1、BSI Standards Publication BS ISO/IEC 18013-4:2011 Information technology Personal identification ISO- compliant driving licence Part 4: Test methods Incorporating corrigendum November 2013BS ISO/IEC 18013-4:2011 National foreword This British Standard is the UK implementation of ISO/IEC 18013-4:2011
2、, incorporating corrigendum November 2013. The start and finish of text introduced or altered by corrigendum is indicated in the text by tags. Text altered by ISO/IEC corrigendum November 2013 is indicated in the text by . The UK participation in its preparation was entrusted to Technical Committee
3、IST/17, Cards and personal identification. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standa
4、rds Institution 2014. Published by BSI Standards Limited 2014 ISBN 978 0 580 85076 9 ICS 35.240.15 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 November 2
5、011. Amendments/corrigenda issued since publication Date Text affected 28 February 2014 Implementation of ISO/IEC corrigendum November 2013 BRITISH STANDARD Reference number ISO/IEC 18013-4:2011(E) ISO/IEC 2011INTERNATIONAL STANDARD ISO/IEC 18013-4 First edition 2011-11-01 Information technology Per
6、sonal identification ISO-compliant driving licence Part 4: Test methods Technologies de linformation Identification des personnes Permis de conduire conforme lISO Partie 4: Mthodes dessai COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2011 All rights reserved. Unless otherwise specified, no part of this publi
7、cation may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or ISOs member body in the country of the requester. ISO copyright office Case postale 56 CH-1211 Genev
8、a 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail copyrightiso.org Web www.iso.org Published in Switzerland ii ISO/IEC 2013 All rights reserved BS ISO/IEC 18013-4:2011 ISO/IEC 18013-4:2011(E) BS ISO/IEC 18013-4:2011 ISO/IEC 18013-4:2011(E) iiiForeword ISO (the International Organization for S
9、tandardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organ
10、ization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technolo
11、gy, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2. The main task of the joint technical committee is to prepare International Standards. Draft International Standards a
12、dopted by the joint technical committee are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. Attention is drawn to the possibility that some of the elements of this document may be the subject
13、 of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. ISO/IEC 18013-4 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 17, Cards and personal identification. ISO/IEC 18013 consists of the following
14、parts, under the general title Information technology Personal identification ISO-compliant driving licence: Part 1: Physical characteristics and basic data set Part 2: Machine-readable technologies Part 3: Access control, authentication and integrity validation Part 4: Test methods ISO 2013 All rig
15、hts reservedBS ISO/IEC 18013-4:2011 ISO/IEC 18013-4:2011(E) iv Contents Page Introduction vi 1 Scope 1 2 Conformance . 1 3 Normative references 2 4 Terms and definitions . 2 5 Abbreviated terms . 2 6 Test design . 3 6.1 General . 3 6.2 Test hierarchy 3 6.3 Test administration . 6 7 IDL Conformity te
16、st methods . 7 7.1 Overview . 7 7.2 Profiles 7 7.3 IDL test case specifications . 7 7.4 Conformance . 8 Annex A (normative) Test case specification: LDS in SE on SIC 9 A.1 Introduction 9 A.2 General test requirements 9 A.2.1 Preconditions for testing 9 A.2.2 Test setup . 9 A.2.3 Implementation confo
17、rmance statement 9 A.3 Test Layer SE_LDS Logical Data Structure Tests 11 A.3.1 Test Unit SE_LDS_COM Tests for EF.Com 11 A.3.2 Test Unit SE_LDS_DG1 Tests for EF.DG1 . 17 A.3.3 Test Unit SE_LDS_DG2 Tests for EF.DG2 . 27 A.3.4 Test Unit SE_LDS_DG3 Tests for EF.DG3 . 32 A.3.5 Test Unit SE_LDS_DG4 Tests
18、for EF.DG4 . 35 A.3.6 Test Unit SE_LDS_DG5 Tests for EF.DG5 . 38 A.3.7 Test Unit SE_LDS_DG6 Tests for EF.DG6 . 39 A.3.8 Test Unit SE_LDS_DG7 Tests for EF.DG7 . 48 A.3.9 Test Unit SE_LDS_DG8 Tests for EF.DG8 . 57 A.3.10 Test Unit SE_LDS_DG9 Tests for EF.DG9 . 67 A.3.11 Test Unit SE_LDS_SOD Tests for
19、EF.SOD. 77 A.3.12 Test Unit SE_LDS_DG12 Tests for EF.DG12 . 81 A.3.13 Test Unit SE_LDS_DG13 Tests for EF.DG13 . 83 A.3.14 Test Unit SE_LDS_DG14 Tests for EF.DG14 . 86 Annex B (normative) Test case specification: Commands for SE on SIC 90 B.1 Introduction 90 B.2 General test requirements 90 B.2.1 Pre
20、conditions for testing 90 B.2.2 Test setup . 90 B.2.3 Implementation conformance statement 90 B.2.4 Verification of ISO/IEC 7816-4 status bytes 92 B.2.5 Key pair definition . 93 B.2.6 Certificate specification 94 B.3 Test Layer SE_ISO7816 - Security and Command Tests 159 ISO/IEC 2013 All rights rese
21、rvedBS ISO/IEC 18013-4:2011 ISO/IEC 18013-4:2011(E) vB.3.1 Test Unit SE_ISO7816_SelDF SELECT DF Command . 160 B.3.2 Test Unit SE_ISO7816_SecBAP Security conditions of BAP protected IDL 162 B.3.3 Test Unit SE_ISO7816_BAP Basic Access Protection 180 B.3.4 Test Unit SE_ISO7816_SelEFSM Protected SELECT
22、EF Command . 190 B.3.5 Test Unit SE_ISO7816_ReadEFSM Protected READ BINARY Command 200 B.3.6 Test Unit SE_ISO7816_SelEF Unprotected SELECT EF Command . 208 B.3.7 Test Unit SE_ISO7816_ReadEF Unprotected READ BINARY Command . 216 B.3.8 Test Unit SE_ISO7816_AA Active Authentication 224 B.3.9 Test Unit
23、SE_ISO7816_SecEAP - Security Conditions for EAP protected IDL 228 B.3.10 Test Unit SE_ISO7816_CA - Chip Authentication 243 B.3.11 Test Unit SE_ISO7816_CertVer - Certificate verification 261 B.3.12 Test Unit SE_ISO7816_TA - Terminal Authentication . 295 B.3.13 Test Unit SE_ISO7816_AccCond - Effective
24、 Access Conditions . 308 B.3.14 Test Unit SE_ISO7816_Update - Update mechanism 321 B.3.15 Test Unit SE_ISO7816_Migration Migration policies . 32 B.4 Summary of test cases . 32 Bibliography . 3 ISO 2013 All rights reserved 30 7 8BS ISO/IEC 18013-4:2011 ISO/IEC 18013-4:2011(E) vi Introduction ISO/IEC
25、18013 establishes guidelines for the design format and data content of an ISO-compliant driving licence (IDL) with regard to human-readable features (ISO/IEC 18013-1), machine-readable technologies (ISO/IEC 18013-2), and access control, authentication and integrity validation (ISO/IEC 18013-3). It c
26、reates a common basis for international use and mutual recognition of the IDL without impeding individual countries/states to apply their privacy rules and national/community/regional motor vehicle authorities in taking care of their specific needs. ISO/IEC 18013-1 defines the basic terms for ISO/IE
27、C 18013, including physical characteristics, basic data element set, visual layout, and physical security features. ISO/IEC 18013-2 specifies the technologies that may be used for ISO/IEC 18013, including the logical data structure and data mapping for each technology. ISO/IEC 18013-3 specifies the
28、electronic security features that may be incorporated under ISO/IEC 18013, including mechanisms for controlling access to data, verifying the origin of an IDL, and confirming data integrity. This part of ISO/IEC 18013 prescribes requirements for testing the compliance of the machine-readable data co
29、ntent on an IDL and the mechanisms for controlling access to data recorded in the machine-readable technology on an IDL with the requirements of ISO/IEC 18013-2 and ISO/IEC 18013-3, respectively. ISO/IEC 2013 All rights reservedBS ISO/IEC 18013-4:2011 INTERNATIONAL STANDARD ISO/IEC 18013-4:2011(E)1I
30、nformation technology Personal identification ISO-compliant driving licence Part 4: Test methods 1 Scope This part of ISO/IEC 18013 specifies the test methods used for conformity testing, that is methods for determining whether a driving licence can be considered to comply with the requirements of I
31、SO/IEC 18013 for: machine-readable technologies (ISO/IEC 18013-2), and access control, authentication and integrity validation (ISO/IEC 18013-3). The test methods specified in this part of ISO/IEC 18013 are based on specifications defined in ISO/IEC 18013-2 and ISO/IEC 18013-3 and underlying normati
32、ve specifications. This part of ISO/IEC 18013 deals with test methods specific to ISO-compliant driving licence (IDL) requirements. Test methods applicable to (smart) cards in general (e.g. those specified in the ISO/IEC 10373 series) are outside the scope of this part of ISO/IEC 18013. Hence, this
33、part of ISO/IEC 18013 provides IDL implementers with requirements for conformity evaluation, provides IDL issuing authorities with requirements for quality assurance, and provides test laboratories and test tool providers with test suite requirements. 2 Conformance Test case specifications described
34、 in this part of ISO/IEC 18013 are intended to be performed separately and independently. A given driving licence document is not required to pass through all the tests sequentially. Also, not all tests may be applicable to a given implementation. An IDL is considered to conform to the applicable re
35、quirements of ISO/IEC 18013-2 and ISO/IEC 18013-3 if it passes all associated tests in this part of ISO/IEC 18013. However, passing all applicable tests in this part of ISO/IEC 18013 does not guarantee that no failures will occur under operational conditions. ISO 2013 All rights reservedBS ISO/IEC 1
36、8013-4:2011 ISO/IEC 18013-4:2011(E) 2 3 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendment
37、s) applies. ISO 3166-1:2006, Codes for the representation of names of countries and their subdivisions Part 1: Country codes ISO/IEC 7816-4:2005, Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange ISO/IEC 18013-2:2008, Information technology Per
38、sonal identification ISO-compliant driving licence Part 2: Machine-readable technologies ISO/IEC 18013-3:2009, Information technology Personal identification ISO-compliant driving licence Part 3: Access control, authentication and integrity validation ISO/IEC 19785-1:2006, Information technology Com
39、mon Biometric Exchange Formats Framework Part 1: Data element specification ISO/IEC 19785-3:2007, Information technology Common Biometric Exchange Formats Framework Part 3: Patron format specifications 4 Terms and definitions For the purposes of this document, the terms and definitions given in ISO/
40、IEC 18013-2, ISO/IEC 18013-3 and the following apply. 4.1 test case description of test purpose, unique test case identifier, test inputs, test execution conditions, test steps, and the results required to pass the test 4.2 test case specification collection of test cases, and general test data appl
41、icable to the test cases 5 Abbreviated terms AA active authentication AKID authority key identifier AID application identifier APDU application protocol data unit BAP basic access protection CA chip authentication CE compact encoding DF dedicated file DG data group DO data object 4.3 CL protocol pro
42、tocol defined in ISO/IEC 14443-4:2008 ISO/IEC 2013 All rights reservedBS ISO/IEC 18013-4:2011 ISO/IEC 18013-4:2011(E) 3EAP extended access protection EF elementary file EF ID elementary file identifier ICS implementation conformance statement IUT implementation under test LDS logical data structure
43、NMA non-match alert OID object identifier PA passive authentication PKI public-key infrastructure RF radio frequency SAI scanning area identifier SE standard encoding SIC secure integrated circuit SKID subject key identifier SMI security mechanism indicator SOD document security object TA terminal a
44、uthentication 6 Test design 6.1 General This clause generally follows the concepts of the OSI Conformance Testing Methodology and Framework as specified in the seven parts of ISO/IEC 9646. Several basic elements referred to in or by the individual test case specifications are explained. NOTE These e
45、lements facilitate the synchronization of additional specifications written by different organizations with this part of ISO/IEC 18013. 6.2 Test hierarchy 6.2.1 Structure Test concepts used to describe the test design consist of the following elements: Implementation under test (IUT) Test Layer Test
46、 Unit Test Case These elements have a hierarchical relationship as shown in Figure 1. ISO 2013 All rights reservedBS ISO/IEC 18013-4:2011 ISO/IEC 18013-4:2011(E) 4 implementation under test test layer test layer test unit test unit test unit test unit test case test case test case test case test cas
47、e test case test case test caseFigure 1 Test element hierarchy 6.2.2 Implementation under test 6.2.2.1 Overview Three IUTs are defined: IDL with standard encoding for SIC (see Annex C of ISO/IEC 18013-2:2008) IDL with compact encoding (see Annex B of ISO/IEC 18013-2:2008) IDL with standard encoding
48、on Optical Memory (see Annex D of ISO/IEC 18013-2:2008) 6.2.2.2 Profile Profiles are defined for identifying optional functionality in the IUT, which impacts the applicability of certain test layers, test units or test cases. Profiles determine whether certain tests are applicable in the Test Layer,
49、 Test Unit or Test Case definitions. This enables the tester or test software to (automatically) select which tests should be executed to the IUT. Such selection is based upon the ICS filled out by the applicant or tester (also see 6.3.1). The Profile specification shall include: Profile-ID Profile description 6.2.3 Test layer 6.2.3.1 Overview The following two of the seven layers in the OSI Basic Referenc
