1、raising standards worldwideNO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAWBSI Standards PublicationIdentification card systems European Citizen CardPart 5: General IntroductionPD CEN/TS 15480-5:2013National forewordThis Published Document is the UK implementation of CEN/TS 154
2、80-5:2013.The UK participation in its preparation was entrusted to Technical CommitteeIST/17, Cards and personal identification.A list of organizations represented on this committee can be obtained onrequest to its secretary.This publication does not purport to include all the necessary provisions o
3、f acontract. Users are responsible for its correct application. The British Standards Institution 2013Published by BSI Standards Limited 2013ISBN 978 0 580 80141 9ICS 35.240.15Compliance with a British Standard cannot confer immunity fromlegal obligations.This Published Document was published under
4、the authority of theStandards Policy and Strategy Committee on 31 May 2013.Amendments issued since publicationAmd. No. Date Text affectedPUBLISHED DOCUMENTPD CEN/TS 15480-5:2013TECHNICAL SPECIFICATION SPCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 15480-5 April 2013 ICS 35.240.15 English Ver
5、sion Identification card systems - European Citizen Card - Part 5: General Introduction Systmes de cartes didentification - Carte Europene du Citoyen - Partie 5 : Introduction gnrale (ECC-5) Identifikationskartensysteme - Europische Brgerkarte - Teil 5: Allgemeine Einfhrung (ECC-5) This Technical Sp
6、ecification (CEN/TS) was approved by CEN on 12 February 2013 for provisional application. The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be c
7、onverted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the
8、CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece,
9、 Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMIT EUROPEN DE NORMALISATION EUROPISCHES KOMITEE FR NORMUNG Man
10、agement Centre: Avenue Marnix 17, B-1000 Brussels 2013 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TS 15480-5:2013: EPD CEN/TS 15480-5:2013CEN/TS 15480-5:2013 (E) 2 Contents Page Foreword 3 Introduction .4 1 Scope 5 1.1 Scope
11、of CEN/TS 15480-5:2013 5 1.2 Scope of the ECC standard 5 2 Normative references 5 3 Terms and definitions .6 4 Symbols and abbreviations 6 5 Construction of the ECC standard .7 6 Clarification of key concepts used in the ECC standard .7 6.1 Interoperability .7 6.2 Privacy 8 6.3 ECC Profiles .8 6.3.1
12、 General 8 6.3.2 Types of profiles defined in the ECC standard .9 6.3.3 Relationship between ECC Profiles 10 6.3.4 Example of the usage of an ECC Card Profile . 10 6.3.5 Example of the usage of an ECC Application Discovery Profile . 11 6.3.6 Example of usage of an ECC User Accessibility Profile 11 7
13、 Requirements and options 11 8 Part 1: Physical, electrical and transport protocol characteristics . 13 8.1 General . 13 8.2 Compliance with public administration requirements and citizen expectations . 14 8.3 Identifying an ECC holder 14 9 Part 2: Logical data structures and card services 14 10 Par
14、t 3: European Citizen Card Interoperability using an application interface 15 10.1 General . 15 10.2 Tools for smartcard suppliers . 15 10.3 Tools for integrators . 16 10.4 Compatibility with other standards. 17 11 Part 4: Recommendations for European Citizen Card issuance, operation and use 17 Anne
15、x A (informative) Relationship between ECC standard parts and ISO standards 19 A.1 Mapping of ECC to ISO standards 19 Bibliography . 20 PD CEN/TS 15480-5:2013CEN/TS 15480-5:2013 (E) 3 Foreword This document (CEN/TS 15480-5:2013) has been prepared by Technical Committee CEN/TC 224 “Personal identific
16、ation, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CEN and/or CENELEC shall not be held responsible for ident
17、ifying any or all such patent rights. According to the CEN-CENELEC Internal Regulations, the national standards organisations of the following countries are bound to announce this Technical Specification: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, Former
18、Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. PD CEN/TS 15480-5:2013CEN/TS 15480-5:2013 (E
19、) 4 Introduction Within the European Union there will be many integrated circuit cards issued by public bodies and administrations, each of which can house a variety of applications in different combinations. The cardholder can hold several multi-application public service cards and is concerned tha
20、t: He or she knows or can find out which applications are on a card; Applications on a card may be read and dealt with by appropriate terminals; Security is appropriate for the application being used, while also being fit-for-purpose in protecting the users data on the card and ensuring privacy to t
21、he level required. Different cards will have different capabilities. This presents application providers and scheme operators with a number of challenges: Does the card have the specific minimum level of functionality, capability and security features necessary to house the application to be loaded
22、onto the card? Are there other applications on this card that would preclude this application being loaded (including for example, surface printing requirements)? What are the features and functions of the card (that are being used) that the terminal will have to support? This Technical Specificatio
23、n provides mechanisms to resolve the above issues together with a formalised approach that will allow different applications and services to co-exist and interoperate in a single card environment. This Technical Specification also recognises that there will be legacy systems in evidence as and when
24、the ECC card is being introduced. It provides a mechanism (described in CEN/TS 15480-3) by which legacy systems can operate in an ECC environment until cards may be replaced by European Citizen Cards in batches as the opportunity arises. PD CEN/TS 15480-5:2013CEN/TS 15480-5:2013 (E) 5 1 Scope 1.1 Sc
25、ope of CEN/TS 15480-5:2013 The scope of this Technical Specification is to provide a general description of the standard together with an introduction to each part of the ECC standard. Informative Annex A maps the relationship between the various parts of the ECC standard and other ISO/IEC standards
26、 relating to the card platform. 1.2 Scope of the ECC standard The European Citizen Card (ECC) standard addresses the difficulties presented to citizens when attempting to access various public services using a smart card as an access token. The scope of the ECC standard covers card capabilities and
27、structures specified under the following headings: Specific definition of minimum features (for example, card surface print structure). Definition of optional features that may be required to provide the desired electronic services. Specification of discovery mechanisms to allow supported and in-use
28、 card capabilities and features to be identified. Besides covering the hardware and software of the card, the ECC standard also addresses interfaces to readers and servers through middleware components. This simple concept can enable ECC cards to adopt a widely different set of personas, even though
29、 a common application may be housed on cards used in different environments and in different ways. Generically, we can consider ECC cards as being classed as one of the following groups, even though the same application may be loaded (alongside others) in each environment. These groupings are: eID V
30、erification token; Inter-European Union travel document; Provider of logical access to e-Government or local administration services or to private sector services by housing personal credentials. In order to support the above, it is noted that there will be certain minimum requirements upon any card
31、 conforming to the ECC, specifically, the European Citizen Card will be at a minimum a smart card with Identification, Authentication and electronic Signature (IAS) service capabilities. The ECC may act as a bridge between different application requirements of an integrated circuit card and in so do
32、ing act to reduce the number of different European specifications and standards required. The ECC will be issued under the responsibility of a European National Public Administration in order to provide a token supporting one of the above usage groupings by housing one or more relevant applications.
33、 In addition, there is nothing to stop the ECC being used to support private applications and environments which would therefore allow the ECC to be used in a shared public-private application scenario. It is apparent that the ECC is intended to offer the card issuer/ service provider with a great d
34、eal of flexibility in the services that the ECC provides, the authentication mechanisms supported and the local national specific public policy with an special concern to protect the citizen privacy according to the applicable European legislation. 2 Normative references Not applicable. PD CEN/TS 15
35、480-5:2013CEN/TS 15480-5:2013 (E) 6 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1 ECC Application Profile set of ECC mandatory and optional features which is referred to by a unique registered identifier. An Application Profile implements a
36、n interoperable ECC service 3.2 ECC Card Profile profile made up of one or more ECC Application Profiles with their associated electrical interfaces and possibly one or more ECC User Accessibility Profiles. In addition an ECC Card Profile may also include an ECC Durability Profile. An ECC Card Profi
37、le is referred to by a unique registered identifier 3.3 ECC Conditional Feature feature required by an ECC Application Profile 3.4 ECC Durability Profile profile associated with an ECC, which provides information that relates to the card durability performance 3.5 ECC Layout Profile optional profile
38、 which indicates card body requirements 3.6 ECC Mandatory Feature card software feature required to claim compliance with the ECC standard 3.7 ECC Optional Feature card software feature not required to claim compliance with an ECC 3.8 ECC User Accessibility Profile set of card optional features not
39、identified in any ECC Application Profile supported by the card and which may improve the accessibility to services and/or the usability of the ECC. An ECC User Accessibility Profile is referred to by a unique registered identifier 3.9 ECC Discovery Profile set of features supported by the card-appl
40、ications and personalised in different formats depending on card issuers choice. Once read by the terminal, this profile uncovers card-application services with their related data references and the security rules applying to it. This profile allows ECC fitting in an ISO/IEC 24727 framework 4 Symbol
41、s and abbreviations EF Elementary File EF.DIR Elementary File Directory ELC Elliptic Curve cryptography PD CEN/TS 15480-5:2013CEN/TS 15480-5:2013 (E) 7 5 Construction of the ECC standard The ECC standard is specified in five parts as follows: 1) Part 1: Specifies the physical characteristics and con
42、struction of the card including: a) card body; b) electrical interfaces; c) data transport protocols; d) authentication elements visible at the card surface; e) the specification of an ECC Layout Profile and an ECC Durability Profile; 2) Part 2: Specifies the logical characteristics and security fea
43、tures at the card/system Interface. These include: a) the specification of supported services; b) the specification of supported data structures as well as the access to them; c) the definition of the command set; d) the specification of ECC Application Profiles; 3) Part 3: Covers the achievement of
44、 interoperability using an application interface. In particular, this part covers how interoperability can be achieved: a) to fit in a framework designed based on ISO/IEC 24727; b) to provide a means for legacy card support within the ECC framework; c) the specification of ECC Application Discovery
45、Profile; 4) Part 4: Looks at operational and policy issues: a) recommends card issuance and operational procedures including citizen registration; b) makes recommendations for citizen contact and interaction (for example, accessibility, usability, privacy and health and safety issues); c) specifies
46、a number of ECC Card Profiles and ECC User Accessibility Profiles; 5) Part 5: This introductory and overview document. Parts 1 to 4 of the ECC standard are explained in more detail in Clauses 8 to 11. 6 Clarification of key concepts used in the ECC standard 6.1 Interoperability This standard is abou
47、t interoperability in access to services. However, interoperability is a wide ranging concept and its use within this standard requires further qualification. PD CEN/TS 15480-5:2013CEN/TS 15480-5:2013 (E) 8 Interoperability in this context is about integrated circuit cards issued in one environment
48、being able to be used in another, where environments may specify different controlling public administrations, different application environments and different card issuers. This does not, however, imply that all cards are the same, all applications are the same, all terminals are the same and all s
49、ecurity controls are the same. Rather, this standard defines an open framework for interoperability: at the highest level interoperability will be defined by agreements between different service providers within the same or different public administrations; at the lowest level the card must be physically readable in the terminal implying compatibility with ISO/IEC 7816-1, 2, and 3 for contact interface cards or ISO/IEC 14443-1,2 and 3 for contactless interface cards; this standard defines the minimum requirements of card l