1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationIdentification card systems European Citizen CardPart 4: Recommendations for European Citizen Card issuance, operation and usePD CEN/TS 15480-4:2012National forewordThis Publishe
2、d Document is the UK implementation of CEN/TS 15480-4:2012.The UK participation in its preparation was entrusted to Technical CommitteeIST/17, Cards and personal identification.A list of organizations represented on this committee can be obtained onrequest to its secretary.This publication does not
3、purport to include all the necessary provisions of acontract. Users are responsible for its correct application. The British Standards Institution 2012Published by BSI Standards Limited 2012ISBN 978 0 580 75909 3ICS 35.240.15Compliance with a British Standard cannot confer immunity fromlegal obligat
4、ions.This Published Document was published under the authority of theStandards Policy and Strategy Committee on 30 April 2012Amendments issued since publicationAmd. No. Date Text affectedPUBLISHED DOCUMENTPD CEN/TS 15480-4:2012TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION C
5、EN/TS 15480-4 March 2012 ICS 35.240.15 English Version Identification card systems - European Citizen Card - Part 4: Recommendations for European Citizen Card issuance, operation and use Systmes de cartes didentification - Carte Europenne du Citoyen - Partie 4: Recommandations pour lmission, lexploi
6、tation et lutilisation de la Carte Europenne du Citoyen Identifikationskartensysteme - Europische Brgerkarte - Teil 4: Empfehlungen fr Ausgabe, Arbeitsweise und Benutzung der Europischen Brgerkarte This Technical Specification (CEN/TS) was approved by CEN on 23 January 2012 for provisional applicati
7、on. The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence
8、of this CEN/TS in the same way as for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an E
9、N is reached. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slov
10、akia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG Management Centre: Avenue Marnix 17, B-1000 Brussels 2012 CEN All rights of exploitation in any form and by any means reserved w
11、orldwide for CEN national Members. Ref. No. CEN/TS 15480-4:2012: EPD CEN/TS 15480-4:2012CEN/TS 15480-4:2012 (E) 2 Contents Page Foreword 51 Scope 62 Normative references 63 Abbreviations .64 General recommendations on card issuance and operational procedures 74.1 Initial considerations for an ECC pr
12、oject 74.2 ECC Management System and ECC lifecycle description 94.3 ECC Management System functional organization . 114.4 ECC Management System Architecture . 124.4.1 General principles. 124.4.2 ARIS: Application Registration and Issuance Subsystem . 134.4.3 IVAS: Identity Authentication and Verific
13、ation Subsystem 144.5 ECC Management System Security Policy 144.5.1 Common principles 144.5.2 Establishing Detailed Security Requirements for specific ECC profiles Data Access 154.5.3 Basic set of requirements for ECC Digital Signature 165 Recommendations with regard to the end user 175.1 Privacy pr
14、inciples for card issuance and operation . 175.1.1 General . 175.1.2 Protection of the data . 185.1.3 Transparency 185.1.4 Consent in data collection . 185.1.5 Preference for opt-in 185.1.6 Limitation of purpose . 185.1.7 Limitation of period of retention . 185.1.8 Adherence to performance criteria
15、. 185.1.9 Access rights of the data subject . 185.1.10 Secure audit 185.1.11 Data transfer between jurisdictions 185.2 Accessibility 195.3 Usability . 205.3.1 Introduction . 205.3.2 Usability and the physical environment . 205.3.3 Location . 205.3.4 Ease of use 215.3.5 Help 215.3.6 Further issues .
16、216 Privacy features of the ECC . 217 ECC security evaluation . 227.1 General . 227.2 Digital signature services 227.3 Other services provided by an ECC 237.3.1 General . 237.3.2 Security evaluation recommendations . 237.3.3 Security criteria for interoperability 238 Card profiles for the ECC . 258.
17、1 General . 258.2 User accessibility profile . 268.3 Card profile template 26PD CEN/TS 15480-4:2012CEN/TS 15480-4:2012 (E) 3 8.3.1 General . 268.3.2 User accessibility profile 268.3.3 Card durability requirements . 278.3.4 Card layout requirements . 278.3.5 Applications . 278.3.6 Selected card servi
18、ces 278.3.7 Card Info . 278.3.8 Cross application services . 278.3.9 References . 288.4 Identification scheme for ECC profiles . 288.4.1 Card profile 288.4.2 User accessibility profile 28Annex A (informative) Card profiles 29A.1 General . 29A.2 Card Profile 1: eID Application with mandatory ICAO fun
19、ctionality and conditional digital signature functionality 29A.2.1 OID 29A.2.2 General . 29A.2.3 Applications . 29A.2.4 Selected card services 30A.2.5 Card Info . 30A.2.6 Cross application services . 31A.2.7 References . 31A.3 Card Profile 2: Dual-chip card with respective eID and ICAO Application 3
20、2A.3.1 OID 32A.3.2 General . 32A.3.3 Applications . 32A.3.4 Selected card services for ICAO application 32A.3.5 References . 33A.4 Card Profile 3: eServices using a trusted Third Party . 34A.4.1 OID 34A.4.2 General . 34A.4.3 Applications . 34A.4.4 Selected card services 34A.4.5 References . 34A.5 Ca
21、rd Profile 4: Health Insurance Card . 35A.5.1 OID 35A.5.2 General . 35A.5.3 Applications . 35A.5.4 Selected card services 35A.5.5 References . 35A.6 Card Profile 5: Mono-application / Multi-service 36A.6.1 OID 36A.6.2 General . 36A.6.3 Card durability requirements . 36A.6.4 Applications . 36A.6.5 Se
22、lected card services 36A.6.6 References . 39Annex B (informative) User accessibility profile . 40B.1 General . 40B.2 User accessibility profile according to ISO/IEC 12905:2011 . 40B.2.1 OID 40B.2.2 General . 40B.2.3 Interfaces / transport protocols . 40B.2.4 Data elements and data structures 41B.2.5
23、 Card services . 42B.2.6 Command set . 42B.2.7 Data structure of Global UCI 43PD CEN/TS 15480-4:2012CEN/TS 15480-4:2012 (E) 4 B.2.8 Data structure of Local UCI . 43B.2.9 References . 43Annex C (informative) Reference documents . 44C.1 EU legal acts 44C.2 Security documents . 44C.3 Technical standard
24、s (non-normative references) . 44C.4 Other relevant documents . 45PD CEN/TS 15480-4:2012CEN/TS 15480-4:2012 (E) 5 Foreword This document (CEN/TS 15480-4:2012) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and op
25、erations”, the secretariat of which is held by AFNOR. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for identifying any or all such patent rights. CEN/TS 15480 “Identification car
26、d systems European Citizen Card“ consists of the four following parts: Part 1: Physical, electrical and transport protocol characteristics; Part 2: Logical data structures and card services; Part 3: European Citizen Card Interoperability using an application interface; Part 4: Recommendations for Eu
27、ropean Citizen Card issuance, operation and use. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finla
28、nd, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. PD CEN/TS 15480-4:2012CEN/TS 15480-4:2012 (E) 6 1 Scope CEN/TS 15480-4 r
29、ecommends card issuance and operational procedures including citizens registration. CEN/TS 15480-4 gives recommendations with regard to the end-user e.g. with respect to privacy and accessibility aspects. CEN/TS 15480-4 also identifies a set of standard ECC card profiles (e.g. National ID Card, Heal
30、th Card, Card issued by a Municipality), that can be used as basis for the specification of new ECC projects. For each profile, this Technical Specification uses a specified template which selects a subset of technical requirements from CEN/TS 15480-1, CEN/TS 15480-2:2011 and CEN/TS 15480-3:2010. co
31、nsiders the operation of the ECC in its particular environment. The target audience of CEN/TS 15480-4 is the card issuer. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references,
32、only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. CEN/TS 15480-1, Identification card systems European Citizen Card Part 1: Physical, electrical and transport protocol characteristics CEN/TS 15480-2:2011, Identif
33、ication card systems European Citizen Card Part 2: Logical data structures and card services CEN/TS 15480-3:2010, Identification card systems European Citizen Card Part 3: European Citizen Card Interoperability using an application interface ISO/IEC 12905:2011, Integrated circuit cards Enhanced Term
34、inal Accessibility using cardholder preference interface 3 Abbreviations For the purposes of this document, the following abbreviations apply. ARIS Applicant Registration and Issuance System ECC European Citizen Card EMS ECC management system ID card Identification Card IVAS Identity Authentication
35、and Verification System MRTD Machine Readable Travelling Document PKI Public Key Infrastructure PD CEN/TS 15480-4:2012CEN/TS 15480-4:2012 (E) 7 4 General recommendations on card issuance and operational procedures 4.1 Initial considerations for an ECC project CEN/TS 15480-4 does not aim at providing
36、 an overall solution on how to design and run a complete EMS. It provides some guidance to overcome common challenges that the organisations responsible for the conception and management of the system are likely to face, including the following issues. Clear identification of the main purposes of th
37、e system and of the nature of the assets to be protected shall lead to the early definition of the security policy to run the system The ECC may be issued for different purposes: it can act for example as a national ID card, travelling card, e-government or health insurance card. Following its inten
38、ded purpose, the EMS main purpose can diverge: to enhance security, to increase efficiency in the provision of services, to reduce identity fraud or to cut expenses by establishing a system of privileges upon card and users authentication. It is assumed that privacy protection is a common objective.
39、 The use cases will define the applications to be selected by the card. In this Technical Specification, use cases translate into ECC profiles (see Annex A), that precisely describe card security mechanisms. The practical work of the project can be summarized in the next four points: the analysis of
40、 risks based on the ECC use case; the definition of security policies to minimize the impact of those risks; the integration of those security policies within a modular architectural framework; the choice of technologies for implementation of the modules and of the communication interfaces between t
41、he system components. A secure, trusted and cost-effective scheme should be carefully studied in order to make the appropriate decisions for the inevitable trade-offs in terms of security / cost and security / privacy. The ECC provisions have been specified having in mind the system integrator once
42、the system objectives have been set. For instance CEN/TS 15480-3:2010 provides guidance in relation with the key choices relative to the physical and logical distributions of functionalities, the security architecture model and the definition of interfaces for interoperability. The architectures pro
43、posed in this Technical Specification, are aimed at avoiding unnecessary system complexity. An early decision is the sharing of the security functions between the components of the EMS and the type of e-government services to be provided and their associated risks. Then there are two key issues: to
44、identify the case for strong authentication requiring access to card services; to grant access or not to these services by cardholders external to the domestic system. Then to set the access conditions. Cross-Border access represents a case for strong authentication. The scheme can be able to trust
45、a non-domestic e-identity with a similar level of confidence to that of an e-identity issued by the system itself. Transparent access to an e-government server, using the ECC as an authenticator, requires some degree of harmonization between the infrastructures. This Technical Specification encourag
46、es deployment of middleware-based access to services according to CEN/TS 15480-3:2010 provisions. This architecture is intended to support the interoperability of electronic identity credentials. Clearing and settlement infrastructures for cross-border e-government services are out of the scope of t
47、his Technical Specification. PD CEN/TS 15480-4:2012CEN/TS 15480-4:2012 (E) 8 Trust on e-identity requires confidence on the enrolment and issuance processes through, for instance, the use of the same or similar practices. A set of recommendations is provided in 4.4.2 ff. The EMS should be constructe
48、d of separate modules. Each module performs its own function. The solution should be device/equipment independent so that personalization equipments from several machinery suppliers may be considered. One way to capitalize past investment is by the introduction of a module in the enrolment subsystem able to authenticate and read an electronic document (as an electronic passport) in order to verify the applicants identity at the beginning of the enrolment process At present, limited harmonization exists at European level and significant differences remain between EU Member States
