Customer Support: 131 242

  • There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

DIN EN 14890-1 E : 2009

Superseded
Superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

View Superseded by
superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

APPLICATION INTERFACE FOR SMART CARDS USED AS SECURE SIGNATURE CREATION DEVICES - PART 1: BASIC SERVICES
Superseded date

01-03-2015

Published date

12-01-2013

Foreword<br>1 Scope<br>2 Normative references<br>3 Terms and definitions<br>4 Symbols and abbreviations<br>5 Signature application<br>&nbsp;&nbsp;&nbsp;5.1 Application Flow<br>&nbsp;&nbsp;&nbsp;5.2 Trusted environment versus untrusted environment<br>&nbsp;&nbsp;&nbsp;5.3 Selection of ESIGN application<br>&nbsp;&nbsp;&nbsp;5.4 Selection of cryptographic information application<br>&nbsp;&nbsp;&nbsp;5.5 Concurrent usage of signature applications<br>&nbsp;&nbsp;&nbsp;5.6 Security environment selection<br>&nbsp;&nbsp;&nbsp;5.7 Key selection<br>&nbsp;&nbsp;&nbsp;5.8 Basic Security Services<br>6 User verification<br>&nbsp;&nbsp;&nbsp;6.1 General<br>&nbsp;&nbsp;&nbsp;6.2 Knowledge based user verification<br>&nbsp;&nbsp;&nbsp;6.3 Biometric user verification<br>7 Digital Signature Service<br>&nbsp;&nbsp;&nbsp;7.1 Signature generation algorithms<br>&nbsp;&nbsp;&nbsp;7.2 Activation of digital signature service<br>&nbsp;&nbsp;&nbsp;7.3 General aspects<br>&nbsp;&nbsp;&nbsp;7.4 Signature Generation<br>&nbsp;&nbsp;&nbsp;7.5 Selection of different keys, algorithms and input formats<br>&nbsp;&nbsp;&nbsp;7.6 Read certificates and certificate related information<br>8 Device authentication<br>&nbsp;&nbsp;&nbsp;8.1 Certification authorities and certificates<br>&nbsp;&nbsp;&nbsp;8.2 Authentication environments<br>&nbsp;&nbsp;&nbsp;8.3 Key transport and key agreement mechanisms<br>&nbsp;&nbsp;&nbsp;8.4 Key transport protocol based on RSA<br>&nbsp;&nbsp;&nbsp;8.5 Device authentication with privacy protection<br>&nbsp;&nbsp;&nbsp;8.6 Privacy constrained Modular EAC (mEAC) protocol with<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;non-traceability feature (based on elliptic curves)<br>&nbsp;&nbsp;&nbsp;8.7 Asymmetric Authentication summary<br>&nbsp;&nbsp;&nbsp;8.8 Symmetric authentication scheme<br>&nbsp;&nbsp;&nbsp;8.9 Compute Session keys from key seed K[IFD/ICC]<br>&nbsp;&nbsp;&nbsp;8.10 Compute send sequence counter SSC<br>&nbsp;&nbsp;&nbsp;8.11 Post-authentication phase<br>&nbsp;&nbsp;&nbsp;8.12 Ending the secure session<br>&nbsp;&nbsp;&nbsp;8.13 Reading the Display Message<br>&nbsp;&nbsp;&nbsp;8.14 Updating the Display Message<br>9 Secure messaging<br>&nbsp;&nbsp;&nbsp;9.1 CLA byte<br>&nbsp;&nbsp;&nbsp;9.2 TLV coding of command and response message<br>&nbsp;&nbsp;&nbsp;9.3 Treatment of SM-Errors<br>&nbsp;&nbsp;&nbsp;9.4 Padding for checksum calculation<br>&nbsp;&nbsp;&nbsp;9.5 Send sequence counter (SSC)<br>&nbsp;&nbsp;&nbsp;9.6 Message structure of Secure Messaging APDUs<br>&nbsp;&nbsp;&nbsp;9.7 Response APDU protection<br>&nbsp;&nbsp;&nbsp;9.8 Use of TDES and AES<br>10 Key Generation<br>&nbsp;&nbsp;&nbsp;10.1 Key generation and export using PrK.ICC.AUT<br>&nbsp;&nbsp;&nbsp;10.2 Key generation and export with dynamic or static SM<br>&nbsp;&nbsp;&nbsp;10.3 Write certificates<br>&nbsp;&nbsp;&nbsp;10.4 Setting keys in static secure messaging<br>11 Key identifiers and parameters<br>&nbsp;&nbsp;&nbsp;11.1 Key identifiers<br>&nbsp;&nbsp;&nbsp;11.2 Public Key parameters<br>&nbsp;&nbsp;&nbsp;11.3 DSA with ELC public key parameters<br>&nbsp;&nbsp;&nbsp;11.4 RSA Diffie-Hellman key exchange parameters<br>&nbsp;&nbsp;&nbsp;11.5 ELC key exchange parameters<br>12 Data structures<br>&nbsp;&nbsp;&nbsp;12.1 CRTs<br>&nbsp;&nbsp;&nbsp;12.2 Key transport device authentication protocol<br>&nbsp;&nbsp;&nbsp;12.3 Privacy device authentication protocol<br>13 AlgIDs, Hash- and DSI Formats<br>&nbsp;&nbsp;&nbsp;13.1 Algorithm Identifiers and OIDs<br>&nbsp;&nbsp;&nbsp;13.2 Hash Input-Formats<br>&nbsp;&nbsp;&nbsp;13.3 Formats of the Digital Signature Input (DSI)<br>14 CV_Certificates and Key Management<br>&nbsp;&nbsp;&nbsp;14.1 Level of trust in a certificate<br>&nbsp;&nbsp;&nbsp;14.2 Key Management<br>&nbsp;&nbsp;&nbsp;14.3 Card Verifiable Certificates<br>&nbsp;&nbsp;&nbsp;14.4 Use of the public key extracted from the certificate<br>&nbsp;&nbsp;&nbsp;14.5 Validity of the key extracted from a certificate<br>&nbsp;&nbsp;&nbsp;14.6 Structure of CVC<br>&nbsp;&nbsp;&nbsp;14.7 Certificate Content<br>&nbsp;&nbsp;&nbsp;14.8 Certificate signature<br>&nbsp;&nbsp;&nbsp;14.9 Coding of the certificate content<br>&nbsp;&nbsp;&nbsp;14.10 Steps of CVC verification<br>&nbsp;&nbsp;&nbsp;14.11 Commands to handle the CVC<br>&nbsp;&nbsp;&nbsp;14.12 C_CV.IFD.AUT (non self-descriptive)<br>&nbsp;&nbsp;&nbsp;14.13 C_CV.CA.CS-AUT (non self-descriptive)<br>&nbsp;&nbsp;&nbsp;14.14 C.ICC.AUT<br>&nbsp;&nbsp;&nbsp;14.15 Self-descriptive CV Certificate (Example)<br>15 Files<br>&nbsp;&nbsp;&nbsp;15.1 File structure<br>&nbsp;&nbsp;&nbsp;15.2 File IDs<br>&nbsp;&nbsp;&nbsp;15.3 EF.DIR<br>&nbsp;&nbsp;&nbsp;15.4 EF.SN.ICC<br>&nbsp;&nbsp;&nbsp;15.5 EF.DH<br>&nbsp;&nbsp;&nbsp;15.6 EF.ELC<br>&nbsp;&nbsp;&nbsp;15.7 EF.C.ICC.AUT<br>&nbsp;&nbsp;&nbsp;15.8 EF.C.CA[ICC].CS-AUT<br>&nbsp;&nbsp;&nbsp;15.9 EF.C_X509.CH<br>&nbsp;&nbsp;&nbsp;15.10 EF.C_X509.CA.CS (DF.ESIGN)<br>&nbsp;&nbsp;&nbsp;15.11 EF.DM<br>16 Cryptographic Information Application<br>&nbsp;&nbsp;&nbsp;16.1 ESIGN cryptographic information layout example<br>Annex A (informative) - Device authentication - Cryptographic<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;view<br>&nbsp;&nbsp;&nbsp;A.1 Algorithms for authentication with key exchange or key<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;negotiation<br>&nbsp;&nbsp;&nbsp;A.2 Device authentication with key transport<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;A.2.1 Conformance to ISO/IEC 11770-3<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;A.2.2 Using min(SIG, N-SIG) for the signature token<br>&nbsp;&nbsp;&nbsp;A.3 Device authentication with key negotiation<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;A.3.1 Diffie-Hellman Key Exchange<br>&nbsp;&nbsp;&nbsp;A.4 Device authentication with privacy protection<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;A.4.1 The authenticity of the public DH parameters<br>&nbsp;&nbsp;&nbsp;A.5 Device authentication with non traceability<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;A.5.1 Diffie-Hellman Key Exchange<br>&nbsp;&nbsp;&nbsp;A.6 The 'Grandmaster Chess Attack'<br>Annex B (informative) - Personalization scenarios<br>Annex C (informative) - Build scheme for mEAC Object Identifiers<br>Bibliography<br>National Annex NA (informative) Bibliography

Describes the application interface to Smart Cards during the usage phase, used as Secure Signature Creation Devices (SSCD) according to the Terms of the European Directive on Electronic Signature 1999/93 to enable interoperability and usage as SSCD on a national or European level.

DocumentType
Standard
PublisherName
German Institute for Standardisation (Deutsches Institut für Normung)
Status
Superseded
SupersededBy

Standards Relationship
EN 14890-1:2008 Identical

ISO/IEC 7816-6:2016 Identification cards — Integrated circuit cards — Part 6: Interindustry data elements for interchange
ISO/IEC 8859-1:1998 Information technology 8-bit single-byte coded graphic character sets Part 1: Latin alphabet No. 1
ISO/IEC 24727-1:2014 Identification cards Integrated circuit card programming interfaces Part 1: Architecture
ISO/IEC 15946-1:2016 Information technology Security techniques Cryptographic techniques based on elliptic curves Part 1: General
ISO 11568-2:2012 Financial services — Key management (retail) — Part 2: Symmetric ciphers, their key management and life cycle
ISO/IEC 24727-2:2008 Identification cards Integrated circuit card programming interfaces Part 2: Generic card interface
ISO/IEC 7816-8:2016 Identification cards Integrated circuit cards Part 8: Commands and mechanisms for security operations
ISO/IEC 18033-3:2010 Information technology Security techniques Encryption algorithms Part 3: Block ciphers
ISO/IEC 9796-3:2006 Information technology — Security techniques — Digital signature schemes giving message recovery — Part 3: Discrete logarithm based mechanisms
ISO/IEC 11770-4:2006 Information technology Security techniques Key management Part 4: Mechanisms based on weak secrets
EN ISO 3166-1:2014 Codes for the representation of names of countries and their subdivisions - Part 1: Country codes (ISO 3166-1:2013)
DIN V 66291-2:2003-01 CHIP CARDS WITH DIGITAL SIGNATURE APPLICATION/FUNCTION ACCORDING TO SIGG AND SIGV - PART 2: PERSONALISATION PROCESSES
DIN V 66291-4:2002-04 CHIP CARDS WITH DIGITAL SIGNATURE APPLICATION/FUNCTION ACCORDING TO SIGG AND SIGV - PART 4: BASIC SECURITY SERVICES
FIPS PUB 197 : 2001 ADVANCED ENCRYPTION STANDARD (AES)
ISO/IEC 7816-4:2013 Identification cards Integrated circuit cards Part 4: Organization, security and commands for interchange
FIPS PUB 46 : 0002 DATA ENCRYPTION STANDARD (DES)
ISO/IEC 7816-3:2006 Identification cards — Integrated circuit cards — Part 3: Cards with contacts — Electrical interface and transmission protocols
ISO/IEC 9796-2:2010 Information technology Security techniques Digital signature schemes giving message recovery Part 2: Integer factorization based mechanisms
ISO/IEC 15946-2:2002 Information technology Security techniques Cryptographic techniques based on elliptic curves Part 2: Digital signatures
ISO/IEC 9797-1:2011 Information technology Security techniques Message Authentication Codes (MACs) Part 1: Mechanisms using a block cipher
DIN V 66291-1:2000-04 CHIPCARDS WITH DIGITAL SIGNATUR APPLICATION/FUNCTION ACCORDING TO SIGG AND SIGV - PART 1: APPLICATION INTERFACE
ISO/IEC 7812-1:2017 Identification cards — Identification of issuers — Part 1: Numbering system
ISO 3166-1:2013 Codes for the representation of names of countries and their subdivisions Part 1: Country codes
ISO/IEC 7816-5:2004 Identification cards — Integrated circuit cards — Part 5: Registration of application providers
ISO/IEC 7816-15:2016 Identification cards Integrated circuit cards Part 15: Cryptographic information application
ISO/IEC 14888-2:2008 Information technology Security techniques Digital signatures with appendix Part 2: Integer factorization based mechanisms
FIPS PUB 180 : 2002 SECURE HASH STANDARD
EN 14890-2:2008 Application Interface for smart cards used as Secure Signature Creation Devices - Part 2: Additional Services
TS 102 176-1 : 2.1.1 ELECTRONIC SIGNATURES AND INFRASTRUCTURES (ESI); ALGORITHMS AND PARAMETERS FOR SECURE ELECTRONIC SIGNATURES; PART 1: HASH FUNCTIONS AND ASYMMETRIC ALGORITHMS
DIN V 66291-3:2003-07 CHIP CARDS WITH DIGITAL SIGNATURE APPLICATION/FUNCTION ACCORDING TO SIGG AND SIGV - PART 3: COMMANDS FOR PERSONALISATION
ANSI X9.42 : 2003(R2013) PUBLIC KEY CRYPTOGRAPHY FOR THE FINANCIAL SERVICES: AGREEMENT OF SYMMETRIC KEYS USING DISCRETE LOGARITHM CRYPTOGRAPHY
ISO/IEC 7816-11:2004 Identification cards Integrated circuit cards Part 11: Personal verification through biometric methods
ISO/IEC 11770-3:2015 Information technology Security techniques Key management Part 3: Mechanisms using asymmetric techniques

View more information
Sorry this product is not available in your region.

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.

Need help?
Call us on 131 242, then click here to start a Screen Sharing session
so we can help right away! Learn more