EN 419212-5-2018 Application Interface for Secure Elements for Electronic Identification Authentication and Trusted Services - Part 5 Trusted eService.pdf

1、BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06Application Interface for Secure Elements for Electronic Identification, Authentication and Trusted ServicesPart 5: Trusted eServiceBS EN 419212-5:2018National forewordThis British Standard is the UK implementation of E

2、N 419212-5:2018. Together with BS EN 419212-1:2017, BS EN 419212-2:2017, BS EN 419212-3:2017 and BS EN 419212-4:2018, it supersedes BS EN 419212-1:2014 and BS EN 419212-2:2014, which are withdrawn.The UK participation in its preparation was entrusted to Technical Committee IST/17, Cards and security

3、 devices for personal identification.A list of organizations represented on this committee can be obtained on request to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Ins

4、titution 2018 Published by BSI Standards Limited 2018ISBN 978 0 580 95131 2ICS 35.240.15Compliance with a British Standard cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 April 2018.Amendments/

5、corrigenda issued since publicationDate Text affectedBRITISH STANDARDBS EN 419212-5:2018EUROPEAN STANDARDNORME EUROPENNEEUROPISCHE NORMEN 419212-5April 2018ICS 35.240.15 Supersedes EN 419212-1:2014, EN 419212-2:2014EUROPEAN COMMITTEE FOR STANDARDIZATIONCOMIT EUROPEN DE NORMALISATIONEUROPISCHES KOMIT

6、EE FR NORMUNGCEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2018 CEN Ref. No. EN 419212-5:2018: EAll rights of exploitation in any form and by any means reserved worldwide for CEN national MembersApplication Interface for Secure Elements for Electronic Identification, Authenticatio

7、n and Trusted Services - Part 5: Trusted eServiceInterface applicative des lments scuriss utiliss comme dispositifs de cration de signature lectronique qualifie (cachet) - Partie 5 : Services lectroniques de confianceAnwendungsschnittstelle fr sichere Elemente zur elektronischen Identifikation, Auth

8、entisierung und fr vertrauenswrdige Dienste - Teil 5: Vertrauenswrdige elektronische DiensteThis European Standard was approved by CEN on 6 February 2017.CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the sta

9、tus of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member.This European Standard exists in three official versions (English, French, Ge

10、rman). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions.CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croati

11、a, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey

12、 and United Kingdom.English VersionEN 419212-5:2018 (E)European foreword 4Introduction . 51 Scope . 62 Normative references 63 Terms and definitions . 64 Abbreviations and notation 65 Additional Service Selection . 66 Client/Server Authentication .106.1 General 106.2 Client/Server protocols 106.3 St

13、eps preceding the client/server authentication .116.4 Padding format 116.4.1 PKCS #1 v 1-5 Padding.116.4.2 PKCS #1 V 2.x (PSS) Padding 126.4.3 Building the DSI on ECDSA . 136.5 Client/Server protocol . 136.5.1 General. 136.5.2 Step 1 Read certificate 146.5.3 Step 2 Set signing key for client/server

14、internal authentication .156.5.4 Step 3 Internal authentication . 166.5.5 Client/Server authentication execution flow .176.5.6 Command data field for the client server authentication 197 Role Authentication 197.1 Role Authentication of the card . 197.2 Role Authentication of the server 207.3 Symmetr

15、ical external authentication . 207.3.1 Protocol . 207.3.2 Description of the cryptographic mechanisms .237.3.3 Role description .247.4 Asymmetric external authentication 247.4.1 Protocol based on RSA .248 Symmetric key transmission between a remote server and the ICC .278.1 Steps preceding the key t

16、ransport 278.2 Key encryption with RSA . 278.2.1 General. 278.2.2 PKCS#1 v1.5 padding 288.2.3 OAEP padding 288.2.4 Execution flow.298.3 Diffie-Hellman key exchange for key encipherment318.3.1 General. 318.3.2 Execution flow.339 Signature verification .349.1 General 349.2 Signature verification execu

17、tion flow. 359.2.1 General. 359.2.2 Step 1: Receive Hash 359.2.3 Step 2: Select verification key 369.2.4 Step 3: Verify digital signature 3710 Certificates for additional services 3710.1 File structure . 372Contents PageBS EN 419212-5:2018EN 419212-5:2018 (E)10.2 File structure . 3810.3 EF.C_X509.CH

18、.DS . 3810.4 EF.C.CH.AUT 3810.5 EF.C.CH.KE 3910.6 Reading Certificates and the public key of CAs 3911 APDU data structures .3911.1 Algorithm Identifiers 3911.2 General 3911.3 CRTs . 4011.3.1 General. 4011.3.2 CRT DST for selection of ICCs private client/server auth. key .4011.3.3 CRT AT for selectio

19、n of ICCs private client/server auth. key .4011.3.4 CRT CT for selection of ICCs private key .4011.3.5 CRT DST for selection of IFDs public key (signature verification) .41Annex A (informative) Security Service Descriptor Templates .42Annex B (informative) Example of DF.CIA 47Bibliography .54 ISO IS

20、O pub-date year All rights reserved 3BS EN 419212-5:2018EN 419212-5:2018 (E)European forewordThis document (EN 419212-5:2018) has been prepared by Technical Committee CEN/TC 224 “Personal identification and related personal devices with secure element, systems, operations and privacy in a multi sect

21、orial environment”, the secretariat of which is held by AFNOR.This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by October 2018, and conflicting national standards shall be withdrawn at the latest by O

22、ctober 2018.Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN shall not be held responsible for identifying any or all such patent rights.This document supersedes EN 419212-1:2014 and EN 419212-2:2014.This standard supports serv

23、ices in the context of electronic IDentification, Authentication and Trust Services (eIDAS) including signatures.In EN 419212 Part 2, the standard allows support of implementations of the European legal framework for electronic signatures, defining the functional and security features for a Secure E

24、lements (SE) (e.g. smart cards) intended to be used as a Qualified electronic Signature Creation Device (QSCD) according to the Terms of the “European Regulation on Electronic Identification and Trust Services for electronic transactions in the internal market” 22.A Secure Element (SE) compliant to

25、the standard will be able to produce a “qualified electronic signature” that fulfils the requirements of Article of the Electronic Signature Regulation ” 22 and therefore can be considered equivalent to a hand-written signature.This standard consists of five parts:Part 1: “Introduction and common de

26、finitions” describes the history, application context, market perspective and a tutorial about the basic understanding of electronic signatures. It also provides common terms and references valid for the entire 419212 series. Part 2: “Signature and Seal Services” describes the specifications for sig

27、nature generation according to the eIDAS regulation. Part 3: “Device Authentication” describes the device authentication protocols and the related key management services to establish a secure channel. Part 4: “Privacy specific Protocols” describes functions and services to provide privacy to identi

28、fication services. Part 5: “Trusted eServices” describes services that may be used in conjunction with signature services described in Part 2. According to the CEN-CENELEC Internal Regulations, the national standards organisations of the following countries are bound to implement this European Stand

29、ard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slove

30、nia, Spain, Sweden, Switzerland, Turkey and the United Kingdom.4BS EN 419212-5:2018EN 419212-5:2018 (E)IntroductionRecipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting documentation.The Europ

31、ean Committee for Standardization (CEN) draws attention to the fact that it is claimed that compliance with this document may involve the use of a patent concerning the mapping function given in EN 419212-2:2017 8.2.The patent relates to “Sagem, MorphoMapping Patents FR09-54043 and FR09-54053, 2009”

32、.CEN takes no position concerning the evidence, validity and scope of this patent right.The holder of this patent right has ensured CEN that he/she is willing to negotiate licences under reasonable and non-discriminatory terms and conditions with applicants throughout the world. In this respect, the

33、 statement of the holder of this patent right is registered with CEN. Information may be obtained from:Morpho11, boulevard Gallini92445 Issy-les-Moulineaux CedexAttention is drawn to the possibility that some of the elements of this document may be the subject of patent rights other than those ident

34、ified above. CEN shall not be held responsible for identifying any or all such patent rights.5BS EN 419212-5:2018EN 419212-5:2018 (E)1 ScopePart 5 of this series contains Identification, Authentication and Digital Signature (IAS) services in addition to the QSCD mechanisms already described in Part

35、2 to enable interoperability and usage for IAS services on a national or European level.It also specifies additional mechanisms like key decipherment, Client Server authentication, identity management and privacy related services.2 Normative referencesThe following documents, in whole or in part, ar

36、e normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.ISO/IEC 7816-4:2013, Identification cards Integrated cir

37、cuit cards Part 4: Organization, security and commands for interchangeISO/IEC 7816-8:2016, Integrated circuit(s) cards with contacts Part 8: Commands for security operationsISO/IEC 9796-2:2010, Information technology Security techniques Digital signature schemes giving message recovery Part 2: Integ

38、er factorization based mechanismsPKCS #1 v2.1:2002, RSA Cryptography Standard, RSA Laboratories1)3 Terms and definitionsFor the purposes of this document, the terms and definitions apply as described in EN 419212-1.4 Abbreviations and notationFor the purposes of this document, the symbols and abbrev

39、iations apply as described in EN 419212-1.5 Additional Service SelectionAdditional services are typically used in the context of applications that use digital signatures.A well-known additional service is the client/server authentication. In this case, the ICC is used as a crypto toolbox, e.g. in or

40、der to encrypt a challenge with a private key, being stored in the ICC. This is particularly helpful in applications, where a tamper resistant device is required for client/server authentication. A secure ICC has the necessary tamper resistant quality and may therefore be used efficiently to support

41、 the application in this context.Document decryption is another known service which may be performed by the IFD. A terminal application receives a document, typically encrypted with a symmetric key. The symmetric key is also provided encrypted with a public key. The ICC contains the appropriate priv

42、ate key, deciphers the symmetric key and returns it to the terminal application.While the typical usage of a signature card is the generation of a digital signature, an application might want to verify a signature with a public key, being stored in the ICC. In this case an additional service is invo

43、ked for signature verification.ICCs used as national identification cards, travel documents or driving licences generally provide additional applications to enable eServices (e.g. eGovernment, eBusiness, ) including an ESIGN application. In the eID card context new privacy issues are to be put into

44、account, e.g. user tracking, 1) Available at http:/ BS EN 419212-5:2018EN 419212-5:2018 (E)data minimizing, unlinkability of transactions or domain specific identifiers. This standard specifies privacy preserving protocols and mechanisms as additional services.Additional services provided in the IC

45、C mandate the existence of an appropriate security environment. Associated security environments are described in EN 419212-2:2017, Annex A.In addition to the descriptive information found in DF.CIA (refer to EN 419212-2, clause 14) information might be required that can be presented in Security Ser

46、vice Descriptors. The concept of Security Service Descriptors is described in the Annex A.A user verification may be required prior to the usage of additional services. The password for this user verification shall be different from the password used for the signature generation. This is to maintain

47、 the purpose of the signature generation password for the sole purpose of a declaration of will in the case of a signature generation.Figure 1 shows an execution flow for an additional service. The corresponding technical implementation is given in this document.7BS EN 419212-5:2018EN 419212-5:2018

48、(E)Figure 1 Interaction sequences between application and QSCDAs the standard specifies various mechanisms for device and user authentication with a number of resulting combinations, Figure 2 shows execution flows for typical signature cards in different security and privacy context.8 BS EN 419212-5

49、:2018EN 419212-5:2018 (E)Figure 2 Example of additional service selection9BS EN 419212-5:2018EN 419212-5:2018 (E)Figure 2 shows the selection of additional services in the context of the ESIGN application. User verification might be required for some of the additional services. The detailed access conditions are described in the appropriate security environments.For security reasons the cryptographic information objects shall not reveal any information whic