{"id":349345,"date":"2024-10-20T00:36:11","date_gmt":"2024-10-20T00:36:11","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-en-419212-22014\/"},"modified":"2024-10-26T00:16:41","modified_gmt":"2024-10-26T00:16:41","slug":"bs-en-419212-22014","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-en-419212-22014\/","title":{"rendered":"BS EN 419212-2:2014"},"content":{"rendered":"

This European Standard contains Identification, Authentication and Digital Signature (IAS) services in addition to the SSCD mechanisms already described in EN 419212-1 to enable interoperability and usage for IAS services on a national or European level. It also specifies additional mechanisms like key decipherment, Client Server authentication, identity management and privacy related services.<\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
4<\/td>\nContents <\/td>\n<\/tr>\n
7<\/td>\nForeword <\/td>\n<\/tr>\n
9<\/td>\n1 Scope
2 Normative references
3 Terms and definitions <\/td>\n<\/tr>\n
11<\/td>\n4 Abbreviations and notation <\/td>\n<\/tr>\n
13<\/td>\n5 Additional Service Selection <\/td>\n<\/tr>\n
16<\/td>\n6 Client\/Server Authentication
6.1 Client\/Server protocols <\/td>\n<\/tr>\n
17<\/td>\n6.2 Steps preceding the client\/server authentication
6.3 Padding format
6.3.1 PKCS #1 v 1-5 Padding <\/td>\n<\/tr>\n
18<\/td>\n6.3.2 PKCS #1 V 2.x (PSS) Padding <\/td>\n<\/tr>\n
19<\/td>\n6.3.3 Building the DSI on ECDSA <\/td>\n<\/tr>\n
20<\/td>\n6.4 Client\/Server protocol
6.4.1 Step\u00a01 \u2014 Read certificate <\/td>\n<\/tr>\n
21<\/td>\n6.4.2 Step\u00a02 \u2014 Set signing key for client\/server internal authentication <\/td>\n<\/tr>\n
22<\/td>\n6.4.3 Step\u00a03 \u2014 Internal authentication <\/td>\n<\/tr>\n
24<\/td>\n6.4.4 Client\/Server authentication execution flow <\/td>\n<\/tr>\n
26<\/td>\n6.4.5 Command data field for the client server authentication
6.4.5.1 RSA
6.4.5.2 ECDSA
6.4.5.3 Other algorithms <\/td>\n<\/tr>\n
27<\/td>\n7 Role Authentication
7.1 Role Authentication of the card
7.2 Role Authentication of the server
7.3 Symmetrical external authentication
7.3.1 Protocol <\/td>\n<\/tr>\n
28<\/td>\n7.3.1.1 Keys definition
7.3.1.2 Naming rules <\/td>\n<\/tr>\n
29<\/td>\n7.3.1.3 Step\u00a01 \u2014 Read key exchange parameters <\/td>\n<\/tr>\n
30<\/td>\n7.3.1.4 Step\u00a02 \u2014 Select Key for symmetrical external authentication <\/td>\n<\/tr>\n
31<\/td>\n7.3.1.5 Step\u00a03 \u2014 Challenge generation
7.3.1.6 Step\u00a04 \u2014 External authentication <\/td>\n<\/tr>\n
32<\/td>\n7.3.2 Description of the cryptographic mechanisms
7.3.3 Role description <\/td>\n<\/tr>\n
33<\/td>\n7.4 Asymmetric external authentication
7.4.1 Protocol based on RSA
7.4.1.1 Step\u00a01 \u2014 Success certificate verification <\/td>\n<\/tr>\n
34<\/td>\n7.4.1.2 Step\u00a02 \u2014 Selection of verification key PuK.IFD.RA
7.4.1.3 Step\u00a03 \u2014 Get Challenge <\/td>\n<\/tr>\n
35<\/td>\n7.4.1.4 Step\u00a04 \u2014 External authentication
7.4.1.5 Role description <\/td>\n<\/tr>\n
36<\/td>\n7.4.2 Protocol based on modular Enhanced Role Authentication (mERA) <\/td>\n<\/tr>\n
41<\/td>\n7.4.2.1 Step\u00a0A \u2014 Set the cryptographic context <\/td>\n<\/tr>\n
42<\/td>\n7.4.2.2 Step B \u2013 Get challenge <\/td>\n<\/tr>\n
43<\/td>\n7.4.2.3 Step C \u2013 GENERAL AUTHENTICATE (C1) <\/td>\n<\/tr>\n
44<\/td>\n7.4.2.4 Stage 3 \u2013 Internal authentication of the ICC (C2) <\/td>\n<\/tr>\n
45<\/td>\n7.4.2.5 Step D \u2013 Certificate verification <\/td>\n<\/tr>\n
46<\/td>\n7.4.2.6 Step E \u2013 Retrieval of public parameters for key agreement <\/td>\n<\/tr>\n
47<\/td>\n7.4.2.7 Step F \u2013 Key Agreement <\/td>\n<\/tr>\n
49<\/td>\n7.4.2.8 Cryptographic suites <\/td>\n<\/tr>\n
50<\/td>\n7.4.2.9 Certificate format <\/td>\n<\/tr>\n
51<\/td>\n8 Symmetric key transmission between a remote server and the ICC
8.1 Steps preceding the key transport
8.2 Key encryption with RSA <\/td>\n<\/tr>\n
52<\/td>\n8.2.1 PKCS#1 v1.5 padding
8.2.2 OAEP padding <\/td>\n<\/tr>\n
53<\/td>\n8.2.3 Execution flow <\/td>\n<\/tr>\n
54<\/td>\n8.2.3.1 Step\u00a01 \u2014 Set deciphering key <\/td>\n<\/tr>\n
55<\/td>\n8.2.3.2 Step\u00a02 \u2014 Decipher key <\/td>\n<\/tr>\n
56<\/td>\n8.3 Diffie-Hellman key exchange for key encipherment <\/td>\n<\/tr>\n
58<\/td>\n8.3.1 Execution flow
8.3.1.1 Step\u00a01: Select DH encryption key <\/td>\n<\/tr>\n
59<\/td>\n8.3.1.2 Step\u00a02: Derivation of the shared secret. <\/td>\n<\/tr>\n
60<\/td>\n9 Signature verification
9.1 Signature verification execution flow <\/td>\n<\/tr>\n
61<\/td>\n9.1.1 Step\u00a01: Receive Hash <\/td>\n<\/tr>\n
62<\/td>\n9.1.2 Step\u00a02: Select verification key <\/td>\n<\/tr>\n
63<\/td>\n9.1.3 Step\u00a03: Verify digital signature <\/td>\n<\/tr>\n
64<\/td>\n10 Certificates for additional services
10.1 File structure <\/td>\n<\/tr>\n
65<\/td>\n10.2 EF.C_X509.CH.DS
10.3 EF.C.CH.AUT
10.4 EF.C.CH.KE
10.5 Reading Certificates and the public key of CAs <\/td>\n<\/tr>\n
67<\/td>\n11 Privacy Context functions
11.1 Introduction
11.2 Auxiliary Data Comparison <\/td>\n<\/tr>\n
68<\/td>\n11.2.1 Presentation of the auxiliary data <\/td>\n<\/tr>\n
70<\/td>\n11.2.2 Age Verification <\/td>\n<\/tr>\n
71<\/td>\n11.2.3 Document Validation <\/td>\n<\/tr>\n
72<\/td>\n11.3 Restricted Identification <\/td>\n<\/tr>\n
75<\/td>\n11.3.1 Command APDU for Step RI:1 <\/td>\n<\/tr>\n
76<\/td>\n11.3.2 Command APDU for Step RI:2 <\/td>\n<\/tr>\n
79<\/td>\n11.4 eServices with trusted third party protocol <\/td>\n<\/tr>\n
80<\/td>\n11.4.1 mERA-based eServices with trusted third party protocol <\/td>\n<\/tr>\n
81<\/td>\n11.4.1.1 Authentication steps <\/td>\n<\/tr>\n
83<\/td>\n11.4.1.2 Step 2: Verify PIN
11.4.1.3 Step 3: Get Data \/ General Authenticate <\/td>\n<\/tr>\n
85<\/td>\n11.4.2 mEAC-based eServices with trusted third party <\/td>\n<\/tr>\n
86<\/td>\n11.4.2.1 Stage 1: Loading a profile on to the ICC <\/td>\n<\/tr>\n
87<\/td>\n11.4.2.2 Stage 2: The Identity Provider completes the profile <\/td>\n<\/tr>\n
88<\/td>\n11.4.2.3 Stage 3: the SP retrieves the completed profile from the ICC
11.5 eServices with two party protocols
11.5.1 mEAC-based eServices with on-line two party protocol <\/td>\n<\/tr>\n
89<\/td>\n11.5.2 mEAC-based eServices with off-line two party protocol <\/td>\n<\/tr>\n
91<\/td>\n12 APDU data structures
12.1 Algorithm Identifiers
12.2 CRTs
12.2.1 CRT DST for selection of ICC\u2019s private client\/server auth. key
12.2.2 CRT AT for selection of ICC\u2019s private client\/server auth. key <\/td>\n<\/tr>\n
92<\/td>\n12.2.3 CRT CT for selection of ICC\u2019s private key
12.2.4 CRT DST for selection of IFD\u2019s public key (signature verification) <\/td>\n<\/tr>\n
93<\/td>\nAnnex\u00a0A (normative)Security Service Descriptor Templates
A.1 Security Service Descriptor Concept <\/td>\n<\/tr>\n
94<\/td>\nA.2 SSD Data Objects
A.2.1 DO Extended Header List, tag \u20184D\u2019
A.2.2 DO Instruction set mapping (ISM), tag \u201880\u2019
A.2.3 DO Command to perform (CTP), tag \u201852\u2019 (refer to ISO\/IEC\u00a07816-6)
A.2.4 DO Algorithm object identifier (OID), tag \u201806\u2019 (refer to ISO\/IEC\u00a07816-6)
A.2.5 DO Algorithm reference, tag \u201881\u2019 <\/td>\n<\/tr>\n
95<\/td>\nA.2.6 DO Key reference, tag \u201882\u2019
A.2.7 DO FID key file, tag \u201883\u2019
A.2.8 DO Key group, tag \u201884\u2019
A.2.9 DO FID base certificate file, tag \u201885\u2019
A.2.10 DO FID adjoined certificate file, tag \u201886\u2019
A.2.11 DO Certificate reference, tag \u201887\u2019
A.2.12 DO Certificate qualifier, tag \u201888\u2019
A.2.13 DO FID for file with public key of the certification authority PK(CA), tag \u201889\u2019
A.2.14 DO PIN usage policy, tag \u20185F2F\u2019 <\/td>\n<\/tr>\n
96<\/td>\nA.2.15 DO PIN reference, tag \u20188A\u2019
A.2.16 DO Application identifier (AID), tag \u20184F\u2019 (refer to ISO\/IEC\u00a07816-6)
A.2.17 DO CLA coding, tag \u20188B\u2019
A.2.18 DO Status information (SW1-SW2), tag \u201842\u2019 (refer to ISO\/IEC\u00a07816-6)
A.2.19 DO Discretionary data, tag \u201853\u2019 (refer to ISO\/IEC\u00a07816-6)
A.2.20 DO SE number, tag \u20188C\u2019 <\/td>\n<\/tr>\n
97<\/td>\nA.2.21 DO SSD profile identifier, tag \u20188D\u2019
A.2.22 DO FID mapping, tag \u20188E\u2019
A.3 Location of the SSD templates
A.4 Examples for SSD templates <\/td>\n<\/tr>\n
99<\/td>\nAnnex\u00a0B (informative)Security environments <\/td>\n<\/tr>\n
100<\/td>\nB.1 Definition of CRTs (examples) <\/td>\n<\/tr>\n
101<\/td>\nB.1.1 CRT for Authentication (AT) <\/td>\n<\/tr>\n
102<\/td>\nB.1.2 CRT for Cryptographic Checksum (CCT) <\/td>\n<\/tr>\n
103<\/td>\nB.1.3 CRT for Digital Signature (DST) <\/td>\n<\/tr>\n
104<\/td>\nB.1.4 CRT for confidentiality (CT) <\/td>\n<\/tr>\n
105<\/td>\nB.2 Security Environments (example)
B.2.1 Security Environment #10 <\/td>\n<\/tr>\n
106<\/td>\nB.2.2 Security Environment #11
B.3 Coding of access conditions (example) <\/td>\n<\/tr>\n
107<\/td>\nB.3.1 Access Conditions <\/td>\n<\/tr>\n
108<\/td>\nB.3.2 Access rule references <\/td>\n<\/tr>\n
109<\/td>\nB.3.3 Access conditions for EF.ARR
B.3.4 EF.ARR records <\/td>\n<\/tr>\n
112<\/td>\nAnnex\u00a0C (normative) Algorithm Identifiers \u2014 Coding and specification <\/td>\n<\/tr>\n
119<\/td>\nAnnex\u00a0D (informative) Example of DF.CIA <\/td>\n<\/tr>\n
124<\/td>\nAnnex\u00a0E (informative)Build scheme for object identifiers defined by EN 14890 <\/td>\n<\/tr>\n
126<\/td>\nBibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

Application Interface for smart cards used as Secure Signature Creation Devices – Additional services<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2014<\/td>\n130<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":349352,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[693,2641],"product_tag":[],"class_list":{"0":"post-349345","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-35-240-15","7":"product_cat-bsi","9":"first","10":"instock","11":"sold-individually","12":"shipping-taxable","13":"purchasable","14":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/349345","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/349352"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=349345"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=349345"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=349345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}