ANSI INCITS 504-4-2013 Information Technology C Generic Identity Command Set C Part 4 Card Application Profile Template.pdf

1、American National StandardDeveloped byfor Information Technology Generic Identity Command Set Part 4: Card ApplicationProfile TemplateINCITS 504-4-2013INCITS 504-4-2013INCITS 504-4-2013American National Standardfor Information Technology Generic Identity Command Set Part 4: Card Application Profile

2、TemplateSecretariatInformation Technology Industry CouncilApproved September 26, 2013American National Standards Institute, Inc.Approval of an American National Standard requires review by ANSI that therequirements for due process, consensus, and other criteria for approval havebeen met by the stand

3、ards developer.Consensus is established when, in the judgement of the ANSI Board ofStandards Review, substantial agreement has been reached by directly andmaterially affected interests. Substantial agreement means much more thana simple majority, but not necessarily unanimity. Consensus requires tha

4、t allviews and objections be considered, and that a concerted effort be madetowards their resolution.The use of American National Standards is completely voluntary; theirexistence does not in any respect preclude anyone, whether he has approvedthe standards or not, from manufacturing, marketing, pur

5、chasing, or usingproducts, processes, or procedures not conforming to the standards.The American National Standards Institute does not develop standards andwill in no circumstances give an interpretation of any American NationalStandard. Moreover, no person shall have the right or authority to issue

6、 aninterpretation of an American National Standard in the name of the AmericanNational Standards Institute. Requests for interpretations should beaddressed to the secretariat or sponsor whose name appears on the titlepage of this standard.CAUTION NOTICE: This American National Standard may be revise

7、d orwithdrawn at any time. The procedures of the American National StandardsInstitute require that action be taken periodically to reaffirm, revise, orwithdraw this standard. Purchasers of American National Standards mayreceive current information on all standards by calling or writing the AmericanN

8、ational Standards Institute.American National StandardPublished byAmerican National Standards Institute, Inc.25 West 43rd Street, New York, NY 10036Copyright 2013 by Information Technology Industry Council (ITI)All rights reserved.No part of this publication may be reproduced in anyform, in an elect

9、ronic retrieval system or otherwise,without prior written permission of ITI, 1101 K Street NW, Suite 610, Washington, DC 20005. Printed in the United States of AmericaCAUTION: The developers of this standard have requested that holders of patents that may berequired for the implementation of the sta

10、ndard disclose such patents to the publisher. However,neither the developers nor the publisher have undertaken a patent search in order to identifywhich, if any, patents may apply to this standard. As of the date of publication of this standardand following calls for the identification of patents th

11、at may be required for the implementation ofthe standard, no such claims have been made. No further patent search is conducted by the de-veloper or publisher in respect to any standard it processes. No representation is made or impliedthat licenses are not required to avoid infringement in the use o

12、f this standard.iContents 1. Overview 1 1.1 Scope 2 1.2 Purpose . 2 1.3 Normative References 2 2. Definitions, abbreviations and conventions . 3 2.1 Terms and Definitions . 3 2.2 Acronyms, Abbreviations and Symbols 3 2.3 Conventions 3 3. Card Application Profile Template . 3 3.1 Card Application Pro

13、file Template Name 4 3.2 Card Profile Description 4 3.3 Global Objects Description 4 3.3.1 EF ATR/INFO File . 4 3.3.2 EF DIR File 4 3.3.3 Card Capability Description . 4 3.4 Data Structures for Identity Credentials 5 3.4.1 Application Dedicated Files . 5 3.4.2 Application Capability Description . 5

14、3.4.3 Elementary Files 5 3.4.4 Data Objects 6 3.5 Keys and Certificates association . 6 3.6 Optional Files and objects . 6 3.7 Security Architecture . 7 3.8 Security Environment 7 3.9 Life Cycle Management 8 3.10 Assigned Values . 8 3.11 Additional Requirements . 8 3.12 Annexes 8 3.12.1 Annex 1 . 8

15、3.13 References 8 Tables Table 1: Profile Dependencies 4 Table 2: Application Dedicated File 5 Table 3: ADF File Control Parameter Template 5 Table 4: Elementary Files Associations 5 Table 5 : Data Object Associations . 6 Table 6 : Keys and Certificates Associations 6 Table 7: File Control Parameter

16、s Data Objects 7 Table 8 : File Control Parameters . 7 Foreword (This foreword is not part of American National Standard INCITS 504-4-2013.)This American National Standard describes the administration (as opposed to appli-cation) commands of the Generic Identity Command Set.Requests for interpretati

17、on, suggestions for improvement or addenda, or defect re-ports are welcome. They should be sent to the InterNational Committee for Informa-tion Technology Standards, 1101 K Street NW, Suite 610, Washington, DC 20005.This standard was processed and approved for submittal to ANSI by INCITS. Com-mittee

18、 approval of this standard does not necessarily imply that all committee mem-bers voted for its approval. At the time it approved this standard, INCITS had thefollowing members:Philip Wennblom, ChairJennifer Garner, SecretaryOrganization Represented Name of RepresentativeAdobe Systems, Inc Scott Fos

19、hee Steve Zilles (Alt.)AIM Global, Inc. . Steve HallidayChuck Evanhoe (Alt.)Dan Kimball (Alt.)Apple . Helene WorkmanMarc Braner (Alt.)David Singer (Alt.)Distributed Management Task Force John Crandall Jeff Hilland (Alt.)Lawrence Lamers (Alt.)EMC Corporation . Gary RobinsonStephen Diamond (Alt.)Faran

20、ce, Inc Frank FaranceTimothy Schoechle (Alt.)Futurewei Technologies, Inc. Yi ZhaoTimothy Jeffries (Alt.)Wilbert Adams (Alt.)GS1GO. Frank SharkeyCharles Biss (Alt.)Hewlett-Packard Company Karen Higginbottom Paul Jeran (Alt.)IBM Corporation Alexander TarpinianRobert Weir (Alt.)Arnaud Le Hors (Alt.)Ste

21、ve Holbrook (Alt.)Gerald Lane (Alt.)IEEE . Jodie HaaszTerry deCourcelle (Alt.)Bob Labelle (Alt.)Tina Alston (Alt)Intel Philip Wennblom Grace Wei (Alt.)Stephen Balogh (Alt.)Microsoft Corporation . Jim Hughes Dick Brackney (Alt.)John Calhoon (Alt.)National Institute of Standards card issuers will mana

22、ge a simple platform based on a successful and largely adopted schema; middleware and operating system providers will be able to adapt to different identity applications that are based on a single GICS standard. The Card Application profile template defines the template that is used to describe the

23、data model of the GICS card application. 1.2 Purpose The purpose of this part of the Generic Identity Command Set standard is to define the card profile template to use to describe the set of data elements and architecture required for GICS applications resident on a single platform. The use of such

24、 card profile template to describe a Card profile application should help relying parties to have a detailed and consistent card data model for all GICS applications. 1.3 Normative References The following referenced documents are indispensable for the application of this document. For dated referen

25、ces, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. The following standards contain provisions that, through reference in the text, constitute provisions of this standard. At the time of publication, the editi

26、ons indicated were valid. All standards are subject to revision, and parties to agreements based on this standard are encouraged to investigate the possibility of applying the most recent editions of the standards listed below. Copies of the following documents can be obtained from ANSI: 1) approved

27、 ANSI standards, 2) approved international standards (ISO, IEC), and 3) approved and draft foreign standards (including JIS and DIN). For further information, contact ANSI Customer INCITS 504-4-2013 3 Service Department at 212-642-4900 (phone), 212-302-1286 (fax), or via the World Wide Web at http:/

28、www.ansi.org. ANSI INCITS 504-1, Generic Identity Command Set Part 1: Card Application Command Set ANSI INCITS 504-2, Generic Identity Command Set Part 2: Card Administration Command Set ISO/IEC 8825-1:2002, Information technology - ASN.1 encoding rules: Specification of Basic Encoding Rules (BER),

29、Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER). 2 Definitions, abbreviations and conventions 2.1 Terms and Definitions For the purposes of this document, the terms and definitions used in this document are defined in GICS Part 1 and GICS Part 2 section 2.1. 2.2 Acronyms, Abbre

30、viations and Symbols For the purposes of this document, the acronyms, abbreviations and symbols used in this document are defined in GICS Part 1 and GICS Part 2 section 2.2. 2.3 Conventions For the purposes of this document, the conventions used in this document are defined in GICS Part 1 and GICS P

31、art 2 Section 2.3. 3. Card Application Profile Template The Card Application Profile template is used to describe the electrical profile of the Smart card applications. This template could be used to describe the card configuration required for your GICS applications. The template could be used to d

32、escribe the configuration for each of the card life states when it is necessary. INCITS 504-4-2013 4 3.1 Card Application Profile Name Profile Name: Application Profile Template Version: 1.0 Profiles on which this profile is dependent are listed in Table 1. Profile Name Version Application AID Table

33、 1 Profile Dependencies 3.2 Card Profile Description Describe the purpose of the profile and provide general information about the application. 3.3 Global Objects Description Describe the mandatory Global objects always accessible from the card-manager application and accessible from other GICS appl

34、ications. 3.3.1 EF ATR/INFO File Describe the EF ATR/Info data file. 3.3.2 EF DIR File Describe the EF DIR file data file. 3.3.3 Card Capability Description Describe the Card Capability Description (CCD) object. INCITS 504-4-2013 5 3.4 Data Structures for Identity Credentials 3.4.1 Application Dedic

35、ated File Describe Application Dedicated File (ADF) used in the profile, including which Data Objects, EFs, and DFs are contained in the application. ADF AID Description Table 2 Application Dedicated File Describe ADF File Control Parameter Template: Tag Length Value Description Table 3 ADF File Con

36、trol Parameter Template 3.4.2 Application Capability Description Describe Application Capability Description (ACD) data object for each card application. 3.4.3 Elementary Files Describe Elementary Files used in the Application profile, including which Data Objects are contained in each EF and which

37、ADFs the EFs will belong to (if any). EF type File ID BER-TLV Tag Child data object Parent ADFs Table 4 - Elementary Files Associations INCITS 504-4-2013 6 3.4.4 Data Objects Describe Data Objects used in the Application profile, and their relationships with EFs. Object Name Tag Length Value EF/DF A

38、ssociations Table 5 Data Object Associations 3.5 Keys and Certificates association Declare dependencies between keys and certificates used in this profile. Key Reference Key EF Certificate EF Description Table 6 Keys and Certificates Associations 3.6 Optional Files and objects Declare optional files

39、 and objects for this Application profile. INCITS 504-4-2013 7 3.7 Security Architecture Describe the FCP for each file and the associated security attributes for each Data Object. Tag Length Value 82 1 File descriptor byte 83 2 File identifier 84 Var. Application dedicated file name 87 2 File ident

40、ifier of an EF containing FCI data object (tag 6F) 8A 1 Life cycle status byte. Description of the initial state at least 8C Var. Security attribute in compact format ACR A0 Var. Security attribute template for data objects to be removed. Not applicable. AB Var. Security attribute template in expand

41、ed format used to describe the logical combination of rules or to protect commands other than read/write/activate AC Var. Cryptographic mechanism identifier template CRT list Table 7 File Control Parameters Data Objects This section should describe the Access Control rules, Security Status and Secur

42、ity Attributes associated to each file or security data object. 3.8 Security Environment Describe which Control Reference Templates shall be present in the security environment for the application. FCP type Tag Val Description Table 8 File Control Parameters INCITS 504-4-2013 8 3.9 Life Cycle Manage

43、ment Describe life cycle states associated with the application, and conditions and mechanisms for transitioning between states. Refer to the life cycle state diagrams in Part 2. File management life cycle: see access condition of the ADF and/or at the EF level 3.10 Assigned Values Describe any appl

44、ication specific assigned values. Define reference values for authentication protocols as required by GICS Part 1. 3.11 Additional Requirements Provide any additional details or requirements for the application not covered elsewhere 3.12 Annexes 3.12.1 Annex 1 Provide any Annex data relevant to the application. 3.13 References Provide relevant references to external standards and documents.