UNI EN 14890-2 : 2009
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
APPLICATION INTERFACE FOR SMART CARDS USED AS SECURE SIGNATURE CREATION DEVICES - PART 2: ADDITIONAL SERVICES
29-01-2015
01-01-2009
Foreword
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations and notation
5 Additional Service Selection
6 Client/Server Authentication
6.1 General
6.2 Client/Server protocols
6.3 Steps preceding the client/server authentication
6.4 Padding format
6.5 Client/Server protocol
7 Role Authentication
7.1 Role Authentication of the card
7.2 Role Authentication of the server
7.3 Symmetrical external authentication
7.4 Asymmetric external authentication
8 Encryption Key Decipherment
8.1 Steps preceding the key decryption
8.2 Key Management with RSA
8.3 Diffie-Hellman key exchange
8.4 Algorithm Identifier for DECIPHER
9 Signature verification
9.1 Signature verification execution flow
10 Certificates for additional services
10.1 File structure
10.2 EF.C.CH.AUT
10.3 EF.C.CH.KE
10.4 Reading Certificates and the public key of CAs
11 APDU data structures
11.1 Algorithm Identifiers
11.2 CRTs
Annex A (normative) - Security Service Descriptor Templates
A.1 Introduction
A.2 Security Service Descriptor Concept
A.3 SSD Data Objects
A.4 Location of the SSD templates
A.5 Examples for SSD templates
Annex B (informative) - Key and signature formats for
elliptic curves over prime fields GF(p)
B.1 General
B.2 Elliptic curve parameters
B.3 Public key point
B.4 ECDSA signature format
Annex C (informative) - Security environments
C.1 Introduction
C.2 Definition of CRTs (examples)
C.3 Security Environments (example)
C.4 Coding of access conditions (example)
Annex D (informative) - Interoperability aspects
D.1 General
D.2 Choosing device authentication
D.3 Choosing User verification method
Annex E (informative) - Example of DF.CIA
Bibliography
Defines additional functionality to support generic Identification, Authentication and Digital Signature (IAS) services. Covers the functionality of Part 2 of CEN CWA 14890. Also includes key decipherment and client (card holder) server authentication, signature verification and related cryptographic token information.
| DocumentType |
Standard
|
| PublisherName |
Ente Nazionale Italiano di Unificazione (UNI)
|
| Status |
Superseded
|
| SupersededBy |
| Standards | Relationship |
| EN 14890-2:2008 | Identical |
| ISO/IEC 7816-8:2016 | Identification cards Integrated circuit cards Part 8: Commands and mechanisms for security operations |
| ISO/IEC 7816-9:2004 | Identification cards Integrated circuit cards Part 9: Commands for card management |
| ISO/IEC 7816-4:2013 | Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange |
| EN 14890-1:2008 | Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.