ImageVerifierCode 换一换
格式:PDF , 页数:80 ,大小:1.58MB ,
资源ID:436472      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-436472.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI INCITS ISO IEC 7816-15-2004 Identification cards - Integrated circuit cards with contacts - Part 15 Cryptographic information application.pdf)为本站会员(twoload295)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI INCITS ISO IEC 7816-15-2004 Identification cards - Integrated circuit cards with contacts - Part 15 Cryptographic information application.pdf

1、INCITS/ISO/IEC 7816-15-2004 (ISO/IEC 7816-15:2004, IDT) Identification cards Integrated circuit cards with contacts Part 15: Cryptographic informationapplicationINCITS/ISO/IEC 7816-15-2004(ISO/IEC 7816-15:2004,IDT)INCITS/ISO/IEC 7816-15-2004 ii ITIC 2005 All rights reserved PDF disclaimer This PDF f

2、ile may contain embedded typefaces. In accordance with Adobes licensing policy, this file may be printed or viewed but shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In downloading this file, parties accept therein th

3、e responsibility of not infringing Adobes licensing policy. The ISO Central Secretariat accepts no liability in this area. Adobe is a trademark of Adobe Systems Incorporated. Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-

4、creation parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below. Adopted by INCITS (InterNationa

5、l Committee for Information Technology Standards) as an American National Standard. Date of ANSI Approval: 12/29/2005 Published by American National Standards Institute, 25 West 43rd Street, New York, New York 10036 Copyright 2005 by Information Technology Industry Council (ITI). All rights reserved

6、. These materials are subject to copyright claims of International Standardization Organization (ISO), International Electrotechnical Commission (IEC), American National Standards Institute (ANSI), and Information Technology Industry Council (ITI). Not for resale. No part of this publication may be

7、reproduced in any form, including an electronic retrieval system, without the prior written permission of ITI. All requests pertaining to this standard should be submitted to ITI, 1250 Eye Street NW, Washington, DC 20005. Printed in the United States of America INCITS/ISO/IEC 7816-15-2004 ITIC 2005

8、All rights reserved iii Contents Page Foreword vi Introduction . vii 1 Scope 1 2 Normative references .2 3 Terms and definitions 2 4 Symbols and abbreviated terms 5 4.1 Symbols 5 4.2 Abbreviated terms 6 5 Conventions .7 6 Cryptographic information objects7 6.1 Introduction 7 6.2 CIO classes .7 6.3 A

9、ttributes 8 6.4 Access restrictions 8 7 CIO files 8 7.1 Overview .8 7.2 IC card requirements 8 7.3 Card file structure.9 7.4 EF.DIR .9 7.5 Contents of DF.CIA . 10 7.5.1 Overview . 10 7.5.2 The CIAInfo EF 10 7.5.3 EF.OD 11 7.5.4 CIO Directory files 11 7.5.5 DF.CIA selection . 12 8 Information syntax

10、in ASN.1 13 8.1 Guidelines and encoding conventions 13 8.2 Basic ASN.1 defined types . 13 8.2.1 Identifier 13 8.2.2 Reference 13 8.2.3 Label . 13 8.2.4 CredentialIdentifier . 13 8.2.5 ReferencedValue and Path . 14 8.2.6 ObjectValue 15 8.2.7 PathOrObjects 15 8.2.8 CommonObjectAttributes 15 8.2.9 Comm

11、onKeyAttributes . 17 8.2.10 CommonPrivateKeyAttributes . 18 8.2.11 CommonPublicKeyAttributes 19 8.2.12 CommonSecretKeyAttributes 19 8.2.13 GenericKeyAttributes . 19 8.2.14 KeyInfo 19 8.2.15 CommonCertificateAttributes 20 8.2.16 GenericCertificateAttributes 21 8.2.17 CommonDataContainerObjectAttribut

12、es 21 8.2.18 CommonAuthenticationObjectAttributes 21 8.2.19 The CIO type . 21 8.3 The CIOChoice type . 22 INCITS/ISO/IEC 7816-15-2004 iv ITIC 2005 All rights reserved 8.4 Private key information objects . 23 8.4.1 PrivateKeyChoice . 23 8.4.2 Private RSA key attributes . 23 8.4.3 Private Elliptic Cur

13、ve key attributes 23 8.4.4 Private Diffie-Hellman key attributes . 24 8.4.5 Private DSA key attributes . 24 8.4.6 Private KEA key attributes . 24 8.4.7 Generic Private key information objects . 24 8.5 Public key information objects 24 8.5.1 PublicKeyChoice 24 8.5.2 Public RSA key attributes 25 8.5.3

14、 Public Elliptic Curve key attributes . 25 8.5.4 Public Diffie-Hellman key attributes 26 8.5.5 Public DSA key attributes 26 8.5.6 Public KEA key attributes 26 8.5.7 Generic public key information objects 27 8.6 Secret key information objects 27 8.6.1 SecretKeyChoice 27 8.6.2 Algorithm independent ke

15、y attributes . 27 8.6.3 The GenericSecretKey type . 27 8.7 Certificate information objects 27 8.7.1 CertificateChoice 27 8.7.2 X.509 certificate attributes . 28 8.7.3 X.509 attribute certificate attributes 28 8.7.4 SPKI certificate attributes 28 8.7.5 PGP (Pretty Good Privacy) certificate attributes

16、 29 8.7.6 WTLS certificate attributes 29 8.7.7 ANSI X9.68 domain certificate attributes 29 8.7.8 Card Verifiable Certificate attributes . 29 8.7.9 Generic certificate attributes . 30 8.8 Data container information objects . 30 8.8.1 DataContainerObjectChoice 30 8.8.2 Opaque data container object att

17、ributes . 30 8.8.3 ISO/IEC 7816 data object attributes . 30 8.8.4 Data container information objects identified by OBJECT IDENTIFIERS 30 8.9 Authentication information objects . 31 8.9.1 AuthenticationObjectChoice 31 8.9.2 Password attributes . 31 8.9.3 Biometric reference data attributes . 33 8.9.4

18、 Authentication objects for external authentication 35 8.10 The cryptographic information file, EF.CIAInfo 35 Annex A (normative) ASN.1 module . 38 Annex B (informative) CIA example for cards with digital signature and authentication functionality 52 B.1 Introduction 52 B.2 CIOs 52 B.3 Access contro

19、l . 53 Annex C (informative) Example topologies 55 Annex D (informative) Examples of CIO values and their encodings . 57 D.1 Introduction 57 D.2 EF.OD 57 D.2.1 ASN.1 value notation . 57 D.2.2 ASN.1 description, tags, lengths and values 58 D.2.3 Hexadecimal DER-encoding 58 D.3 EF.CIAInfo 59 D.3.1 ASN

20、.1 value notation . 59 D.3.2 ASN.1 description, tags, lengths and values 59 D.3.3 Hexadecimal DER-encoding 59 INCITS/ISO/IEC 7816-15-2004 ITIC 2005 All rights reserved v D.4 EF.PrKD 59 D.4.1 ASN.1 value notation 59 D.4.2 ASN.1 description, tags, lengths and values 60 D.4.3 Hexadecimal DER-encoding 6

21、1 D.5 EF. CD . 62 D.5.1 ASN.1 value notation 62 D.5.2 ASN.1 description, tags, lengths and values 63 D.5.3 Hexadecimal DER-encoding 64 D.6 EF.AOD . 64 D.6.1 ASN.1 value notation 64 D.6.2 ASN.1 description, tags, lengths and values 65 D.6.3 Hexadecimal DER-encoding 66 D.7 EF.DCOD . 67 D.7.1 ASN.1 val

22、ue notation 67 D.7.2 ASN.1 description, tags, lengths and values 67 D.7.3 Hexadecimal DER-encoding of DCOD . 67 D.8 Application Template (within the EF.DIR) 68 D.8.1 ASN.1 value notation 68 D.8.2 ASN.1 description, tags, lengths and values in ApplicationTemplate . 68 D.8.3 Hexadecimal DER-encoding o

23、f ApplicationTemplate . 68 Bibliography 70 INCITS/ISO/IEC 7816-15-2004 vi ITIC 2005 All rights reserved Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies

24、 that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other int

25、ernational organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules give

26、n in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval b

27、y at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 7816-15 was prepared by Joint

28、Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 17, Cards and personal identification. ISO/IEC 7816 consists of the following parts, under the general title Identification cards Integrated circuit cards with contacts: Part 1: Physical characteristics Part 2: Dimensions and

29、 location of the contacts Part 3: Electronic signals and transmission protocols Part 4: Organisation, security and commands for interchange Part 5: Registration of application providers Part 6: Interindustry data elements for interchange Part 7: Interindustry commands for Structured Card Query Langu

30、age (SCQL) Part 8: Commands for security operations Part 9: Commands for card management Part 10: Electronic signals and answer to reset for synchronous cards Part 11: Personal verification through biometric methods Part 15: Cryptographic information application INCITS/ISO/IEC 7816-15-2004 ITIC 2005

31、 All rights reserved vii Introduction Integrated circuit cards with cryptographic functions can be used for secure identification of users of information systems as well as for other core security services such as non-repudiation with digital signatures and distribution of enciphering keys for confi

32、dentiality. The objective of this part of ISO/IEC 7816 is to provide a framework for such services based on available international standards. A main goal has been to provide a solution that may be used in large-scale systems with several issuers of compatible cards, providing for international inte

33、rchange. It is flexible enough to allow for many different environments, while still preserving the requirements for interoperability. A number of data structures have been provided to manage private keys and key fragments, to support a public key certificate infrastructure and flexible management o

34、f user and entity authentication. This part of ISO/IEC 7816 is based on PKCS #15 v1.1 (see the bibliography). The relationship between these documents is as follows: a common core is identical in both documents; those components of PKCS #15 which do not relate to IC cards have been removed; this par

35、t of ISO/IEC 7816 includes enhancements to meet specific IC card requirements. AMERICAN NATIONAL STANDARD INCITS/ISO/IEC 7816-15-2004 ITIC 2005 All rights reserved 1 Identification cards Integrated circuit cards with contacts Part 15: Cryptographic information application 1 Scope This part of ISO/IE

36、C 7816 specifies an application in a card. This application contains information on cryptographic functionality. This part of ISO/IEC 7816 defines a common syntax and format for the cryptographic information and mechanisms to share this information whenever appropriate. The objectives of this part o

37、f ISO/IEC 7816 are to: facilitate interoperability among components running on various platforms (platform neutral); enable applications in the outside world to take advantage of products and components from multiple manufacturers (vendor neutral); enable the use of advances in technology without re

38、writing application-level software (application neutral); and maintain consistency with existing, related standards while expanding upon them only where necessary and practical. It supports the following capabilities: storage of multiple instances of cryptographic information in a card; use of the c

39、ryptographic information; retrieval of the cryptographic information, a key factor for this is the notion of Directory Files, which provides a layer of indirection between objects on the card and the actual format of these objects; cross-referencing of the cryptographic information with DOs defined

40、in other parts of ISO/IEC 7816 when appropriate; different authentication mechanisms; and multiple cryptographic algorithms (the suitability of these is outside the scope of this part of ISO/IEC 7816). This part of ISO/IEC 7816 does not cover the internal implementation within the card and/or the ou

41、tside world. It shall not be mandatory for implementations complying with this International Standard to support all options described. In case of discrepancies between ASN.1 definitions in the body of the text and the module in Annex A, Annex A takes precedence. INCITS/ISO/IEC 7816-15-2004 2 ITIC 2

42、005 All rights reserved 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. IS

43、O/IEC 7816 (all parts), Identification cards Integrated circuit cards with contacts ISO/IEC 8824-1:1998, Information technology Abstract Syntax Notation One (ASN.1): Specification of basic notation ISO/IEC 8824-2:1998, Information technology Abstract Syntax Notation One (ASN.1): Information object s

44、pecification ISO/IEC 8824-3:1998, Information technology Abstract Syntax Notation One (ASN.1): Constraint specification ISO/IEC 8824-4:1998, Information technology Abstract Syntax Notation One (ASN.1): Parameterization of ASN.1 specifications ISO/IEC 8825-1:1998, Information technology ASN.1 encodin

45、g rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) ISO 9564-1:2002, Banking Personal Identification Number (PIN) management and security Part 1: Basic principles and requirements for online PIN handling in ATM and POS systems I

46、SO/IEC 9594-8:1998, Information technology Open Systems Interconnection The Directory: Authentication framework ISO/IEC 10646-1:2000, Information technology Universal Multiple-Octet Coded Character Set (UCS) Part 1: Architecture and Basic Multilingual Plane ANSI X9.42-2001, Public Key Cryptography f

47、or the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography ANSI X9.62-1998, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA) 3 Terms and definitions For the purposes of this document, the fo

48、llowing terms and definitions apply. 3.1 absolute path path that starts with the file identifier 3F00 3.2 application data structures, data elements and program modules needed for performing a specific functionality ISO/IEC 7816-4 3.3 application identifier data element that identifies an applicatio

49、n in a card NOTE Adapted from ISO/IEC 7816-4. INCITS/ISO/IEC 7816-15-2004 ITIC 2005 All rights reserved 3 3.4 application provider entity providing the components required for performing an application in the card ISO/IEC 7816-4 3.5 authentication information object cryptographic information object that provides information about authentication related data, e.g. a password 3.6 authentication object directory file elementary file containing authentication information

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1