EN 419212-2-2014 en Application Interface for smart cards used as Secure Signature Creation Devices - Part 2 Additional services (Remains Current)《安全签名生成设备智能卡的应用接口 第2部分 附加服务》.pdf

1、BSI Standards PublicationBS EN 419212-2:2014Application Interface for smartcards used as Secure SignatureCreation DevicesPart 2: Additional servicesBS EN 419212-2:2014 BRITISH STANDARDNational forewordThis British Standard is the UK implementation of EN 419212-2:2014.It supersedes BS EN 14890-2:2008

2、 which is withdrawn.The UK participation in its preparation was entrusted to TechnicalCommittee IST/17, Cards and personal identification.A list of organizations represented on this committee can beobtained on request to its secretary.This publication does not purport to include all the necessarypro

3、visions of a contract. Users are responsible for its correctapplication. The British Standards Institution 2014. Published by BSI StandardsLimited 2014ISBN 978 0 580 77110 1ICS 35.240.15Compliance with a British Standard cannot confer immunity fromlegal obligations.This British Standard was publishe

4、d under the authority of theStandards Policy and Strategy Committee on 31 December 2014.Amendments issued since publicationDate Text affectedBS EN 419212-2:2014EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN 419212-2 December 2014 ICS 35.240.15 Supersedes EN 14890-2:2008English Version Applicat

5、ion Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional services Interface applicative des cartes puces utilises comme dispositifs de cration de signature numrique scuriss - Partie 2 : Services complmentaires Anwendungsschnittstelle fr Chip-Karten, die zur Erzeug

6、ung qualifizierter elektronischer Signaturen verwendet werden - Teil 2: Zustzliche Dienste This European Standard was approved by CEN on 27 September 2014. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the s

7、tatus of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN member. This European Standard exists in three official versions (English, French,

8、 German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Cr

9、oatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and

10、 United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels 2014 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No

11、. EN 419212-2:2014 EBS EN 419212-2:2014EN 419212-2:2014 (E) 2 Contents Foreword 5 1 Scope 7 2 Normative references 7 3 Terms and definitions .7 4 Abbreviations and notation 9 5 Additional Service Selection . 11 6 Client/Server Authentication . 14 6.1 Client/Server protocols 14 6.2 Steps preceding th

12、e client/server authentication . 15 6.3 Padding format 15 6.3.1 PKCS #1 v 1-5 Padding 15 6.3.2 PKCS #1 V 2.x (PSS) Padding 16 6.3.3 Building the DSI on ECDSA . 17 6.4 Client/Server protocol 18 6.4.1 Step 1 Read certificate . 18 6.4.2 Step 2 Set signing key for client/server internal authentication .

13、 19 6.4.3 Step 3 Internal authentication . 20 6.4.4 Client/Server authentication execution flow 22 6.4.5 Command data field for the client server authentication . 24 7 Role Authentication 25 7.1 Role Authentication of the card 25 7.2 Role Authentication of the server . 25 7.3 Symmetrical external au

14、thentication 25 7.3.1 Protocol . 25 7.3.2 Description of the cryptographic mechanisms . 30 7.3.3 Role description 30 7.4 Asymmetric external authentication . 31 7.4.1 Protocol based on RSA 31 7.4.2 Protocol based on modular Enhanced Role Authentication (mERA) . 34 8 Symmetric key transmission betwee

15、n a remote server and the ICC 49 8.1 Steps preceding the key transport 49 8.2 Key encryption with RSA . 49 8.2.1 PKCS#1 v1.5 padding . 50 8.2.2 OAEP padding . 50 8.2.3 Execution flow . 51 8.3 Diffie-Hellman key exchange for key encipherment . 54 8.3.1 Execution flow . 56 9 Signature verification . 5

16、8 9.1 Signature verification execution flow . 58 9.1.1 Step 1: Receive Hash . 59 9.1.2 Step 2: Select verification key . 60 9.1.3 Step 3: Verify digital signature 61 10 Certificates for additional services . 62 10.1 File structure . 63 10.2 EF.C_X509.CH.DS . 63 10.3 EF.C.CH.AUT . 63 10.4 EF.C.CH.KE

17、63 10.5 Reading Certificates and the public key of CAs 64 11 Privacy Context functions . 65 BS EN 419212-2:2014EN 419212-2:2014 (E) 3 11.1 Introduction 65 11.2 Auxiliary Data Comparison. 65 11.2.1 Presentation of the auxiliary data 66 11.2.2 Age Verification . 68 11.2.3 Document Validation . 69 11.3

18、 Restricted Identification 70 11.3.1 Command APDU for Step RI:1 . 73 11.3.2 Command APDU for Step RI:2 . 74 11.4 eServices with trusted third party protocol 77 11.4.1 mERA-based eServices with trusted third party protocol 78 11.4.2 mEAC-based eServices with trusted third party 83 11.5 eServices with

19、 two party protocols . 86 11.5.1 mEAC-based eServices with on-line two party protocol . 86 11.5.2 mEAC-based eServices with off-line two party protocol 87 12 APDU data structures . 89 12.1 Algorithm Identifiers . 89 12.2 CRTs . 89 12.2.1 CRT DST for selection of ICCs private client/server auth. key

20、89 12.2.2 CRT AT for selection of ICCs private client/server auth. key 89 12.2.3 CRT CT for selection of ICCs private key 90 12.2.4 CRT DST for selection of IFDs public key (signature verification) . 90 Annex A (normative) Security Service Descriptor Templates 91 A.1 Security Service Descriptor Conc

21、ept 91 A.2 SSD Data Objects 92 A.2.1 DO Extended Header List, tag 4D 92 A.2.2 DO Instruction set mapping (ISM), tag 80 . 92 A.2.3 DO Command to perform (CTP), tag 52 (refer to ISO/IEC 7816-6) 92 A.2.4 DO Algorithm object identifier (OID), tag 06 (refer to ISO/IEC 7816-6) 92 A.2.5 DO Algorithm refere

22、nce, tag 81 . 92 A.2.6 DO Key reference, tag 82 93 A.2.7 DO FID key file, tag 83 . 93 A.2.8 DO Key group, tag 84 93 A.2.9 DO FID base certificate file, tag 85 93 A.2.10 DO FID adjoined certificate file, tag 86 93 A.2.11 DO Certificate reference, tag 87 . 93 A.2.12 DO Certificate qualifier, tag 88 .

23、93 A.2.13 DO FID for file with public key of the certification authority PK(CA), tag 89 93 A.2.14 DO PIN usage policy, tag 5F2F 93 A.2.15 DO PIN reference, tag 8A 94 A.2.16 DO Application identifier (AID), tag 4F (refer to ISO/IEC 7816-6) 94 A.2.17 DO CLA coding, tag 8B . 94 A.2.18 DO Status informa

24、tion (SW1-SW2), tag 42 (refer to ISO/IEC 7816-6) . 94 A.2.19 DO Discretionary data, tag 53 (refer to ISO/IEC 7816-6) 94 A.2.20 DO SE number, tag 8C 94 A.2.21 DO SSD profile identifier, tag 8D . 95 A.2.22 DO FID mapping, tag 8E 95 A.3 Location of the SSD templates 95 A.4 Examples for SSD templates 95

25、 Annex B (informative) Security environments . 97 B.1 Definition of CRTs (examples) . 98 B.1.1 CRT for Authentication (AT) . 99 B.1.2 CRT for Cryptographic Checksum (CCT) 100 B.1.3 CRT for Digital Signature (DST) . 101 B.1.4 CRT for confidentiality (CT) 102 B.2 Security Environments (example) . 103

26、B.2.1 Security Environment #10 103 B.2.2 Security Environment #11 104 B.3 Coding of access conditions (example) 104 BS EN 419212-2:2014EN 419212-2:2014 (E) 4 B.3.1 Access Conditions 105 B.3.2 Access rule references 106 B.3.3 Access conditions for EF.ARR 107 B.3.4 EF.ARR records 107 Annex C (normativ

27、e) Algorithm Identifiers Coding and specification 110 Annex D (informative) Example of DF.CIA 117 Annex E (informative) Build scheme for object identifiers defined by EN 14890 122 Bibliography . 124 BS EN 419212-2:2014EN 419212-2:2014 (E) 5 Foreword This document (EN 419212-2:2014) has been prepared

28、 by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and operations“, the secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by

29、endorsement, at the latest by June 2015 and conflicting national standards shall be withdrawn at the latest by June 2015. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identif

30、ying any or all such patent rights. This document supersedes EN 14890-2:2008. This document has been prepared under a mandate given to CEN by the European Commission and the European Free Trade Association. EN 419212, Application Interface for smart cards used as Secure Signature Creation Devices, c

31、onsists of two parts: Part 1: Basic services which describes the specifications for IAS based services on smart cards to be used in compliance to the requirements of Article 5.1 of the Electronic Signature Directive; and Part 2: Additional services the present document which describes other services

32、 that may be used in conjunction with all, some or none of the services described in Part 1. This standard supports services in the context of IAS Identification, Authentication and Electronic Signature (IAS) services, as well as other services. In EN 419212-1, the standard allows to support the imp

33、lementation of the European legal framework for electronic signatures, defining the functional and security features for a smart card intended to be used as a Secure Signature Creation Device according to the Terms of the European Directive on Electronic Signature 1999/93/EC. A card compliant to the

34、 standard will be able to produce a “Qualified Electronic Signature (QES)“ that fulfils the requirements of Article 5.1 of the Electronic Signature Directive and therefore can be considered equivalent to hand-written signatures. In EN 419212-2, the standard specifies mechanisms to support other serv

35、ices like generic Identification, Authentication, confidentiality, signature verification services and privacy features. EN 419212 defines a set of services that will enable the development of interoperable cards issued by any card industry sector. The standard will describe an application interface

36、 and behavior of the SSCD, i.e. it should be possible to implement it on native and interpreter based cards. Compared with the 2008 versions of EN 14890, the following broad change has been made: The scope of the standard was enhanced through new mechanisms in the field of password based mechanisms

37、and privacy. Regarding EN 419212-1, the most significant technical changes that have been made are the following ones: new algorithms added to device authentication protocols (e.g. AES, ELC); added AES to secure messaging; BS EN 419212-2:2014EN 419212-2:2014 (E) 6 introduced password based mechanism

38、s (PACEv2); updating references to their latest releases; algorithm Identifier coding; recommendation for making best use of device authentication protocols. Regarding EN 419212-2, the most significant technical changes that have been made are the following ones: a) Added privacy services including:

39、 1) anonymity and pseudonymity services; 2) auxiliary data transmission e.g. for Age verification; 3) e-Services with trusted third party; 4) e-Services with 2-parties. According to the CEN-CENELEC Internal Regulations, the national standards organizations of the following countries are bound to imp

40、lement this European Standard: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romani

41、a, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. BS EN 419212-2:2014EN 419212-2:2014 (E) 7 1 Scope This European Standard contains Identification, Authentication and Digital Signature (IAS) services in addition to the SSCD mechanisms already described in EN 419212-1

42、to enable interoperability and usage for IAS services on a national or European level. It also specifies additional mechanisms like key decipherment, Client Server authentication, identity management and privacy related services. 2 Normative references The following documents, in whole or in part, a

43、re normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. EN 419212-1:2014, Application Interface for smart card

44、s used as Secure Signature Creation Devices Part 1: Basic services ISO/IEC 7816-4:2013, Identification cards Integrated circuit(s) cards with contacts Part 4: Organization, security and commands for interchange ISO/IEC 7816-6:2006, Identification cards Integrated circuit(s) cards with contacts Part

45、6: Interindustry data elements for interchange ISO/IEC 7816-8:2004, Integrated circuit(s) cards with contacts Part 8: Commands for security operations ISO/IEC 9796 (all parts), Information technology Security techniques Digital signature schemes giving message recovery ISO/IEC 9797-1, Information te

46、chnology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. NOTE These definitions are in compliance with those given in the revision of ISO/IEC 7816-4.

47、3.1 anonymity assurance in which a user may use a resource or service without disclosing the users identity 3.2 anonymization process that removes the association between an identifying data set and a data subject 3.3 anonymized data data that was once linked to an individual but can now no longer b

48、e related to them 3.4 anonymous data data that cannot be linked to a specific individual 3.5 C/S external authentication authentication of the server by the client BS EN 419212-2:2014EN 419212-2:2014 (E) 8 Note 1 to entry: The client is regarded as the combination of the PC and the ICC. This externa

49、l authentication is out of the scope of this specification. 3.6 C/S internal authentication authentication of the client by the server Note 1 to entry: The client is regarded as the combination of the PC and the ICC. 3.7 forward secrecy security property of a protocol, that guarantees that the disclosure of long-term private key does not enable an opponent to compromise the secrecy property of the executions of the protocol made in the past, for example, by re-computing previ