BS EN 419212-1:2014

$215.11

Application Interface for smart cards used as Secure Signature Creation Devices – Basic services

Published By	Publication Date	Number of Pages
BSI	2014	254

Guaranteed Safe Checkout

Categories: 35.240.15 - Identification cards. Chip cards. Biometrics, BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

This European Standard specifies mechanisms for smart cards to be used as secure signature creation devices covering: – signature creation; – user verification; – password based authentication; – device authentication; – establishment of a secure channel. The specified mechanisms are suitable for other purposes like services in the context of IAS.

PDF Catalog

PDF Pages	PDF Title
4	Contents Page
9	Foreword
11	Introduction
12	1 Scope 2 Normative references
13	3 Terms and definitions
17	4 Symbols and abbreviations
20	5 Signature application 5.1 Application Flow
24	5.2 Trusted environment versus untrusted environment 5.3 Selection of ESIGN application 5.3.1 General
25	5.3.2 Exceptions for Secure Messaging 5.4 Selection of cryptographic information application
26	5.5 Concurrent usage of signature applications 5.5.1 General 5.5.2 Methods of channel selection 5.5.3 Security issues on multiple channels 5.6 Security environment selection
27	5.7 Key selection 5.8 Security Services
28	6 User verification 6.1 General 6.2 Knowledge based user verification 6.2.1 General
29	6.2.2 Explicit user verification
30	6.2.3 Password based mechanisms 6.2.4 Presentation formats 6.2.5 Retry and Usage counters
31	6.2.6 Password Change 6.2.7 Reset of RC and setting a new password
32	6.3 Biometric user verification 6.3.1 General
33	6.3.2 Retrieval of the Biometric Information Template
34	6.3.3 Performing the biometric user verification 6.3.3.1 General 6.3.3.2 Sensor off-card
35	6.3.3.3 Biometric Templates
36	6.3.3.4 Sensor on-card 6.3.4 Reset of RC 7 Digital Signature Service 7.1 General
37	7.2 Signature generation algorithms 7.3 Activation of digital signature service
38	7.4 General aspects
39	7.5 Signature Generation 7.5.1 General 7.5.2 No hashing in Card
40	7.5.3 Partial hashing
41	7.5.4 All hashing in ICC
42	7.6 Selection of different keys, algorithms and input formats 7.6.1 General
43	7.6.2 Restore an existing SE
44	7.6.3 Setting the Hash Template (HT) of a current Security Environment (SE) 7.6.4 Modify the Digital Signature Template (DST) of a current Security Environment (SE)
45	7.7 Read certificates and certificate related information 7.7.1 General 7.7.2 Read certificate related CIOs
46	7.7.3 Read signer’s certificate from ICC 7.7.4 Retrieval of the signer’s certificate from a directory service
47	8 Device authentication 8.1 General
48	8.2 Asymmetric Authentication introduction 8.3 Certification authorities and certificates 8.3.1 Certificate chains
49	8.3.2 Usage of link certificates
50	8.4 Authentication environments 8.4.1 General 8.4.2 SCA in trusted environment 8.4.3 SCA in untrusted environment
51	8.4.4 Specification of the environment 8.4.5 Display message mechanism 8.4.6 Additional authentication environments 8.5 Key transport and key agreement mechanisms
52	8.6 Key transport protocol based on RSA 8.6.1 General
54	8.6.2 Authentication Steps 8.6.2.1 General 8.6.2.2 Step A — Skip to authentication (conditional) 8.6.2.3 Step B — Selection of verification key PuK.RCA.AUT (conditional)
55	8.6.2.4 Step C — Verify Certificate C_CV.CA.CS_AUT (conditional)
57	8.6.2.5 Step D — Selection of verification key PuK.CAIFDAUT
58	8.6.2.6 Step E — Verify Certificate C_CV.IFD.AUT 8.6.2.7 Step F — Skip reading chain certificates
59	8.6.2.8 Step G — Read C.CAICC.AUT (conditional) 8.6.2.9 Step H — Read ICC’s certificate C.ICC.AUT
60	8.6.2.10 Step I — Key selection
61	8.6.2.11 Step J — Internal Authentication
63	8.6.2.12 Step K — Get Challenge 8.6.2.13 Step L — External authentication
64	8.6.3 Session Key creation
65	8.7 Device authentication with privacy protection 8.7.1 General 8.7.2 Authentication steps 8.7.2.1 General
69	8.7.2.2 Step 1 — Read key exchange parameters
70	8.7.2.3 Step 2 — IFD selects the public key parameter set and sends KIFD
71	8.7.2.4 Step 3 — ICC computes KICC
74	8.7.2.5 Step 4 — Skip reading chain certificates
75	8.7.2.6 Step 5 — Selection of verification key PuK.(R)CAIFD.CS_AUT (conditional) 8.7.2.7 Step 6 — Verify Certificate C_CV.CAIFD.CS_AUT (conditional)
77	8.7.2.8 Step 7 — Selection of verification key PuK.CAIFD.AUT 8.7.2.9 Step 8 — Verify Certificate C_CV.IFD.AUT
78	8.7.2.10 Step 9 — Key Selection for external authentication
79	8.7.2.11 Step 10 — Get Challenge
80	8.7.2.12 Step 11 — External authentication
81	8.7.2.13 Step 12 — Read C.CAICC.AUT (conditional)
82	8.7.2.14 Step 13 — Read ICC’s certificate C.ICC.AUT 8.7.2.15 Step 14 — Key selection
83	8.7.2.16 Step 15 — Internal Authentication
84	8.8 Privacy constrained Modular EAC (mEAC) protocol with non-traceability feature 8.8.1 General
85	8.8.2 Example for traceability case 8.8.3 Notation
86	8.8.4 Authentication steps 8.8.4.1 General
88	8.8.4.2 Step 1 — Reading of the protocol relevant public parameters
89	8.8.4.3 Step 2 — User verification (conditional) 8.8.4.4 Step 3 — Selection of verification key PuK.(R)CAIFD.CS_AUT (conditional)
90	8.8.4.5 Step 4 — Verify Certificate C_CV.CAIFD.CS_AUT (conditional)
91	8.8.4.6 Step 5 — Selection of verification key PuK.CAIFD.AUT 8.8.4.7 Step 6 — Verify Certificate C_CV.IFD.AUT
92	8.8.4.8 Step 7 — Key Selection for external authentication
94	8.8.4.9 Step 8 — Get Challenge 8.8.4.10 Step 9 — External authentication
96	8.8.4.11 Step 10 — Reading of the public key PuK.ICC.KA (conditionally)
97	8.8.4.12 Step 11 — Selection of Algorithm and keys
99	8.8.4.13 Step 12 — Key agreement
100	8.8.4.14 Step 13 — Establishment of new secure channel 8.8.4.15 Step 14 — Read and verify ICC’s certificate
101	8.8.5 Unlinkablity Mechanism with individual private keys 8.8.5.1 General
102	8.8.5.2 Key derivation 8.8.5.3 Step X.1 – Request for randomisation
104	8.8.5.4 Step 2.2 — GA: Get nonce
105	8.8.5.5 PCA mechanism
107	8.8.5.6 Step 7.1 — Key Selection for external authentication
109	8.8.5.7 Step 12.1 DH key agreement
110	8.9 Symmetric authentication scheme 8.9.1 General 8.9.2 Authentication steps 8.9.2.1 General
112	8.9.2.2 Step A — Read SN.ICC
113	8.9.2.3 Step B — Get Challenge 8.9.2.4 Step C — Mutual authentication
114	8.9.3 Session Key creation
115	8.10 Compute Session keys from key seed KIFD/ICC 8.10.1 General 8.10.2 Generation of key data 8.10.3 Partitioning of the key data 8.10.4 Algorithm and method specific definition for key derivation 8.10.4.1 TDES
116	8.10.4.2 AES-128 using EMAC (SHA-1 version)
117	8.10.4.3 AES-128 using CMAC (SHA-1 version) 8.10.4.4 AES using EMAC (SHA-256 version)
118	8.10.4.5 AES using CMAC (SHA–256 version) 8.10.5 Key derivation from passwords 8.10.5.1 General 8.10.5.2 3DES Key derivation
119	8.10.5.3 AES-128 Key derivation 8.10.5.4 AES-192 Key derivation 8.10.5.5 AES-256 Key derivation
120	8.11 Compute send sequence counter SSC 8.12 Post-authentication phase
121	8.13 Ending the secure session 8.13.1 General 8.13.2 Example for ending a secure session 8.13.3 Rules for ending a secure session 8.14 Reading the Display Message
124	8.15 Updating the Display Message
125	9 Password-based authentication protocols 9.1 General 9.2 Notation
126	9.3 Authentication steps 9.3.1 General
127	9.3.2 Step 1 — Reading the protocol relevant public parameters
129	9.3.3 Step 2 — Set PBM parameters and generate blinding point
130	9.3.4 Step 3 — Get encrypted nonce
131	9.3.5 Step 4.1 — Map nonce and compute generator point for generic mapping
132	9.3.6 Step 4.2 — Map nonce and compute generator point for integrated mapping 9.3.6.1 General 9.3.6.2 Description of the R function
135	9.3.7 Step 5 — Generate session keys
136	9.3.8 Step 6 — Explicit key authentication
137	10 Secure Messaging 10.1 General 10.2 CLA byte 10.3 TLV coding of command and response message
138	10.4 Treatment of SM-Errors 10.5 Padding for checksum calculation 10.6 Send sequence counter (SSC) 10.7 Message structure of Secure Messaging APDUs 10.7.1 Cryptograms
141	10.7.2 Cryptographic Checksums
145	10.7.3 Final command APDU construction 10.8 Response APDU protection
152	10.9 Use of TDES and AES 10.9.1 TDES/AES encryption/decryption
153	10.9.2 CBC mode 10.9.3 Retail MAC with TDES
154	10.9.4 EMAC with AES
156	10.9.5 CMAC with AES
157	11 Key Generation 11.1 General 11.2 Key generation and export using PrK.ICC.AUT 11.3 Key generation and export with SM
158	11.4 Write certificates 12 Key identifiers and parameters 12.1 General 12.2 Key identifiers (KID) 12.2.1 General 12.2.2 Secret and private keys 12.3 Public Key parameters 12.3.1 General
159	12.3.2 RSA public key parameters 12.4 Diffie-Hellman key exchange parameters 12.5 Authentication tokens in the protocols mEACv2 and PCA 12.5.1 General 12.5.2 TDES 12.5.3 AES 12.5.4 Ephemeral Public Key Data Object
160	12.6 The compression function Comp( ) 12.7 DSA with ELC public key parameters 12.7.1 General
161	12.7.2 The plain format of a digital signature 12.7.3 The uncompressed encoding
162	12.8 ELC key exchange public parameters 13 Data structures 13.1 CRTs 13.1.1 CRT AT for the selection of internal private authentication keys
163	13.1.2 CRT AT for selection of internal authentication keys 13.1.3 CRT for selection of IFD’s PuK.CAIFD.CS_AUT
164	13.1.4 CRT for selection of IFD’s PuK.IFD.AUT 13.1.5 CRT AT for selection of the public DH / ECDH key parameters 13.1.6 CRT AT for selection of the PBM key parameters
165	13.1.7 GENERAL AUTHENTICATE DH key parameters used by the Privacy Protocol 13.1.8 CRT AT for selection of ICC’s private authentication key
166	13.1.9 CRT for selection of IFD’s PuK.IFD.AUT 13.1.10 CRT for selection of PrK.ICC.KA 13.2 Key transport device authentication protocol
167	13.2.1 EXTERNAL AUTHENTICATE
168	13.2.2 INTERNAL AUTHENTICATE 13.3 Privacy device authentication protocol
169	13.3.1 EXTERNAL AUTHENTICATE (DH case)
170	13.3.2 EXTERNAL AUTHENTICATE (ECDH case)
171	13.3.3 INTERNAL AUTHENTICATE (DH case)
172	13.3.4 INTERNAL AUTHENTICATE (ECDH case)
173	14 AlgIDs, Hash- and DSI Formats 14.1 Algorithm Identifiers and OIDs
174	14.2 Hash Input-Formats 14.2.1 PSO:HASH without command chaining
175	14.2.2 PSO:HASH with command Chaining 14.3 Formats of the Digital Signature Input (DSI)
176	14.3.1 DSI according to ISO/IEC 14888-2 (scheme 2)
177	14.3.2 DSI according to PKCS #1 V 1.5
178	14.3.3 Digest Info for SHA-X
180	14.3.4 DSI according to PKCS #1 V 2.x
181	14.3.5 DSA with DH key parameters 14.3.6 Elliptic Curve Digital Signature Algorithm – ECDSA
182	15 CV_Certificates and Key Management 15.1 Level of trust in a certificate 15.2 Key Management
183	15.3 Certificate types 15.3.1 Card Verifiable Certificates 15.3.2 Signature-Certificates 15.3.3 Authentication Certificates 15.4 Use of the public key extracted from a CV-certificate
184	15.5 Validity of the key extracted from a CV-certificate
185	15.6 CVC structure 15.6.1 Non-self-descriptive certificates 15.6.2 Self-descriptive certificates
186	15.7 Certificate Content 15.7.1 CPI-Certificate Profile Identifier
187	15.7.2 CAR-Certification Authority Reference DO
188	15.7.3 CHR-Certificate Holder Reference DO
189	15.7.4 CHA-Certificate Holder Authorization Data Object (CHA-DO)
191	15.7.5 Role identifier specifications
192	15.7.5.1 Role ID for PuK of CA
193	15.7.5.2 Role ID for PuK for device authentication 15.7.5.3 Processing the role ID
194	15.7.6 CHAT-Certificate Holder Authorization Template (CHAT) 15.7.7 OID — Object identifier 15.7.8 CEDT — Certificate Effective Date Template 15.7.9 CXDT — Certificate Expiration date Template
195	15.8 Certificate signature 15.8.1 Non self-descriptive certificates
196	15.8.2 Self-descriptive certificates 15.9 Coding of the certificate content 15.9.1 Non self-descriptive certificates
197	15.9.2 Self-descriptive certificates 15.9.3 Self-descriptive certificates for elliptic curve cryptography 15.9.3.1 Structure of a self-descriptive CV certificate
198	15.9.3.2 Certificate content template 15.9.3.3 Certificate Profile Identifier 15.9.3.4 Certification Authority Reference Template 15.9.3.5 Certificate Holder Reference Template 15.9.3.6 Certificate Holder Authorization (CHA-Template/CHA-DO)
199	15.9.3.7 Optional certificate extension in self-descriptive certificates
200	15.9.3.8 Public Key 15.9.3.9 OID1 15.9.3.10 Signature
201	15.10 Steps of CVC verification
202	15.10.1 First round: CVC verification from a Root PuK
203	15.10.2 Subsequent round(s) 15.11 Commands to handle the CVC 15.12 C_CV.IFD.AUT (non self-descriptive)
205	15.13 C_CV.CA.CS-AUT (non self-descriptive)
206	15.14 C.ICC.AUT 15.15 Self-descriptive CV Certificate (Example)
207	15.15.1 Public Key 15.15.2 Certificate Holder Authorization Template 15.15.3 Certificate Extension
208	15.15.4 ECDSA Signature
209	16 Files 16.1 File structure
210	16.2 File IDs 16.3 EF.DIR 16.4 EF.SN.ICC
211	16.5 EF.DH 16.6 EF.ELC
212	16.7 EF.C.ICC.AUT
213	16.8 EF.C.CAICC.CS-AUT 16.9 EF.C_X509.CH.DS
214	16.10 EF.C_X509.CA.CS (DF.ESIGN) 16.11 EF.DM
215	17 Cryptographic Information Application
216	17.1 ESIGN cryptographic information layout example
217	17.1.1 EF.CIAInfo
218	17.1.2 EF.AOD
221	17.1.3 EF.PrKD
223	17.1.4 EF.PuKD
224	17.1.5 EF.CD
225	17.1.6 EF.DCOD
228	Annex A (normative)Algorithm Identifiers — Coding and specification
236	Annex B (informative)Device authentication Protocol Properties
238	Annex C (informative)Personalization scenarios
240	Annex D (informative)OID values D.1 OIDs for certificate signatures
241	D.2 OIDs for key transport protocol D.3 OIDs for device authentication with privacy
242	D.4 OIDs for password based mechanisms
243	D.5 OIDs for mEAC protocol D.5.1 OIDs for Chip Device Authentication D.5.2 OIDs for Terminal Device Authentication
244	D.6 OIDs for privacy protocols D.6.1 OIDs for Restricted Identification
245	D.6.2 OIDs for Restricted Identification D.7 OIDs for mEAC based eServices D.7.1 OIDs for Terminal Device Authentication in mEAC-based eServices
246	D.8 OIDs for the PCA mechanism
247	Annex E (informative)Build scheme for object identifiers defined by EN 14890
249	Bibliography

Additional information

Status	Withdrawn
Title	Application Interface for smart cards used as Secure Signature Creation Devices – Basic services
Replaces	BS EN 14890-1:2008
Publisher	BSI
Committee	IST/17
Pages	254
Publication Date	2014-12-31
Withdrawn Date	2018-04-24
Replaced By	BS EN 419212-4:2018, BS EN 419212-2:2017, BS EN 419212-3:2017, BS EN 419212-1:2017, BS EN 419212-5:2018
ISBN	978 0 580 77109 5
Standard Number	BS EN 419212-1:2014
Descriptors	Interfaces (data processing), Computer terminals, Electronic signatures, Data security, Identification methods, Identity cards, Integrated circuit cards, Cryptography, Personal identification numbers, Data processing, Interfaces
ICS Codes	35.240.15 - Identification cards. Chip cards. Biometrics

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS EN 419212-1:2014

PDF Catalog

Related products