Skip to content
Please enter a keyword to search

  • EN 14890-2:2008

    View superseded by
    Superseded A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
    View superseded by

    Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services

    Available format(s): 

    Superseded date:  01-12-2014

    Language(s): 

    Published date:  12-11-2008

    Publisher:  Comite Europeen de Normalisation

    Pure ENs are not available for sale, please purchase a suitable national adoption

    Sorry this product is not available in your region.

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    Foreword
    1 Scope
    2 Normative references
    3 Terms and definitions
    4 Abbreviations and notation
    5 Additional Service Selection
    6 Client/Server Authentication
       6.1 General
       6.2 Client/Server protocols
       6.3 Steps preceding the client/server authentication
       6.4 Padding format
       6.5 Client/Server protocol
    7 Role Authentication
       7.1 Role Authentication of the card
       7.2 Role Authentication of the server
       7.3 Symmetrical external authentication
       7.4 Asymmetric external authentication
    8 Encryption Key Decipherment
       8.1 Steps preceding the key decryption
       8.2 Key Management with RSA
       8.3 Diffie-Hellman key exchange
       8.4 Algorithm Identifier for DECIPHER
    9 Signature verification
       9.1 Signature verification execution flow
    10 Certificates for additional services
       10.1 File structure
       10.2 EF.C.CH.AUT
       10.3 EF.C.CH.KE
       10.4 Reading Certificates and the public key of CAs
    11 APDU data structures
       11.1 Algorithm Identifiers
       11.2 CRTs
    Annex A (normative) - Security Service Descriptor Templates
       A.1 Introduction
       A.2 Security Service Descriptor Concept
       A.3 SSD Data Objects
       A.4 Location of the SSD templates
       A.5 Examples for SSD templates
    Annex B (informative) - Key and signature formats for elliptic
            curves over prime fields GF(p)
       B.1 General
       B.2 Elliptic curve parameters
       B.3 Public key point
       B.4 ECDSA signature format
    Annex C (informative) - Security environments
       C.1 Introduction
       C.2 Definition of CRTs (examples)
       C.3 Security Environments (example)
       C.4 Coding of access conditions (example)
    Annex D (informative) - Interoperability aspects
       D.1 General
       D.2 Choosing device authentication
       D.3 Choosing User verification method
    Annex E (informative) - Example of DF.CIA
    Bibliography

    Abstract - (Show below) - (Hide below)

    Part 2 of this series contains Identification, Authentication and Digital Signature (IAS) services in addition to the SSCD services already described in Part 1 to enable interoperability and usage for IAS on a national or European level.This part describes additional functionality to support generic Identification, Authentication and Digital Signature (IAS) services. It contains the functionality of Part 2 of CEN CWA 14890. This covers key decipherment and client (card holder) server authentication, signature verification and related cryptographic token information.Additionally this document is enhanced in respect toClient-Server (C/S) Authentication Protocols with ELC and their description in DF.CIAIdentity management on base of C/S AuthenticationCard capability description and Application Capability DescriptionThe following items are out of scope:1.The physical, electrical and transport protocol characteristics of the card,2.The error handling process.

    General Product Information - (Show below) - (Hide below)

    Committee CEN/TC 224
    Document Type Standard
    Publisher Comite Europeen de Normalisation
    Status Superseded
    Superseded By

    Standards Referenced By This Book - (Show below) - (Hide below)

    17/30318701 DC : 0 BS ISO/IEC 19286 - IDENTIFICATION CARDS - INTEGRATED CIRCUIT CARDS - PRIVACY-ENHANCING PROTOCOLS AND SERVICES
    PD CEN/TS 15480-2:2012 Identification card systems. European Citizen Card Logical data structures and security services
    S.R. CEN/TS 15480-5:2013 IDENTIFICATION CARD SYSTEMS - EUROPEAN CITIZEN CARD - PART 5: GENERAL INTRODUCTION
    BS ISO/IEC 24727-3 : 2008 IDENTIFICATION CARDS - INTEGRATED CIRCUIT CARD PROGRAMMING INTERFACES - PART 3: APPLICATION INTERFACE
    S.R. CEN/TS 15480-2:2012 IDENTIFICATION CARD SYSTEMS - EUROPEAN CITIZEN CARD - PART 2: LOGICAL DATA STRUCTURES AND SECURITY SERVICES
    UNI CEN/TS 15480-2 : 2012 IDENTIFICATION CARD SYSTEMS - EUROPEAN CITIZEN CARD - PART 2: LOGICAL DATA STRUCTURES AND SECURITY SERVICES
    CEN/TS 15480-2:2012 Identification card systems - European Citizen Card - Part 2: Logical data structures and security services
    ISO/IEC 7816-4:2013 Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange
    DIN EN 14890-1 E : 2009 APPLICATION INTERFACE FOR SMART CARDS USED AS SECURE SIGNATURE CREATION DEVICES - PART 1: BASIC SERVICES
    ISO/IEC 19286:2018 Identification cards — Integrated circuit cards — Privacy-enhancing protocols and services
    I.S. EN 14890-1:2008 APPLICATION INTERFACE FOR SMART CARDS USED AS SECURE SIGNATURE CREATION DEVICES - PART 1: BASIC SERVICES
    DIN EN 14890-1:2009-03 APPLICATION INTERFACE FOR SMART CARDS USED AS SECURE SIGNATURE CREATION DEVICES - PART 1: BASIC SERVICES
    UNI CEN/TS 15480-5 : 2013 IDENTIFICATION CARD SYSTEMS - EUROPEAN CITIZEN CARD - PART 5: GENERAL INTRODUCTION
    BS ISO/IEC 19286:2018 Identification cards. Integrated circuit cards. Privacy-enhancing protocols and services
    S.R. CEN/TS 419241:2014 SECURITY REQUIREMENTS FOR TRUSTWORTHY SYSTEMS SUPPORTING SERVER SIGNING
    CEN/TS 419241:2014 Security Requirements for Trustworthy Systems Supporting Server Signing
    UNI CEN/TS 419241 : 2014 SECURITY REQUIREMENTS FOR TRUSTWORTHY SYSTEMS SUPPORTING SERVER SIGNING
    PD CEN/TS 15480-5:2013 Identification card systems. European Citizen Card General Introduction
    ISO/IEC 24727-3:2008 Identification cards Integrated circuit card programming interfaces Part 3: Application interface
    EN 14890-1:2008 Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services
    CSA ISO/IEC 7816-4 : 2015 IDENTIFICATION CARDS - INTEGRATED CIRCUIT CARDS - PART 4: ORGANIZATION, SECURITY AND COMMANDS FOR INTERCHANGE
    BS EN 14890-1:2008 Application interface for smart cards used as secure signature creation devices Basic services
    INCITS/ISO/IEC 24727-3 : 2009(R2014) IDENTIFICATION CARDS - INTEGRATED CIRCUIT CARD PROGRAMMING INTERFACES - PART 3: APPLICATION INTERFACE
    PD CEN/TS 15480-1:2012 Identification card systems. European Citizen Card Physical, electrical and transport protocol characteristics
    BS ISO/IEC 7816-4 : 2013 IDENTIFICATION CARDS - INTEGRATED CIRCUIT CARDS - PART 4: ORGANIZATION, SECURITY AND COMMANDS FOR INTERCHANGE
    UNI CEN/TS 15480-1 : 2012 IDENTIFICATION CARD SYSTEMS - EUROPEAN CITIZEN CARD - PART 1: PHYSICAL, ELECTRICAL AND TRANSPORT PROTOCOL CHARACTERISTICS
    PD CEN/TS 419241:2014 Security Requirements for Trustworthy Systems Supporting Server Signing
    S.R. CEN/TS 15480-1:2012 IDENTIFICATION CARD SYSTEMS - EUROPEAN CITIZEN CARD - PART 1: PHYSICAL, ELECTRICAL AND TRANSPORT PROTOCOL CHARACTERISTICS
    CEN/TS 15480-5:2013 Identification card systems - European Citizen Card - Part 5: General Introduction
    CEN/TS 15480-1:2012 Identification card systems - European Citizen Card - Part 1: Physical, electrical and transport protocol characteristics

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 7816-8:2016 Identification cards Integrated circuit cards Part 8: Commands and mechanisms for security operations
    ISO/IEC 7816-9:2004 Identification cards Integrated circuit cards Part 9: Commands for card management
    ISO/IEC 7816-4:2013 Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange
    FIPS PUB 180 : 2002 SECURE HASH STANDARD
    EN 14890-1:2008 Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective