DIN EN 14890-1 E : 2009
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
01-03-2015
12-01-2013
Foreword<br>1 Scope<br>2 Normative references<br>3 Terms and definitions<br>4 Symbols and abbreviations<br>5 Signature application<br> 5.1 Application Flow<br> 5.2 Trusted environment versus untrusted environment<br> 5.3 Selection of ESIGN application<br> 5.4 Selection of cryptographic information application<br> 5.5 Concurrent usage of signature applications<br> 5.6 Security environment selection<br> 5.7 Key selection<br> 5.8 Basic Security Services<br>6 User verification<br> 6.1 General<br> 6.2 Knowledge based user verification<br> 6.3 Biometric user verification<br>7 Digital Signature Service<br> 7.1 Signature generation algorithms<br> 7.2 Activation of digital signature service<br> 7.3 General aspects<br> 7.4 Signature Generation<br> 7.5 Selection of different keys, algorithms and input formats<br> 7.6 Read certificates and certificate related information<br>8 Device authentication<br> 8.1 Certification authorities and certificates<br> 8.2 Authentication environments<br> 8.3 Key transport and key agreement mechanisms<br> 8.4 Key transport protocol based on RSA<br> 8.5 Device authentication with privacy protection<br> 8.6 Privacy constrained Modular EAC (mEAC) protocol with<br> non-traceability feature (based on elliptic curves)<br> 8.7 Asymmetric Authentication summary<br> 8.8 Symmetric authentication scheme<br> 8.9 Compute Session keys from key seed K[IFD/ICC]<br> 8.10 Compute send sequence counter SSC<br> 8.11 Post-authentication phase<br> 8.12 Ending the secure session<br> 8.13 Reading the Display Message<br> 8.14 Updating the Display Message<br>9 Secure messaging<br> 9.1 CLA byte<br> 9.2 TLV coding of command and response message<br> 9.3 Treatment of SM-Errors<br> 9.4 Padding for checksum calculation<br> 9.5 Send sequence counter (SSC)<br> 9.6 Message structure of Secure Messaging APDUs<br> 9.7 Response APDU protection<br> 9.8 Use of TDES and AES<br>10 Key Generation<br> 10.1 Key generation and export using PrK.ICC.AUT<br> 10.2 Key generation and export with dynamic or static SM<br> 10.3 Write certificates<br> 10.4 Setting keys in static secure messaging<br>11 Key identifiers and parameters<br> 11.1 Key identifiers<br> 11.2 Public Key parameters<br> 11.3 DSA with ELC public key parameters<br> 11.4 RSA Diffie-Hellman key exchange parameters<br> 11.5 ELC key exchange parameters<br>12 Data structures<br> 12.1 CRTs<br> 12.2 Key transport device authentication protocol<br> 12.3 Privacy device authentication protocol<br>13 AlgIDs, Hash- and DSI Formats<br> 13.1 Algorithm Identifiers and OIDs<br> 13.2 Hash Input-Formats<br> 13.3 Formats of the Digital Signature Input (DSI)<br>14 CV_Certificates and Key Management<br> 14.1 Level of trust in a certificate<br> 14.2 Key Management<br> 14.3 Card Verifiable Certificates<br> 14.4 Use of the public key extracted from the certificate<br> 14.5 Validity of the key extracted from a certificate<br> 14.6 Structure of CVC<br> 14.7 Certificate Content<br> 14.8 Certificate signature<br> 14.9 Coding of the certificate content<br> 14.10 Steps of CVC verification<br> 14.11 Commands to handle the CVC<br> 14.12 C_CV.IFD.AUT (non self-descriptive)<br> 14.13 C_CV.CA.CS-AUT (non self-descriptive)<br> 14.14 C.ICC.AUT<br> 14.15 Self-descriptive CV Certificate (Example)<br>15 Files<br> 15.1 File structure<br> 15.2 File IDs<br> 15.3 EF.DIR<br> 15.4 EF.SN.ICC<br> 15.5 EF.DH<br> 15.6 EF.ELC<br> 15.7 EF.C.ICC.AUT<br> 15.8 EF.C.CA[ICC].CS-AUT<br> 15.9 EF.C_X509.CH<br> 15.10 EF.C_X509.CA.CS (DF.ESIGN)<br> 15.11 EF.DM<br>16 Cryptographic Information Application<br> 16.1 ESIGN cryptographic information layout example<br>Annex A (informative) - Device authentication - Cryptographic<br> view<br> A.1 Algorithms for authentication with key exchange or key<br> negotiation<br> A.2 Device authentication with key transport<br> A.2.1 Conformance to ISO/IEC 11770-3<br> A.2.2 Using min(SIG, N-SIG) for the signature token<br> A.3 Device authentication with key negotiation<br> A.3.1 Diffie-Hellman Key Exchange<br> A.4 Device authentication with privacy protection<br> A.4.1 The authenticity of the public DH parameters<br> A.5 Device authentication with non traceability<br> A.5.1 Diffie-Hellman Key Exchange<br> A.6 The 'Grandmaster Chess Attack'<br>Annex B (informative) - Personalization scenarios<br>Annex C (informative) - Build scheme for mEAC Object Identifiers<br>Bibliography<br>National Annex NA (informative) Bibliography
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.