1、 STDmBSI BS EN L54b-2-ENGL 2000 Lb24bb 0822235 T5 B BRITISH STANDARD Identification card systems - Inter-sector electronic purse - Part 2: Security architecture The European Standard EN 154621999 has the status of a British Standard ICs 35.240.15 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED
2、 BY COPYRIGHT LAW 3s EN 1546-2:2000 STD-BSI BS EN L546-2-ENGL 2000 D Lb24bb9 082223b 921 BS EN 1546-2:2OOO direction of the DISC Board, was Amd. No. Da published under the authority of the Standards Committee and comes into effect on 15 January ZOO0 National foreword Comments This British Standard i
3、s the English language version of EN 1546-21999. The UK participation in its preparation was entrusted to Technical Committee IST/17, Identification cards and related devices, which has the responsibility to: - aid enquirers to understand the text; - present to the responsible European committee any
4、 enquiries on the - monitor related international and European developments and promulgate interpretation, or proposals for change, and keep the UK interests informe4 them in the UK A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references Th
5、e British Standards which implement intemational or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled ?Intemalional Standards Correspondence Index?, or by using the ?Find? facility of the BSI Standards Electronic Catalogue. A Br
6、itish Standard does not purport to include all the necessary provisions of a conimct. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a fro
7、nt cover, an inside front cover, the EN title page, pages 2 to 110, an inside back cover and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued. O BSI 01-2000 ISBN O SB0 35213 7 STD-BSI BS EN L54b-2-ENGL 2000 II Lb24bb 0822237 8bB m EUROPEAN
8、 STANDARD NORME EUROPENNE EUROPISCHE NORM EN 1546-2 July 1999 ICs 35.240.15 English version Identification card systems - Inter-sector electronic purse - Part 2: Security architecture Systemes de cartes didentification - Porte-monnaie lectronique intersectoriel - Partie 2: Architecture de scurit Ide
9、ntikationskartensycteme - Branchenbergreifende elektronische Geldbrse - Teil 2: Sicherheits-Architektur This European Standard was approved by CEN on 20 May 1999. CEN members are bound to comply with the CENICENELEC Internal Regulations which stipulate the conditions for giving this European Standar
10、d the status of a national standard without any alteration. Up-todate lists and bibliographical references concerning sich national standards may be obtained on application to the Central Secretariat or to any CEN member. This European Standard exists in three official versions (English, French, Ger
11、man). A version in any other language made by traislation under the responsibility of a CEN member into its own language and notified to the Central Secretariat has the same status as tie official versions. CEN members are the national standards bodies of Austria, Belgium, Czech Republic, Denmark, F
12、inland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION EUROPISCHES KOMITEE FR NORMUNG COMIT EUROPEN DE NORMALISATION Central Secretariat: rue de Stassart, 36 8-1050 Bru
13、ssels O 1999 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 1546-2:1999 E Page 2 EN 1546-2: I999 Contents Foreword . .- . 4 i Scope - . 5 2 Normative references 5 Definitions, symbols and abbreviations . - 6 Terms defined in prEN
14、1546-1 . 6 3 3.1 Definitions 6 3.1.1 3.1.2 Terms.specific to this part of EN 1546 7 3.2 Symbols . 8 3.3 Abbreviations 8 3.4 Special notation 9 4 Security Architecture IO 4.1 Security requirements and characteristics 10 4.2 Error handling 11 4.3 Security relevant data elements 12 4.4 Securw procedure
15、s 14 4.4.1 General notes . 14 4.4.2 Load (optional) . 16 4.4.3 Purchase . 24 4.4.4 Purchase Cancellation/lEP Balance Recovery (optional) . 29 Annex A (informative) Additional security procedures . 32 A.? IEP transactions . 32 A . 1 . 1 Currency Exchange . 32 A.1.2 IEP Monitoring . 34 A.1.3 Update IE
16、P parameter . 34 A.2 SAM transactions . 36 A.2.1 Collection 36 A.2.2 SAM Monitoring . 42 A.2.3 Update SAM parameter . 42 A.2.4 Open SAM 46 A.2.5 Close SAM 47 Annex B (informative) Security requirements and security mechanisms . 48 Annex C (informative) Key Management . 51 C.l General . 51 C.2 Key Ma
17、nagement for symmetric algorithms . 51 C.2.1 IEP/PSAM communication . 51 C.2.2 Partitioned master keys for the Purchase transaction 51 C.2.3 IEP/PPSAM communication . 52 C.2.4 PSAM/PPSAM communication . 52 C.2.5 LSAMPPSAM communication . 53 C.2.6 Key separation 53 C.2.7 Key modification . 53 General
18、 requirements for key certification 54 The operational requirements . 56 The pre-operational requirements 57 The operational phase key modification requirements 53 Specification of PKCs . 59 Key Management requirements for interactive Signatures . 59 C.3 C.3.1 C.3.2 C.3.3 C.3.4 C.3.5 C.3.6 C.3.7 C.3
19、.8 Annex D (informative) High-level overview of the Purchase transaction 60 Annex E (informative) Security protocols using DES 4 Key Management for asymmetric algorithms . 54 Key Management requirements . 55 Topology ofthe IEP System . 56 Q BSI 01-2000 STD-BSI BS EN L54b-2-ENGL 2000 m Lb24bb 002223
20、b3D m E.1 E.l.l E.? . 2 E.1.3 E.2 E.3 E.3.1 E.3.2 E.3.3 Page 3 EN 1546-2: 1999 Specific notes for DES . 64 EnciphermenDecipherment using DES . 64 Authentication using DES . 64 Implementation notes for DES 65 Data elements specific for DES . 65 Security protocols -65 Load 65 Purchase ._. 73 Collectio
21、n . 77 Annex F (informative) Security protocols using RSNDSS 83 F.l Specific notes for RSA 83 F.l.l Authentication using RSA . 83 F.1.2 Public key certification using RSA . 83 F.2 Specific notes for DSS 84 F.2.1 Authentication using DSS . 84 F.2.2 Public key certification using DSS . 85 F.3 F.4 Data
22、 elements specific for RSNDSS 86 F.5 Implementation notes for RSNDSS 86 F.6 Security protocols . 87 F.6.1 Load . 87 F.6.2 Purchase 96 F.6.3 Collection . . 101 Annex G (informative) Purchase transaction using 3-step interactive Signatures 107 G . 1 Data elements - 107 G.2 Changes to subclause 4.4.3 1
23、07 G.3 Specific notes for interactive Signatures . 107 G.4 Data elements specific to interactive Signatures 108 G.5 Security protocols . “. . 108 G.5.1 Purchase . 108 Use of public key certificates in IEP Systems 86 O BSI 01-2000 Page 4 EN 1546-2: I999 Foreword This European Standard has been prepar
24、ed by Technical Committee CEN/TC 224 “Machine-readable cards, related device interfaces and operations“, the Secretariat of which is held by AFNOR This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by J
25、anuary 2000, and conflicting national standards shall be withdrawn at the latest by January 2000. According to the CENCENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Czech Republic, Denmark
26、, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom. Annexes designated as “normative“ are part of the body of the standard. Annexes designated “informative“ are given for information only. In this
27、standard, annexes A to G are informative. This European Standard consists of the following parts, under the general title “Identification card systems - Inter-sector electronic purse“ : - Patt 1: Definitions, concepts and structures - Patt 2: Security architecture - Patt 3: Data elements and interch
28、anges - Patt 4 : Data objects O BSI O1 -2000 STD-BSI BS EN LSib-Z-ENGL 2000 I I1624669 0822291 299 111 Page 5 EN 1 546-2: 1999 1 Scope This part of EN 1546 defines the detailed security architecture for IEP systems as they are described in prEN 1546-1. It also describes the application protocols, th
29、e use of cryptographic algorithms and some underlying assumptions concerning the key management necessary to implement IEP systems with sufficient security levels. The general architecture described here allows many types of implementation. It should be noted that the informative annexes of this sta
30、ndard focus on particular implementations. As time progresses it is envisaged that other implementations may come into focus. The security architecture defines the security procedures needed at the application level of the IEP system transactions described in prEN 1546-1, AS and A.6. This architectu
31、re relies on the basic assumptions stated in prEN 1546-1, 1.4. Manual error recovery is outside the scope of this standard. Audit information needed for performing manual error recovery procedures is, however, covered by this standard. The description in this part of the standard is in the form of o
32、rdered exchanges of data between distinct conceptual devices. Operational instructions performed by these devices produce the required ordered exchanges. Examples of meanings of the required operational instructions are presented as mathematical formulae in informative annexes. The transactions in t
33、his part of the standard are described as functional requirements. They define the order of cryptographic proofs and verifications and their related data elements necessary to achieve security in an IEP system. An IEP system conforming to the security architecture defined in this part of EN 1546 may
34、 be implemented in physical devices using generally practised programming techniques. Optimization of computations and data exchanges which preserve the operational requirements of the ordered data exchanges may also be implemented. The data elements and interchanges defined in this part of EN 1546
35、primarily address security issues. In order to fulfil requirements of the IEP System other than security, further data elements and interchanges may be added. The detailed formats of data elements and interchanges between IEPs and devices are described in EN 1546-3 (Data elements and interchanges).
36、2 Normative references This Error! Reference source not found. incorporates by dated or undated reference, provisions from other publications. These normative references are cited at the appropriate places in the text and the publications are listed hereafter. For dated references, subsequent amendm
37、ents to or revisions of any of these publications apply to this Error! Reference source not found. only when incorporated in it by amendment or revision. For undated references the latest edition of the publication referred to applies. prEN 1546-1, Identification card systems - Inter-sector electron
38、ic purse - Part 1 : Definitions, concepts and structures. EN 1546-3, Identification card systems - Inter-sector electronic purse - Part 3 : Data elements and interchanges. prEN 1546-4, Identification card systems - Inter-sector electronic purse - Part 4 : Devices. IS0 8372, Information processing -
39、Modes of operation for a 64-bit block cipher algorithm. ISO/CEI 9797, Information technology - Security techniques - Data integrity mechanism using a cryptographic check function employing a block cipher algorithm. O BSI O1 -2000 - - STDSBSI BS EN 154b-Z-ENGL 2000 I lib2Ybb7 0822242 125 U Page 6 EN
40、1546-2: 1999 3 Definitions, symbols and abbreviations 3.1 Definitions 3.1.1 This part of EN 1546 uses the following terms defined in prEN 1546-1 : 1 ) activation; 2) aggregation; 3) authentication; 4) cancellation; 5) collection; 6) currency exchange; 7) deactivation; 8) electronic value; 9) error r
41、ecovery; IO) identity; Il) inter-sector electronic purse (IEP); 12) IEP balance; 13) IEP monitor; 14) IEP system; 15) key management; 16) key management system; 17) load; 18) load agent; 19) load device; 20) load log; 21) load SAM; 22) negative file; 23) Personal Identification Number (PIN); 24) pur
42、chase; 25) purchase cancellation; 26) purchase device; 27) purchase log; Tenns defined in prEN 1546-1 O BSI 01-2000 STDOBSI BS EN L54b-2-ENGL 2000 ieia Lb24bb9 0822243 Ob1 E Page 7 EN 1 546-2 11 999 28) purchase SAM; 29) purse holder; 30) purse provider; 31) purse provider host; 32) purse provider S
43、AM; 33) Secure Application Module (SAM); 34) SAM monitor; 35) security architecture; 36) service provider; 37) total; 38) value. In order to emphasize terms specific to a general IEP system, throughout EN 1546, these terms commence with capital letters, e.g. Service Provider. 3.1.2 Terms specific to
44、 this part of EN 1546 For the purpose of this part of EN 1546, the following definitions apply: 3.1.2.1 completion code a patt of the response to any component on a given command. It indicates whether the command was successfully performed or not; in the latter case the completion code indicates the
45、 reason why it was not successful 3.1.2.2 disruption attack systematic attempts to disturb the normal functioning of the IEP System by preventing transactions from being performed, e.g. debiting the balance of a component without allowing the associated balance of another component to be correspondi
46、ngly credited 3.1.2.3 dual-mode authentication this mode applies only to Incremental Purchase Transactions where the first debit-credit step is performed in Two-way Authentication mode and further steps are performed in One-way Authentication mode 3.1.2.4 incremental purchase transaction a Purchase
47、transaction performed in serial steps, each being a debit of the IEP and a credit of the PSAM 3.1.2.5 masquerading pretending to be a genuine device, e.g. an IEP, by simulation. Can be prevented by use of secret information, e.g. keys within the genuine devices 3.1.2.6 message authentication code a
48、code, in a message between a sender and a receiver, used to validate the source and part or all of the text of a message. The code is the result of an agreed calculation O BSI 01-2000 STD-BSI BS EN 154b-Z-ENGL 2000 W 1624bh7 0822244 TT8 Page 8 3.1.2.7 non-repudiation providing cryptographic proof th
49、at neither the originator nor the receiver can repudiate having senreceived a given message with its original contents EN 1546-211999 3.1.2.8 one-way authentication a transaction between two components where only one component is authenticated by the other, e.g. only the IEP is authenticated by the PSAM in Purchase transactions in this mode 3.1.2.9 replay to obtain messages from a real IEP transaction and try to replay it later in order to duplicate a transaction or similar. Can be prevented by having some unique
