1、BSI Standards Publication BS ISO/IEC 18328-1:2015 Identification cards ICC- managed devices Part 1: General frameworkBS ISO/IEC 18328-1:2015 BRITISH STANDARD National foreword This British Standard is the UK implementation of ISO/IEC 18328-1:2015. The UK participation in its preparation was entruste
2、d to Technical Committee IST/17, Cards and personal identification. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct applic
3、ation. The British Standards Institution 2015. Published by BSI Standards Limited 2015 ISBN 978 0 580 86046 1 ICS 35.240.15 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority of the Standards Policy and Strategy C
4、ommittee on 31 December 2015. Amendments/corrigenda issued since publication Date T e x t a f f e c t e dBS ISO/IEC 18328-1:2015 Identification cards ICC-managed devices Part 1: General framework Cartes didentification Dispositifs contrls par carte circuit intgr (ICC) Partie 1: Cadre gnral INTERNATI
5、ONAL STANDARD ISO/IEC 18328-1 Reference number ISO/IEC 18328-1:2015(E) First edition 2015-12-15 ISO/IEC 2015 BS ISO/IEC 18328-1:2015ii ISO/IEC 2015 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2015, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this
6、 publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body in the
7、 country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 18328-1:2015(E)BS ISO/IEC 18328-1:2015ISO/IEC 18328-1:2015(E)Foreword iv Introduction v 1 Scope .1 2 Terms a
8、nd definitions .1 3 Symbols and abbreviated terms .1 4 Framework for ICC-managed devices .2 4.1 Device categories of ICC-managed devices . 2 4.2 Targeted subjects in the ISO/IEC 18328 series 2 4.3 System architecture overview . 4 4.4 Logical architecture 5 Annex A (informative) Device application co
9、ntext 6 Annex B (informative) Use cases .8 Annex C (informative) Usage of legacy card-IC .17 Bibliography .18 ISO/IEC 2015 All rights reserved iii Contents PageBS ISO/IEC 18328-1:2015ISO/IEC 18328-1:2015(E) Foreword ISO (the International Organization for Standardization) and IEC (the International
10、Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of t
11、echnical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint te
12、chnical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was d
13、rafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all suc
14、h patent rights. Details of any patent rights identified during the development of the document will be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and doe
15、s not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISOs adherence to the WTO principles in the Technical Barriers to Trade (TBT) see the following URL: Foreword - Supplementary inform
16、ation The committee responsible for this document is ISO/IEC JTC 1, Information technology, Subcommittee SC 17, Cards and personal identification. ISO/IEC 18328 consists of the following parts, under the general title Identification Cards ICC- managed Devices: Part 1: General framework Part 2: Physi
17、cal characteristics and test methods for cards with devices Part 3: Organisation, security and commands for interchangeiv ISO/IEC 2015 All rights reservedBS ISO/IEC 18328-1:2015ISO/IEC 18328-1:2015(E) Introduction New upcoming technologies are providing flexible and suitable devices for input and ou
18、tput operations on ICCs and open a wide area of applications and use cases. Interoperability in current developments of new projects underlines the need of standardisation. Integrated Circuit Card (ICC) consists of a card body with an embedded integrated circuit (or several integrated circuits). Int
19、ernational Standards such as ISO/IEC 7816 and ISO/IEC 14443 define the physical and logical requirements of the ICC, e.g. location of the contacts, size of the card, electrical signals and communication protocols, security mechanisms, etc. A lot of new requirements have to be considered when ICC-man
20、aged devices are on an ICC. This also incorporates physical aspects, as well as logical view on this type of card. The needs of useful applications and their environments have to be also taken into account for the ICC-managed devices on or in a card body. The nature of the device type leads to diffe
21、rent definitions in physical and logical aspects. The intention of this part of ISO/IEC 18328 is to minimize the technology-dependent differences and to increase interchange. This part of ISO/IEC 18328 offers a basic framework of different aspects which allows interoperability for application of ICC
22、-managed devices on a card or possibly external off the card. The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) draws attention to the fact that it is claimed that compliance with this part of ISO/IEC 18328 may involve the use of a patent an
23、d their foreign counterparts. FR99/09818: Smart card architecture incorporating peripherals PCT/EP2011/058914: Bank card with display screen PCT/EP2011/059021: Bank card with display screen EP2001949522A: Contact-free display peripheral device for contact-free portable object WO2009077398, US2010026
24、3034, EP2225703, JP2010-538574, KR10-1162443: A method for authorizing a communication with a portable electronic device, such as an access to an electronic memory zone corresponding device and system. ISO and IEC take no position concerning the evidence, validity and scope of this patent right. The
25、 holder of this patent right has assured the ISO and IEC that he/she is willing to negotiate licenses under reasonable and non-discriminatory terms and conditions with applicants throughout the world. In this respect, the statement of the holder of this patent right is registered with ISO and IEC. I
26、nformation may be obtained from: Gemalto Intellectual Property and Licensing Department, 6, Rue de la Verrerie, 92197 Meudon Cedex, France Gemplus Avenue Pic de Bertagne, Parc dActivits de Gmenos BP 100 FR-13881 Gmenos Cedex ASK SA Les Boullides, 15, Traverse des Brucs, Sophia Antipolis, 06560 Valbo
27、nne, France ISO/IEC 2015 All rights reserved vBS ISO/IEC 18328-1:2015ISO/IEC 18328-1:2015(E) Attention is drawn to the possibility that some of the elements of this part of ISO/IEC 18328 may be the subject of patent rights other than those identified above. ISO and IEC shall not be held responsible
28、for identifying any or all such patent rights. ISO (www.iso.org/patents) and IEC (http:/ /patents.iec.ch) maintain on-line databases of patents relevant to their standards. Users are encouraged to consult the databases for the most up to date information concerning patents.vi ISO/IEC 2015 All rights
29、 reservedBS ISO/IEC 18328-1:2015INTERNATIONAL ST ANDARD ISO/IEC 18328-1:2015(E) Identification cards ICC-managed devices Part 1: General framework 1 Scope This part of ISO/IEC 18328 describes the general architecture of an ICC with ICC-managed devices. This part of ISO/IEC 18328 is one of a series o
30、f International Standards which outlines the content and the boundaries covered and standardised by the other parts of ISO/IEC 18328. The general principle of this part of ISO/IEC 18328 is that all activities regarding the ICC-managed devices are controlled by the card-IC. This principle also applie
31、s when ICC-managed devices are outside the card. This part of ISO/IEC 18328 is applicable for all kind of cards independent from interface technology for communication. 2 Terms and definitions For the purposes of this document, the following terms and definitions apply. 2.1 button tactile device use
32、d as a single input key 2.2 card-IC integrated circuit with COS 2.3 ICC-managed devices device or devices whose activities are controlled only by ICC 2.4 keypad array of several buttons (2.1) organized as one entity 2.5 biometric capture device sensor whose purpose is to acquire biometric data Note
33、1 to entry: See also ISO/IEC 17839. 2.6 electronic display electronic device to show information 3 Symbols and abbreviated terms CLF contactless frontend COS card operating system NOTE COS is a logical element for implementation of functionalities defined in ISO/ IEC 7816-4. ISO/IEC 2015 All rights
34、reserved 1BS ISO/IEC 18328-1:2015ISO/IEC 18328-1:2015(E) eID electronic identification eSE embedded secure element HCI host controller interface IC integrated circuit ICC integrated circuit card NOTE An ICC consists of card body (or document, e.g. travel document) and one IC (or sever- al ICs) with
35、implementation of functionalities defined in ISO/IEC 7816-4. This ICC is inde- pendent from the physical interface technology. I 2 C inter-integrated circuit IFD interface device LED light emitting diode NFC near field communication OTP one-time password PIN personal identification number SPI serial
36、 peripheral interface SWP single wire protocol TEE trusted execution environment UICC universal integrated circuit card 4 Framework for ICC-managed devices 4.1 Device categories of ICC-managed devices Devices on an ICC mentioned here as ICC-managed devices extend the usage and definitions of a card.
37、 First implementations have shown ICCs using extensions, e.g. keypad, electronic displays, etc. Annex A outlines a motivation for having a standard for ICC-managed devices. In general, an ICC-managed device is defined as an electronic device supplementary to the electronic system on a card, which al
38、lows internal transactions and/or transactions with the external world. The following is a general categorisation in groups seen from the perspective of the ICC: devices for input purposes, e.g. button, keypad, microphone, and biometric input sensor; devices for output purposes, e.g. display and lou
39、dspeaker; devices for input/output purposes, e.g. touch-screen; devices for communication purposes, e.g. LED, optical sensor, loudspeaker, microphone; support devices, e.g. power supplying device. 4.2 Targeted subjects in the ISO/IEC 18328 series Many card-IC of ICC used today have already ICC-manag
40、ed devices on the card-IC itself. Examples are random number generators (RNG) or crypto coprocessors, etc. These on-board devices support the card- IC and the COS in dedicated use cases. Usually, today, they are proprietarily connected and linked in each 2 ISO/IEC 2015 All rights reservedBS ISO/IEC
41、18328-1:2015ISO/IEC 18328-1:2015(E) implementation. In this part ISO/IEC 18328, they are out of scope, but it is not excluded in the future to apply the mechanisms, defined in this series of International Standards also to such on-board devices. Devices in this part ISO/IEC 18328 are always electron
42、ic devices linked to the card-IC. Any information from or to the device shall be channelled through and controlled by the ICC operating system. Physical and logical protocols from the physical interfaces of the card-IC of the ICC to the devices are not covered by this part ISO/IEC 18328. Currently,
43、there are different physical interfaces in ICC in use, e.g. SPI or IC interfaces; the definitions applied in this part ISO/IEC 18328shall be independent from any existing or future interfaces. Concrete implementations of the physical and electrical interfaces from ICC to any device or buses to the p
44、hysical device are also out of the scope of this part ISO/IEC 18328. The wide range of devices with different purposes and the large number of manufactures offering devices in different technologies and new fast developing technologies require a generic approach which allows easy adapting of new dev
45、ices, new manufactures and new technologies in the future. The definitions in this part ISO/IEC 18328 shall be as flexible as possible to allow the adaptation of new devices in the future. This part ISO/IEC 18328 covers all devices connectable to the card-IC including, but not limited to, power supp
46、lying devices, displays, all kind of sensors, microphones, loudspeaker, buttons, keypads, etc. The list can be extended due to the fact that future developments and needs will arise. Mechanisms to use electronic devices located outside of the ICC are covered also by this part ISO/IEC 18328. Figure 1
47、 outlines the list of characteristics and mechanisms which shall be standardised within this series of International Standards. This part ISO/IEC 18328 defines the required functionality of card operating system and other parts of software. It covers physical characteristics and test methods and als
48、o aspects of coexistence of technologies for ICC-managed devices. Definitions of coding required for “trust assessment” of managed data, e.g. warning, font, colour, etc. is also in the scope of this part ISO/IEC 18328. The mechanisms described in this part ISO/IEC 18328 are independent from internal
49、 capabilities of the devices. NOTE Complex devices may have a separate controller or driver to enable its functionality. For example, an electronic display may have a specific electrical driver which provides and controls the physical signals to the display. ISO/IEC 2015 All rights reserved 3BS ISO/IEC 18328-1:2015ISO/IEC 18328-1:2015(E) EXAMPLES Touch-screen Button Keypad Biometric input sensor Any other device Microphone Loudspeaker Electronic display Power
