EN 419212-1-2014 en Application Interface for smart cards used as Secure Signature Creation Devices - Part 1 Basic services (Remains Current)《安全签名生成设备智能卡的应用接口 第1部分 基本服务》.pdf

1、BSI Standards PublicationBS EN 419212-1:2014Application Interface for smartcards used as Secure SignatureCreation DevicesPart 1: Basic servicesBS EN 419212-1:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN 419212-1:2014.It supersedes BS EN 14890-1:2008 whic

2、h is withdrawn.The UK participation in its preparation was entrusted to TechnicalCommittee IST/17, Cards and personal identification.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessaryprovisio

3、ns of a contract. Users are responsible for its correctapplication. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 77109 5ICS 35.240.15Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was published und

4、er the authority of theStandards Policy and Strategy Committee on 31 December 2014.Amendments issued since publicationDate Text affectedBS EN 419212-1:2014EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419212-1 December 2014 ICS 35.240.15 Supersedes EN 14890-1:2008English Version Application I

5、nterface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services Interface applicative des cartes puces utilises comme dispositifs de cration de signature numrique scuriss - Partie 1 : Services de base Anwendungsschnittstelle fr Chip-Karten, die zur Erzeugung qualifizierte

6、r elektronischer Signaturen verwendet werden - Teil 1: Allgemeine Dienste This European Standard was approved by CEN on 27 September 2014. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a nation

7、al standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French, German). A versi

8、on in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Cz

9、ech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.

10、EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 419212-1:201

11、4 EBS EN 419212-1:2014EN 419212-1:2014 (E) 2 Contents Page Foreword 7 Introduction .9 1 Scope . 10 2 Normative references . 10 3 Terms and definitions 11 4 Symbols and abbreviations . 15 5 Signature application . 18 5.1 Application Flow . 18 5.2 Trusted environment versus untrusted environment . 22

12、5.3 Selection of ESIGN application . 22 5.3.1 General . 22 5.3.2 Exceptions for Secure Messaging 23 5.4 Selection of cryptographic information application . 23 5.5 Concurrent usage of signature applications . 24 5.5.1 General . 24 5.5.2 Methods of channel selection . 24 5.5.3 Security issues on mult

13、iple channels 24 5.6 Security environment selection 24 5.7 Key selection . 25 5.8 Security Services 25 6 User verification 26 6.1 General . 26 6.2 Knowledge based user verification 26 6.2.1 General . 26 6.2.2 Explicit user verification 27 6.2.3 Password based mechanisms . 28 6.2.4 Presentation forma

14、ts 28 6.2.5 Retry and Usage counters . 28 6.2.6 Password Change . 29 6.2.7 Reset of RC and setting a new password 29 6.3 Biometric user verification 30 6.3.1 General . 30 6.3.2 Retrieval of the Biometric Information Template 31 6.3.3 Performing the biometric user verification 32 6.3.4 Reset of RC 34

15、 7 Digital Signature Service . 34 7.1 General . 34 7.2 Signature generation algorithms 35 7.3 Activation of digital signature service 35 7.4 General aspects 36 7.5 Signature Generation . 37 7.5.1 General . 37 7.5.2 No hashing in Card . 37 7.5.3 Partial hashing 38 7.5.4 All hashing in ICC . 39 7.6 Se

16、lection of different keys, algorithms and input formats . 40 7.6.1 General . 40 7.6.2 Restore an existing SE . 41 7.6.3 Setting the Hash Template (HT) of a current Security Environment (SE) . 42 7.6.4 Modify the Digital Signature Template (DST) of a current Security Environment (SE) . 42 7.7 Read ce

17、rtificates and certificate related information 43 BS EN 419212-1:2014EN 419212-1:2014 (E) 3 7.7.1 General . 43 7.7.2 Read certificate related CIOs 43 7.7.3 Read signers certificate from ICC . 44 7.7.4 Retrieval of the signers certificate from a directory service 44 8 Device authentication . 45 8.1 G

18、eneral . 45 8.2 Asymmetric Authentication introduction 46 8.3 Certification authorities and certificates . 46 8.3.1 Certificate chains . 46 8.3.2 Usage of link certificates 47 8.4 Authentication environments . 48 8.4.1 General . 48 8.4.2 SCA in trusted environment . 48 8.4.3 SCA in untrusted environ

19、ment 48 8.4.4 Specification of the environment . 49 8.4.5 Display message mechanism 49 8.4.6 Additional authentication environments . 49 8.5 Key transport and key agreement mechanisms 49 8.6 Key transport protocol based on RSA 50 8.6.1 General . 50 8.6.2 Authentication Steps . 52 8.6.3 Session Key c

20、reation 62 8.7 Device authentication with privacy protection . 63 8.7.1 General . 63 8.7.2 Authentication steps . 63 8.8 Privacy constrained Modular EAC (mEAC) protocol with non-traceability feature 82 8.8.1 General . 82 8.8.2 Example for traceability case . 83 8.8.3 Notation 83 8.8.4 Authentication

21、 steps . 84 8.8.5 Unlinkablity Mechanism with individual private keys . 99 8.9 Symmetric authentication scheme 108 8.9.1 General . 108 8.9.2 Authentication steps . 108 8.9.3 Session Key creation 112 8.10 Compute Session keys from key seed KIFD/ICC113 8.10.1 General . 113 8.10.2 Generation of key dat

22、a 113 8.10.3 Partitioning of the key data 113 8.10.4 Algorithm and method specific definition for key derivation . 113 8.10.5 Key derivation from passwords . 116 8.11 Compute send sequence counter SSC . 118 8.12 Post-authentication phase 118 8.13 Ending the secure session . 119 8.13.1 General . 119

23、8.13.2 Example for ending a secure session . 119 8.13.3 Rules for ending a secure session 119 8.14 Reading the Display Message 119 8.15 Updating the Display Message 122 9 Password-based authentication protocols . 123 9.1 General . 123 9.2 Notation 123 9.3 Authentication steps . 124 9.3.1 General . 1

24、24 9.3.2 Step 1 Reading the protocol relevant public parameters . 125 9.3.3 Step 2 Set PBM parameters and generate blinding point . 127 9.3.4 Step 3 Get encrypted nonce 128 9.3.5 Step 4.1 Map nonce and compute generator point for generic mapping . 129 9.3.6 Step 4.2 Map nonce and compute generator p

25、oint for integrated mapping . 130 9.3.7 Step 5 Generate session keys . 133 BS EN 419212-1:2014EN 419212-1:2014 (E) 4 9.3.8 Step 6 Explicit key authentication 134 10 Secure Messaging 135 10.1 General . 135 10.2 CLA byte 135 10.3 TLV coding of command and response message . 135 10.4 Treatment of SM-Er

26、rors 136 10.5 Padding for checksum calculation . 136 10.6 Send sequence counter (SSC) 136 10.7 Message structure of Secure Messaging APDUs 136 10.7.1 Cryptograms 136 10.7.2 Cryptographic Checksums 139 10.7.3 Final command APDU construction . 143 10.8 Response APDU protection . 143 10.9 Use of TDES a

27、nd AES 150 10.9.1 TDES/AES encryption/decryption . 150 10.9.2 CBC mode 151 10.9.3 Retail MAC with TDES 151 10.9.4 EMAC with AES . 152 10.9.5 CMAC with AES . 154 11 Key Generation . 155 11.1 General . 155 11.2 Key generation and export using PrK.ICC.AUT . 155 11.3 Key generation and export with SM 15

28、5 11.4 Write certificates . 156 12 Key identifiers and parameters . 156 12.1 General . 156 12.2 Key identifiers (KID) 156 12.2.1 General . 156 12.2.2 Secret and private keys 156 12.3 Public Key parameters . 156 12.3.1 General . 156 12.3.2 RSA public key parameters . 157 12.4 Diffie-Hellman key excha

29、nge parameters 157 12.5 Authentication tokens in the protocols mEACv2 and PCA 157 12.5.1 General . 157 12.5.2 TDES 157 12.5.3 AES . 157 12.5.4 Ephemeral Public Key Data Object . 157 12.6 The compression function Comp( ) 158 12.7 DSA with ELC public key parameters . 158 12.7.1 General . 158 12.7.2 Th

30、e plain format of a digital signature . 159 12.7.3 The uncompressed encoding 159 12.8 ELC key exchange public parameters 160 13 Data structures 160 13.1 CRTs . 160 13.1.1 CRT AT for the selection of internal private authentication keys 160 13.1.2 CRT AT for selection of internal authentication keys

31、. 161 13.1.3 CRT for selection of IFDs PuK.CAIFD.CS_AUT 161 13.1.4 CRT for selection of IFDs PuK.IFD.AUT 162 13.1.5 CRT AT for selection of the public DH / ECDH key parameters . 162 13.1.6 CRT AT for selection of the PBM key parameters . 162 13.1.7 GENERAL AUTHENTICATE DH key parameters used by the

32、Privacy Protocol . 163 13.1.8 CRT AT for selection of ICCs private authentication key 163 13.1.9 CRT for selection of IFDs PuK.IFD.AUT 164 13.1.10 CRT for selection of PrK.ICC.KA . 164 13.2 Key transport device authentication protocol . 164 13.2.1 EXTERNAL AUTHENTICATE . 165 13.2.2 INTERNAL AUTHENTI

33、CATE . 166 BS EN 419212-1:2014EN 419212-1:2014 (E) 5 13.3 Privacy device authentication protocol 166 13.3.1 EXTERNAL AUTHENTICATE (DH case) 167 13.3.2 EXTERNAL AUTHENTICATE (ECDH case) . 168 13.3.3 INTERNAL AUTHENTICATE (DH case) 169 13.3.4 INTERNAL AUTHENTICATE (ECDH case) . 170 14 AlgIDs, Hash- an

34、d DSI Formats . 171 14.1 Algorithm Identifiers and OIDs 171 14.2 Hash Input-Formats . 172 14.2.1 PSO:HASH without command chaining 172 14.2.2 PSO:HASH with command Chaining . 173 14.3 Formats of the Digital Signature Input (DSI) . 173 14.3.1 DSI according to ISO/IEC 14888-2 (scheme 2) 174 14.3.2 DSI

35、 according to PKCS #1 V 1.5 175 14.3.3 Digest Info for SHA-X 176 14.3.4 DSI according to PKCS #1 V 2.x 178 14.3.5 DSA with DH key parameters . 179 14.3.6 Elliptic Curve Digital Signature Algorithm - ECDSA 179 15 CV_Certificates and Key Management 180 15.1 Level of trust in a certificate . 180 15.2 K

36、ey Management . 180 15.3 Certificate types . 181 15.3.1 Card Verifiable Certificates. 181 15.3.2 Signature-Certificates . 181 15.3.3 Authentication Certificates . 181 15.4 Use of the public key extracted from a CV-certificate . 181 15.5 Validity of the key extracted from a CV-certificate 182 15.6 CV

37、C structure 183 15.6.1 Non-self-descriptive certificates 183 15.6.2 Self-descriptive certificates 183 15.7 Certificate Content 184 15.7.1 CPI-Certificate Profile Identifier . 184 15.7.2 CAR-Certification Authority Reference DO . 185 15.7.3 CHR-Certificate Holder Reference DO . 186 15.7.4 CHA-Certifi

38、cate Holder Authorization Data Object (CHA-DO) . 187 15.7.5 Role identifier specifications 189 15.7.6 CHAT-Certificate Holder Authorization Template (CHAT) . 192 15.7.7 OID Object identifier . 192 15.7.8 CEDT Certificate Effective Date Template 192 15.7.9 CXDT Certificate Expiration date Template .

39、192 15.8 Certificate signature 193 15.8.1 Non self-descriptive certificates 193 15.8.2 Self-descriptive certificates 194 15.9 Coding of the certificate content . 194 15.9.1 Non self-descriptive certificates 194 15.9.2 Self-descriptive certificates 195 15.9.3 Self-descriptive certificates for ellipti

40、c curve cryptography. 195 15.10 Steps of CVC verification 199 15.10.1 First round: CVC verification from a Root PuK 200 15.10.2 Subsequent round(s) 201 15.11 Commands to handle the CVC . 201 15.12 C_CV.IFD.AUT (non self-descriptive) 201 15.13 C_CV.CA.CS-AUT (non self-descriptive) . 203 15.14 C.ICC.A

41、UT. 204 15.15 Self-descriptive CV Certificate (Example) . 204 15.15.1 Public Key 205 15.15.2 Certificate Holder Authorization Template . 205 15.15.3 Certificate Extension . 205 15.15.4 ECDSA Signature 206 16 Files . 207 BS EN 419212-1:2014EN 419212-1:2014 (E) 6 16.1 File structure . 207 16.2 File ID

42、s . 208 16.3 EF.DIR 208 16.4 EF.SN.ICC 208 16.5 EF.DH . 209 16.6 EF.ELC . 209 16.7 EF.C.ICC.AUT 210 16.8 EF.C.CAICC.CS-AUT . 211 16.9 EF.C_X509.CH.DS . 211 16.10 EF.C_X509.CA.CS (DF.ESIGN) . 212 16.11 EF.DM . 212 17 Cryptographic Information Application 213 17.1 ESIGN cryptographic information layou

43、t example 214 17.1.1 EF.CIAInfo 215 17.1.2 EF.AOD 216 17.1.3 EF.PrKD . 219 17.1.4 EF.PuKD . 221 17.1.5 EF.CD . 222 17.1.6 EF.DCOD 223 Annex A (normative) Algorithm Identifiers Coding and specification 226 Annex B (informative) Device authentication Protocol Properties . 234 Annex C (informative) Per

44、sonalization scenarios . 236 Annex D (informative) OID values . 238 D.1 OIDs for certificate signatures 238 D.2 OIDs for key transport protocol 239 D.3 OIDs for device authentication with privacy 239 D.4 OIDs for password based mechanisms . 240 D.5 OIDs for mEAC protocol 241 D.5.1 OIDs for Chip Devi

45、ce Authentication 241 D.5.2 OIDs for Terminal Device Authentication . 241 D.6 OIDs for privacy protocols . 242 D.6.1 OIDs for Restricted Identification 242 D.6.2 OIDs for Restricted Identification 243 D.7 OIDs for mEAC based eServices . 243 D.7.1 OIDs for Terminal Device Authentication in mEAC-based

46、 eServices . 243 D.8 OIDs for the PCA mechanism 244 Annex E (informative) Build scheme for object identifiers defined by EN 14890 245 Bibliography . 247 BS EN 419212-1:2014EN 419212-1:2014 (E) 7 Foreword This document (EN 419212-1:2014) has been prepared by Technical Committee CEN/TC 224 “Personal i

47、dentification, electronic signature and cards and their related systems and operations“, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by June 2015 and co

48、nflicting national standards shall be withdrawn at the latest by June 2015. This document supersedes EN 14890-1:2008. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. EN 419212, Application Interface for smart cards used

49、 as Secure Signature Creation Devices, consists of two parts: Part 1: Basic services;the present document which describes the specifications for IAS based services on smart cards to be used in compliance to the requirements of Article 5.1 of the Electronic Signature Directive; and Part 2: Additional services which describes other services that may be used in conjunction with all, some or none of the services described in Part 1. This standard supports services in the context of Identification, Authentication and Electronic Signature (IAS) serv