any test to establish the complete functioning of integrated circuit cards. The test methods require only that the minimum functionality be verified. The minimum functionality is defined as follows. — Any integrated circuit present in the card continues to show an Answer to Reset response which conforms to the base standard. — Any contacts associated with any integrated circuit present in the card continue to show electrical resistance which conforms to the base standard.

This document specifies the test methods used for conformity testing, to determine whether an ICC with at least one ICC-managed device is considered to conform with the specifications of ISO/IEC 18328-3, e.g. device management and device handling.

ISO/IEC 19286:2018 aims to normalize privacy-enhancing protocols and services by - using the mechanisms from parts of ISO/IEC 7816 and parts of ISO/IEC 18328 that contribute to security and privacy, - providing discoverability means of privacy-enabling attributes, - defining requirements for attribute-based credential handling, and - identifying data objects and commands for ICCs. Existing privacy-enhancing protocols available in a generic context are adopted for distributed systems including ICCs. Additionally, existing authentication protocols between an ICC and an external device used for establishing a secure channel are enhanced with privacy protection. Secure communication between an ICC and an on-card device is also considered. All the protocols and services described in this document contribute to privacy. Annex B describes an example of privacy impact assessments of respective systems.

ISO/IEC 7816-9:2017 specifies interindustry commands for card, file and other structure management, i.e. data object and security object. These commands cover the entire life cycle of the card and therefore some commands are used before the card has been issued to the cardholder or after the card has expired. For details on record life cycle status, refer to ISO/IEC 7816-4. ISO/IEC 7816-9:2017 is not applicable to the internal implementation within the card and/or the outside world.

ISO/IEC 18328-3:2016 specifies the logical interface of an application supporting the necessary security features in a card-IC which communicates with the external world by a physical interface supporting APDUs. This application supports the usage of electronic devices. This involves the design of commands, data structures and security mechanisms which are required to handle the data and handling the additional devices itself. The handling of the additional devices is always controlled by the card-IC. External inputs or outputs shall be managed by the existing interfaces. This document deals not with physical characteristics of the card and interface technology, but only with the logical aspects. Management of data for additional devices that is not subdued by the COS or application control is out of the scope of this document. Definitions of coding requirement for "trust assessment" of the managed data like warning, font, colour etc. is in the scope of this document. A description of the logical internal interface functionality used by the COS or by device drivers, if any, is also part of this document. Due to the fact that relevant technologies may evolve or be adopted very fast, this document defines commands and structures supporting extensions and adaptations.

ISO/IEC 7816-15:2016 specifies an application in a card. This application contains information on cryptographic functionality. This part of ISO/IEC 7816 defines a common syntax and format for the cryptographic information and mechanisms to share this information whenever appropriate. The objectives of this part of ISO/IEC 7816 are to - facilitate interoperability among components running on various platforms (platform neutral), - enable applications in the outside world to take advantage of products and components from multiple manufacturers (vendor neutral), - enable the use of advances in technology without rewriting application-level software (application neutral), and - maintain consistency with existing, related standards while expanding upon them only where necessary and practical. It supports the following capabilities: - storage of multiple instances of cryptographic information in a card; - use of the cryptographic information; - retrieval of the cryptographic information, a key factor for this is the notion of "Directory Files", which provides a layer of indirection between objects on the card and the actual format of these objects; - cross-referencing of the cryptographic information with DOs defined in other parts of ISO/IEC 7816 when appropriate; - different authentication mechanisms; - multiple cryptographic algorithms (the suitability of these is outside the scope of this part of ISO/IEC 7816). ISO/IEC 7816-15.2016 does not cover the internal implementation within the card and/or the outside world. It is not mandatory for implementations complying with this International Standard to support all options described. In case of discrepancies between ASN.1 definitions in the body of the text and the module in Annex A, Annex A takes precedence.

ISO/IEC 18328-1:2015 describes the general architecture of an ICC with ICC-managed devices. ISO/IEC 18328-1:2015 is one of a series of International Standards which outlines the content and the boundaries covered and standardised by the other parts of ISO/IEC 18328. The general principle of this part of ISO/IEC 18328 is that all activities regarding the ICC-managed devices are controlled by the card-IC. This principle also applies when ICC-managed devices are outside the card. ISO/IEC 18328-1:2015 is applicable for all kind of cards independent from interface technology for communication.

ISO/IEC 10373-9:2011 defines test methods for characteristics of identification cards according to the definition given in ISO/IEC 7810. It is specific to optical memory cards that use the holographic recording method technology. Each test method is cross‑referenced to one or more base standards, i.e. ISO/IEC 7810 or one or more of the supplementary International Standards that define the information storage technologies employed in identification card applications.

ISO/IEC 24727 is a set of programming interfaces for interactions between integrated circuit cards and external applications to include generic services for multi-sector use. ISO/IEC 24727-5:2011 specifies conformance testing procedures designed to determine if interfaces developed with the ISO/IEC 24727 series meet the requirement of ISO/IEC 24727. By conforming to ISO/IEC 24727-5:2011, interoperable implementations of ISO/IEC 24727 can be realized. Test procedures for ISO/IEC 24727-2, ISO/IEC 24727-3 and ISO/IEC 24727-4 are described with sufficient detailing in support of ISO/IEC 24727 interoperability requirements, i.e. the connectivity, ISO/IEC 24727 security mechanisms and discovery mechanisms between the client-application and the card-application. This part of ISO/IEC 24727 defines calls on ISO/IEC 24727-3 in an ordered sequence. It also defines the confirmation of integrity of transmitted data by an implementation under test, as well as the syntax of that data received from the implementation under test for the marshalling procedures defined in ISO/IEC 24727-3 and ISO/IEC 24727-4. For each test procedure, the conditions required for its execution are defined, along with the conditions under which it has to be executed and the expected results. Structures and entities used for the tests, as well as common set of recurring sequences used for the various procedures, are identified and documented in ISO/IEC 24727-5:2011.

ISO/IEC 10373-8:2011 describes a Test Methodology and a list of Test Scenarios to evaluate the compliance of a card with ISO/IEC 7816-12. Specifically, ISO/IEC 10373-8:2011: addresses USB 2.0 physical layer measurements and electrical compliance testing; discusses issues relative to the Test Tools to analyse USB bus traffic and provides guidance for the Test Scenarios given in ISO/IEC 10373-8:2011; proposes a classification of Test Scenarios given in ISO/IEC 10373-8:2011, along with validation criteria; discusses Test Cases for compliance with the USB CCID Class Device.

ISO/IEC 7816-1:2011 specifies the physical characteristics of integrated circuit cards with contacts. It applies to identification cards of the ID-1 card type, which can include embossing and/or a magnetic stripe and/or tactile identifier mark as specified in ISO/IEC 7811. Test methods are specified in ISO/IEC 10373-1. ISO/IEC 7816-1:2011 applies to cards which have a physical interface with electrical contacts. It does not, however, define the nature, number and position of the integrated circuits in the cards.

ISO/IEC 24727-6:2010 defines the procedures for registration of authentication protocols (APs), including related cryptographic algorithms, test methods and conformance assessment criteria, and registration of the adoption of ISO/IEC 24727 APs by parties desiring to advertise AP interoperability.

ISO/IEC 24727 is a set of programming interfaces for interactions between integrated circuit cards (ICCs) and external applications to include generic services for multi-sector use. The organization and the operation of the ICC conform to ISO/IEC 7816-4. ISO/IEC 24727 is relevant to ICC applications desiring interoperability among diverse application domains. ISO/IEC 24727-3:2008 defines services as representations of action requests and action responses to be supported at the client-application service interface. The services are described in a programming language independent way. ISO/IEC 24727-3:2008 is the application interface of the Open Systems Interconnection Reference Model defined in ISO/IEC 7498-1. It provides a high-level interface for a client-application making use of information storage and processing operations of a card-application as viewed on the generic card interface. ISO/IEC 24727-3:2008 does not mandate a specific implementation methodology for this interface.

ISO/IEC 24727 defines a set of programming interfaces for interactions between integrated circuit cards and external applications to include generic services for multi-sector use. ISO/IEC 24727-4:2008 standardizes the connectivity and security mechanisms between the client-application and the card-application. It specifies API-Administration of service-independent and implementation-independent ISO/IEC 24727 compliant modules, including security, that enables action requests to a specific card-application of an integrated circuit card such that, when coupled to data model and content discovery operations, the card-application can be used by a variety of client-applications.

ISO/IEC 7816-2:2007 specifies the dimensions and locations for each of the contacts on an integrated circuit card of an ID-1 card type. It also provides information on the way to identify which standards define the use of the contacts. ISO/IEC 7816-2:2007 is to be used in conjunction with ISO/IEC 7816-1.

ISO/IEC 7816-13:2007 specifies commands for application management in a multi-application environment. These commands cover the entire life cycle of applications in a multi-application integrated circuit card, and the commands can be used before and after the card is issued to the cardholder. ISO/IEC 7816-13:2007 does not cover the implementation within the card and/or the outside world.

ISO/IEC 7816-3:2006 specifies the power and signal structures, and information exchange between an integrated circuit card and an interface device such as a terminal. It also covers signal rates, voltage levels, current values, parity convention, operating procedure, transmission mechanisms and communication with the card. It does not cover information and instruction content, such as identification of issuers and users, services and limits, security features, journaling and instruction definitions.

ISO/IEC 7816-12:2005 specifies the operating conditions of an integrated circuit card that provides a USB interface. An integrated circuit card with a USB interface is named USB-ICC. ISO/IEC 7816-12:2005 specifies the electrical conditions when a USB-ICC is operated by an interface device - for those contact fields that are not used, when the USB interface is applied; the USB standard descriptors and the USB-ICC class specific descriptor; the data transfer between host and USB-ICC using bulk transfers or control transfers; the control transfers which allow two different protocols named version A and version B; the (optional) interrupt transfers to indicate asynchronous events; status and error conditions. ISO/IEC 7816-12:2005 provides two protocols for control transfers. This is to support the protocol T=0 (version A) or to use the transfer on APDU level (version B). ISO/IEC 7816-12:2005 provides the state diagrams for the USB-ICC for each of the transfers (bulk transfers, control transfers version A and version B). Examples of possible sequences which the USB-ICC must be able to handle are given in an informative annex.

ISO/IEC 7816-4 defines how to use an application identifier to ascertain the presence of and/or perform the retrieval of an application in a card. ISO/IEC 7816-5:2004 shows how to grant the uniqueness of application identifiers through the international registration of a part of this identifier, and defines the registration procedure, the authorities in charge thereof, the availability of the register which links the registered parts of the identifiers and the relevant application providers.

This part of ISO/IEC 7816 specifies the power, signal structures, and the structure for the answer to reset between an integrated circuit(s) card with synchronous transmission and an interface device such as a terminal. The specifications in ISO/IEC 7816-3 apply where appropriate, unless otherwise stated here. It also covers signal rates, operating conditions, and communication with the integrated circuit(s) card. This part of ISO/IEC 7816 specifies two types of synchronous cards: type 1 and type 2.

This part of ISO/IEC 7816 specifies the concept of a SCQL database (SCQL = Structured Card Query Language based on SQL, see ISO 9075) and the related interindustry enhanced commands.

This document specifies interindustry commands which can be used for security operations. This document also provides informative directives on how to construct security mechanisms with commands defined in ISO/IEC 7816‑4. The choice and conditions of use of cryptographic mechanism in security operations can affect card exportability. The evaluation of the suitability of algorithms and protocols is outside the scope of this document. It does not cover the internal implementation within the card and/or the outside world.

ISO 7816-8:2016 specifies interindustry commands that may be used for security operations. This document also provides informative directives on how to construct security mechanisms with ISO/IEC 7816‑4 defined commands. The choice and conditions of use of cryptographic mechanism in security operations may affect card exportability. The evaluation of the suitability of algorithms and protocols is outside the scope of this document. It does not cover the internal implementation within the card and/or the outside world.

ISO/IEC 7816-6:2016 specifies directly or by reference, data elements, including composite data elements that may be used in interindustry interchange. It identifies the following characteristics of each data element: - identifier; - name; - description and reference; - format and coding (if not available in other ISO standards or parts of ISO/IEC 7816). The layout of each data element is described as seen at the interface between the interface device and the card. It provides the definition of data elements without consideration of any restrictions on the usage of the data elements. It does not cover the internal implementation within the card and/or the outside world. With the exception of login data objects (6.5), only application class tags are eligible in ISO/IEC 7816-6:2016. When using an interindustry template, an application is allowed to nest context-specific class tags (see ISO/IEC 7816‑4) under such a template unless it is previously marked as Reserved for Future Use ISO/IEC JTC 1/SC 17.

ISO/IEC 7816-4:2013 is intended to be used in any sector of activity. It specifies: a) contents of command-response pairs exchanged at the interface, b) means of retrieval of data elements and data objects in the card, c) structures and contents of historical bytes to describe operating characteristics of the card, d) structures for applications and data in the card, as seen at the interface when processing commands, e) access methods to files and data in the card, f) a security architecture defining access rights to files and data in the card, g) means and mechanisms for identifying and addressing applications in the card, h) methods for secure messaging, i) access methods to the algorithms processed by the card. It does not describe these algorithms. It does not cover the internal implementation within the card or the outside world. ISO/IEC 7816-4:2013 is independent from the physical interface technology. It applies to cards accessed by one or more of the following methods: contacts, close coupling and radio frequency. If the card supports simultaneous use of more than one physical interface, the relationship between what happens on different physical interfaces is out of the scope of ISO/IEC 7816-4:2013.

ISO/IEC 10373-3:2010 defines test methods for characteristics of integrated circuit cards with contacts and related interface devices according to the definition given in ISO/IEC 7816. Each test method is cross‑referenced to one or more base standards, which can be ISO/IEC 7810 or one or more of the supplementary International Standards that define the information storage technologies employed in identification card applications. ISO/IEC 10373-3:2010 defines test methods which are specific to integrated circuit technology with contacts. ISO/IEC 10373-1 defines test methods which are common to one or more card technologies and other parts define other technology‑specific tests. Test methods defined in ISO/IEC 10373-3:2010 are intended to be performed separately and independently. A given card is not required to pass through all the tests sequentially. The test methods defined in ISO/IEC 10373-3:2010 are based on ISO/IEC 7816-3. Conformance of cards and IFDs determined using the test methods defined in ISO/IEC 10373-3:2010 does not preclude failures in the field. Reliability testing is outside the scope of ISO/IEC 10373-3:2010. ISO/IEC 10373-3:2010 does not define any test to establish the complete functioning of integrated circuit cards. The test methods require only that the minimum functionality be verified. Minimum functionality is defined as follows. Any integrated circuit present in the card continues to show an Answer to Reset response which conforms to the base standard. Any contacts associated with any integrated circuit present in the card continue to show electrical resistance which conforms to the base standard.

ISO/IEC 7816-4:2005 specifies: contents of command-response pairs exchanged at the interface, means of retrieval of data elements and data objects in the card, structures and contents of historical bytes to describe operating characteristics of the card, structures for applications and data in the card, as seen at the interface when processing commands, access methods to files and data in the card, a security architecture defining access rights to files and data in the card, means and mechanisms for identifying and addressing applications in the card, methods for secure messaging, access methods to the algorithms processed by the card. It does not describe these algorithms. It does not cover the internal implementation within the card or the outside world. ISO/IEC 7816-4:2005 is independent from the physical interface technology. It applies to cards accessed by one or more of the following methods: contacts, close coupling, and radio frequency.

ISO/IEC 7816-9:2004 specifies interindustry commands for integrated circuit cards (both with contacts and without contacts) for card and file management, e.g. file creation and deletion. These commands cover the entire life cycle of the card and therefore some commands may be used before the card has been issued to the cardholder or after the card has expired. An annex is provided that shows how to control the loading of data (secure download) into the card, by means of verifying the access rights of the loading entity and protection of the transmitted data with secure messaging. The loaded data may contain, for example, code, keys and applets.

ISO/IEC 7816-8:2004 specifies interindustry commands for integrated circuit cards (either with contacts or without contacts) that may be used for cryptographic operations. These commands are complementary to and based on the commands listed in ISO/IEC 7816-4. Annexes are provided that give examples of operations related to digital signatures, certificates and the import and export of asymmetric keys. The choice and conditions of use of cryptographic mechanisms may affect card exportability. The evaluation of the suitability of algorithms and protocols is outside the scope of ISO/IEC 7816-8.

ISO/IEC 7816-6:2004 specifies the Data Elements (DEs) used for interindustry interchange based on integrated circuit cards (ICCs) both with contacts and without contacts. It gives the identifier, name, description, format, coding and layout of each DE and defines the means of retrieval of DEs from the card.

ISO/IEC 7816-11:2004 specifies the usage of interindustry commands and data objects related to personal verification through biometric methods in integrated circuit cards. The interindustry commands used are defined in ISO/IEC 7816-4. The data objects are partially defined in this International Standard, partially imported from ISO/IEC 19785-1. ISO/IEC 7816-11 also presents examples for enrollment and verification and addresses security issues.

ISO/IEC 7816-15:2004 specifies a card application. This application contains information on cryptographic functionality. Further, ISO/IEC 7816-15:2004 defines a common syntax (in ASN.1) and format for the cryptographic information and mechanisms to share this information whenever appropriate. ISO/IEC 7816-15:2004 supports the following capabilities: storage of multiple instances of cryptographic information in a card; use of the cryptographic information; retrieval of the cryptographic information; cross-referencing of the cryptographic information with DOs defined in ISO/IEC 7816 when appropriate; different authentication mechanisms; and multiple cryptographic algorithms.