ImageVerifierCode 换一换
格式:PDF , 页数:28 ,大小:1MB ,
资源ID:436403      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-436403.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI INCITS ISO IEC 24727-1-2007 Identification cards - Integrated circuit card programming interfaces - Part 1 Architecture.pdf)为本站会员(花仙子)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI INCITS ISO IEC 24727-1-2007 Identification cards - Integrated circuit card programming interfaces - Part 1 Architecture.pdf

1、INCITS/ISO/IEC 24727-1-20072008 (ISO/IEC 24727-1:2007, IDT) Identification cards Integrated circuit cardprogramming interfaces Part 1: ArchitectureINCITS/ISO/IEC 24727-1-20072008(ISO/IEC 24727-1:2007, IDT)INCITS/ISO/IEC 24727-1-20072008 ii ITIC 2008 All rights reserved PDF disclaimer This PDF file m

2、ay contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein the res

3、ponsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creat

4、ion parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Adopted by INCITS (InterNational Com

5、mittee for Information Technology Standards) as an American National Standard. Date of ANSI Approval: 1/7/2008 Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2008 by Information Technology Industry Council (ITI). All rights reserved. These

6、 materials are subject to copyright claims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be reprodu

7、ced in any form, including an electronic retrieval system, without the prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America INCITS/ISO/IEC 24727-1-20072008 ITIC 2008 All

8、 rights reserved iii Contents Page Foreword iv Introduction .v 1 Scope 1 2 Normative references .1 3 Terms and definitions 1 4 Abbreviated terms 3 5 Interoperability .3 6 Architecture 4 6.1 General4 6.2 Architectural attributes 4 6.3 Logical architecture .4 6.4 Protocol independence 5 6.5 Client-app

9、lication service access layer interface .5 6.6 Capability description 6 6.7 Data model 6 6.8 Generic card interface 6 7 Security rationale .7 Annex A (informative) Implementation configuration examples .8 A.1 General8 A.2 Discrete layer configuration. 10 A.3 Combined configuration 11 A.4 On-ICC gene

10、ric card access layer configuration 12 A.5 On-ICC implementation of service access and generic card access layers 13 A.6 Loadable/fixed non-ICC components hosting of capability description 14 A.7 Web service configuration . 15 A.8 Multiple application configuration . 16 A.9 Distributed implementatio

11、n of the stack . 17 A.10 Distributed implementation using a trust mechanism 18 Bibliography 19 INCITS/ISO/IEC 24727-1-20072008 iv ISO/IEC 2007 All rights reserved Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specia

12、lized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical com

13、mittees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Internatio

14、nal Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. P

15、ublication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all

16、 such patent rights. ISO/IEC 24727-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 17, Cards and personal identification. ISO/IEC 24727 consists of the following parts, under the general title Identification cards Integrated circuit card programming

17、 interfaces: Part 1: Architecture Part 2: Generic card interface Part 3: Application interface API administration and testing will form the subjects of the future Parts 4 and 5, respectively. INCITS/ISO/IEC 24727-1-20072008 ITIC 2008 All rights reserved v Introduction ISO/IEC 24727 is a set of progr

18、amming interfaces for interactions between integrated circuit cards (ICCs) and external applications to include generic services for multi-sector use. The organization and the operation of the ICC conform to ISO/IEC 7816-4. ISO/IEC 24727 is relevant to ICC applications desiring interoperability amon

19、g diverse application domains. ISO/IEC 24727 defines interfaces such that independent implementations are interoperable. Services may be discoverable through mechanisms detailed in ISO/IEC 24727. ISO/IEC 24727 discovery methods include provisions for a client-application to discover card-application

20、s available for selection on the ICC, information about each card-application. ISO/IEC 24727-1 specifies the conceptual framework. It provides essential background information for the subsequent parts. Developers using ISO/IEC 24727 are encouraged to read this introductory part of ISO/IEC 24727. The

21、 other parts provide technical details of the concepts specified in ISO/IEC 24727-1. ISO/IEC 24727-2 details the functionality and related information structures available to the implementation of the interface defined in ISO/IEC 24727-3. ISO/IEC 24727-3 details service access mechanisms to initiate

22、 their use by a client-application. ISO/IEC 24727-4 will detail trust mechanisms and connectivity mechanisms between adjacent components in the communication stack. ISO/IEC 24727-5 will detail test mechanisms. Functionality for ISO/IEC 24727-3 usually resides outside of the ICC. Functionality for IS

23、O/IEC 24727-2 may reside inside the ICC. AMERICAN NATIONAL STANDARD INCITS/ISO/IEC 24727-1-20072008 ITIC 2008 All rights reserved 1 Identification cards Integrated circuit card programming interfaces Part 1: Architecture 1 Scope ISO/IEC 24727 is a set of programming interfaces for interactions betwe

24、en integrated circuit cards and external applications to include generic services for multi-sector use. The organization and the operation of the ICC conform to ISO/IEC 7816-4. This part of ISO/IEC 24727 specifies system architecture and principles of operation, a capabilities discovery mechanism, s

25、ecurity rationale. ISO/IEC 24727-1 is independent of physical interface technology. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of th

26、e referenced document (including any amendments) applies. ISO/IEC 7816-4:2005 Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 authentica

27、tion process of assessing a level of confidence in identity or identification 3.2 authentication protocol specific process for authentication 3.3 card integrated circuit card INCITS/ISO/IEC 24727-1-20072008 2 ITIC 2008 All rights reserved 3.4 card-application uniquely addressable set of functionalit

28、ies on an ICC that provide data storage and computational services to a client-application 3.5 client-application processing software needing access to one or more card-application(s) 3.6 data element item of information seen at the interface for which are specified a name, a description of logical

29、content, a format and a coding ISO/IEC 7816-4 3.7 data set named collection of data structures for interoperability 3.8 data structure for interoperability ISO/IEC 7816-4 file identified by a two-byte file identifier or an ISO/IEC 8825 BER-TLV data object identified by an octet string encoding an AS

30、N.1 tag 3.9 differential-identity set of information that comprises a name, a marker, and an authentication protocol 3.10 generic card access layer component which provides an ISO/IEC 24727-2 interface to a service access layer 3.11 identification collective aspect of a set of characteristics and pr

31、ocesses by which an entity is recognizable or known 3.12 interface point at which independent and often unrelated systems meet and act on or communicate with each other 3.13 interoperability ability for any card-application interface that conforms to ISO/IEC 24727 to be used by any client-applicatio

32、n conforming to ISO/IEC 24727 3.14 marker item of information within a differential-identity representing a unique characteristic of an entity 3.15 middleware software that connects two otherwise separate applications 3.16 service set of processing functions available at an interface 3.17 service ac

33、cess layer component which provides an ISO/IEC 24727-3 API to a client-application INCITS/ISO/IEC 24727-1-20072008 ISO/IEC 2007 All rights reserved 3 4 Abbreviated terms AID application identifier ACD application capability description APDU application protocol data unit API application programming

34、interface BER basic encoding rules CCD card capability description DSI data structure for interoperability GCAL generic card access layer GCI generic card interface IAS identity, authentication, and (digital) signature services ICC integrated circuit card IFD interface device OID object identifier P

35、KI public key infrastructure RFU reserved for future use by ISO/IEC SAL service access layer TLV tag-length-value URL uniform resource locator 5 Interoperability Interoperability is the ability for any card-application interface that conforms to ISO/IEC 24727 to be used by any client-application con

36、forming to ISO/IEC 24727. ISO/IEC 24727 defines a set of interfaces and discovery mechanisms such that independent implementations are functionally equivalent as verifiable by testing. ISO/IEC 24727 defines interfaces at two levels between the client-application and a service interface, between a se

37、rvice access layer and a generic card interface. For each specified interface, the relevant parts of ISO/IEC 24727 shall define which functionality shall be supported. ISO/IEC 24727 applies to an ICC providing directly, or indirectly, a capability description. Capability description is described in

38、6.6. INCITS/ISO/IEC 24727-1-20072008 4 ITIC 2008 All rights reserved The service interface, generic card interface, and capability descriptions may be extended according to the future development of ICC technologies. 6 Architecture 6.1 General ISO/IEC 24727 partitions functionality between a client-

39、application running on a host platform and a layered set of services that can be used by a client-application. The organization of services is further defined into a service interface, a generic card interface, and one or more card-applications resident on an ICC. 6.2 Architectural attributes The se

40、rvice interface implements features given in 6.5. The generic card interface implements features given in 6.8. The connectivity interface implements features given in 6.9. The trusted channel interface implements features given in 6.10. Card-applications manage data sets. Each data set is named and

41、the card-application list of data set names is available to the client-application by direct knowledge or discovery. A client-application uses the data set name when requesting a service to be performed on a data set. Access to data sets is controlled through an access control list. The access contr

42、ol list describes the security conditions that shall be satisfied in order to perform an action on the data set. ISO/IEC 24727-3 provides additional detail on access control lists, identities, and actions. Card-applications are organized on an ICC as an alpha card-application and one or more card-ap

43、plications. Card-applications are selectable by AID at the service interface. 6.3 Logical architecture Figure 1 illustrates the relationships between a client-application, the layers and interfaces defined in ISO/IEC 24727, and a card-application resident on an ICC. The flow of requests from the cli

44、ent-application to the card-application is shown as directional arrows indicating either a request or a confirmation. The naming of each arrow conveys functionality being supported by the standard. The actual format and syntax of a request or a confirmation is not detailed in this part of ISO/IEC 24

45、727. INCITS/ISO/IEC 24727-1-20072008 ISO/IEC 2007 All rights reserved 5 ICC ServicesCar d - A p p li ca t i o nSpeci f ic In terface (O u t of Scope )S e rv i c e A c c e s s La y e rGe ne ri c C a rd A c c e s s La y e rServi c e I n te rf a ce I SO/I EC 247 27 - 3Gen er i c Ca rd In terf a ce I SO

46、/I E C 24727 - 2Tr u s tM e c h a n i s m *Tr u s tM e c h a n i s m *A c t i o nR e q u e s tA c t i o nC o n f i r m a t i o nG e n e r i cR e q u e s tG e n e r i cC o n f i r m a t i o nS p e c i f i cR e q u e s tS p e c i f i cC o n f i r m a t i o nClie n t - A p p lic a t i o n(*)Note: No n

47、e, o n e or b ot h of th ese m ech a nism s m ay e x i stFigure 1 Logical architecture of ISO/IEC 24727 Functionality of ISO/IEC 24727 can be implemented in more than one manner. 6.4 Protocol independence ISO/IEC 24727 defined interfaces are specified in a manner independent of the protocols require

48、d to establish the communication between the client-application and card-application. Figure 1 shows a stack of layers and interfaces. A proxy is an implementation of the interface of a stack element to allow the stack element implementation to be split. For example, card-application in Figure 1 is

49、a proxy for the actual card. See Annex A for details on the configurations of implementations of the stack. 6.5 Client-application service access layer interface ISO/IEC 24727-3 provides a detailed description of the service interface available to a client-application. An implementation of the service interface translates an action request into one or more generic requests, INCITS/ISO/IEC 24727-1-20072008 6 ITIC 2008 All rights reserved translates one or more generic confirmations into an

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1