Foreword<br>1 Scope<br>2 Normative references<br>3 Terms and definitions<br>4 Abbreviations and notation<br>5 Additional Service Selection<br>6 Client/Server Authentication<br> 6.1 General<br> 6.2 Client/Server protocols<br> 6.3 Steps preceding the client/server authentication<br> 6.4 Padding format<br> 6.5 Client/Server protocol<br>7 Role Authentication<br> 7.1 Role Authentication of the card<br> 7.2 Role Authentication of the server<br> 7.3 Symmetrical external authentication<br> 7.4 Asymmetric external authentication<br>8 Encryption Key Decipherment<br> 8.1 Steps preceding the key decryption<br> 8.2 Key Management with RSA<br> 8.3 Diffie-Hellman key exchange<br> 8.4 Algorithm Identifier for DECIPHER<br>9 Signature verification<br> 9.1 Signature verification execution flow<br>10 Certificates for additional services<br> 10.1 File structure<br> 10.2 EF.C.CH.AUT<br> 10.3 EF.C.CH.KE<br> 10.4 Reading Certificates and the public key of CAs<br>11 APDU data structures<br> 11.1 Algorithm Identifiers<br> 11.2 CRTs<br>Annex A (normative) - Security Service Descriptor Templates<br> A.1 Introduction<br> A.2 Security Service Descriptor Concept<br> A.3 SSD Data Objects<br> A.4 Location of the SSD templates<br> A.5 Examples for SSD templates<br>Annex B (informative) - Key and signature formats for elliptic<br> curves over prime fields GF(p)<br> B.1 General<br> B.2 Elliptic curve parameters<br> B.3 Public key point<br> B.4 ECDSA signature format<br>Annex C (informative) - Security environments<br> C.1 Introduction<br> C.2 Definition of CRTs (examples)<br> C.3 Security Environments (example)<br> C.4 Coding of access conditions (example)<br>Annex D (informative) - Interoperability aspects<br> D.1 General<br> D.2 Choosing device authentication<br> D.3 Choosing User verification method<br>Annex E (informative) - Example of DF.CIA<br>Bibliography<br>National Annex NA (informative) Bibliography