DD-CEN-TS-15480-1-2007.pdf

DRAFT FOR DEVELOPMENT DD CEN/TS 15480-1:2007 Identification card systems European Citizen Card Part 1: Physical, electrical and transport protocol characteristics ICS 35.240.15 ? Licensed Copy: London South Bank University, London South Bank University, Wed May 16 03:43:15 GMT+00:00 2007, Uncontrolled Copy, (c) BSI DD CEN/TS 15480-1:2007 This Draft for Development was published under the authority of the Standards Policy and Strategy Committee on 31 May 2007 © BSI 2007 ISBN 978 0 580 50660 4 National foreword This Draft for Development was published by BSI. It is the UK implementation of CEN/TS 15480-1:2007. This publication is not to be regarded as a British Standard. It is being issued in the Draft for Development series of publications and is of a provisional nature. It should be applied on this provisional basis, so that information and experience of its practical application can be obtained. Comments arising from the use of this Draft for Development are requested so that UK experience can be reported to the European organization responsible for its conversion to a European standard. A review of this publication will be initiated not later than 3 years after its publication by the European organization so that a decision can be taken on its status. Notification of the start of the review period will be made in an announcement in the appropriate issue of Update Standards. According to the replies received by the end of the review period, the responsible BSI Committee will decide whether to support the conversion into a European Standard, to extend the life of the Technical Specification or to withdraw it. Comments should be sent to the Secretary of the responsible BSI Technical Committee at British Standards House, 389 Chiswick High Road, London W4 4AL. The UK participation in its preparation was entrusted to Technical Committee IST/17, Cards and personal identification. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. Amendments issued since publication Amd. No. DateComments Licensed Copy: London South Bank University, London South Bank University, Wed May 16 03:43:15 GMT+00:00 2007, Uncontrolled Copy, (c) BSI TECHNICAL SPECIFICATION SPÉCIFICATION TECHNIQUE TECHNISCHE SPEZIFIKATION CEN/TS 15480-1 April 2007 ICS 35.240.15 English Version Identification card systems - European Citizen Card - Part 1: Physical, electrical and transport protocol characteristics Systèmes des cartes d'identification - Carte Européenne du Citoyen - Partie 1: Caractéristiques physiques, électriques et protocoles de transmission Identifikationskartensysteme - Europäische Bürgerkarte - Teil 1: Physikalische, elektrische und transportprotokollbezogene Merkmale This Technical Specification (CEN/TS) was approved by CEN on 17 July 2006 for provisional application. The period of validity of this CEN/TS is limited initially to three years. After two years the members of CEN will be requested to submit their comments, particularly on the question whether the CEN/TS can be converted into a European Standard. CEN members are required to announce the existence of this CEN/TS in the same way as for an EN and to make the CEN/TS available promptly at national level in an appropriate form. It is permissible to keep conflicting national standards in force (in parallel to the CEN/TS) until the final decision about the possible conversion of the CEN/TS into an EN is reached. CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom. EUROPEAN COMMITTEE FOR STANDARDIZATION COMITÉ EUROPÉEN DE NORMALISATION EUROPÄISCHES KOMITEE FÜR NORMUNG Management Centre: rue de Stassart, 36 B-1050 Brussels © 2007 CENAll rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. CEN/TS 15480-1:2007: E Licensed Copy: London South Bank University, London South Bank University, Wed May 16 03:43:15 GMT+00:00 2007, Uncontrolled Copy, (c) BSI 2 Contents Page Foreword.3 Introduction 4 1 Scope5 2 Normative references.5 3 Terms and definitions6 4 Symbols and abbreviations.12 5 Definition, use and functions of the European Citizen Card (ECC) .13 5.1 General .13 5.2 Compliance with public administration requirements and citizen expectations.14 5.3 Citizen privacy protection14 5.4 Identifying a ECC holder14 5.5 European Citizen Cards functions 15 6 ECC physical characteristics.15 6.1 General .15 6.2 Materials.16 6.3 ECC physical security elements16 6.4 ECC security evaluation 18 7 Electrical characteristics .18 7.1 Dimensions and location of the contacts or coupling area .18 7.2 The contact interface .18 7.3 Contactless interface.18 8 Transport protocols .18 9 Terminal characteristics 19 Annex A (informative) General card design (with reference to Directive 96/47/EC relating to European driving licences)20 Annex B (informative) Methodology for the design of ECC durability testing23 B.1 General .23 B.2 Introduction23 B.3 Vocabulary24 B.4 Methodology for ECC durability24 B.5 Core test sequence requirements .29 B.6 Individual tests relevant for the ECC.30 B.7 Examples of mission profile calculations for the ECC.35 Annex C (informative) Security requirements for the ECC as a travel document (Council Regulation on e-passports and travel documents) .39 C.1 Material.39 C.2 Biographical data page39 C.3 Printing techniques40 C.4 Protection against copying40 C.5 Issuing technique.41 Bibliography42 CEN/TS 15480-1:2007 Licensed Copy: London South Bank University, London South Bank University, Wed May 16 03:43:15 GMT+00:00 2007, Uncontrolled Copy, (c) BSI 3 Foreword This document (CEN/TS 15480-1:2007) has been prepared by Technical Committee CEN/TC 224 “Personal identification, electronic signature and cards and their related systems and operations”, the secretariat of which is held by AFNOR. CEN/TS 15480, Identification card systems European Citizen Card consists of the following parts: Part 1: Physical, electrical and transport protocol characteristics Part 2: Logical data structures and card services Part 3: ECC interoperability using an application interface Part 4: Recommendations for ECC issuance, operation and use According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to announce this CEN Technical Specification: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland and United Kingdom. CEN/TS 15480-1:2007 Licensed Copy: London South Bank University, London South Bank University, Wed May 16 03:43:15 GMT+00:00 2007, Uncontrolled Copy, (c) BSI 4 Introduction This Technical Specification describes the specifications for the European Citizen Card (ECC) including electronic identity cards, with smart card format, defining identity justification with emphasis on remote civil service procedures. This proposal is intended to comply with the scope of the NWI ECC as defined by the terms of reference document approved by the CEN/TC 224 Resolution 667/2004. This Technical Specification is one of a set of documents describing card specifications. It defines identity justification functions, with emphasis on remote public service procedures requiring the generation and/or verification by the ECC card of electronic signatures and electronic certificates. CEN/TS 15480-1:2007 Licensed Copy: London South Bank University, London South Bank University, Wed May 16 03:43:15 GMT+00:00 2007, Uncontrolled Copy, (c) BSI 5 1 Scope This Technical Specification specifies Electronic Citizen Card (ECC) requirements .The ECC, is a smart card issued under the authority of a government institution, either national or local and carries credentials in order to provide all or part of the following services: 1) verify the identity; 2) act as an Inter-European Union travel document; 3) facilitate logical access to e-government or local administration services. A public administration authority may entitle a private organisation to provide all or part of the ECC services. This Technical Specification is intended to offer the card issuer with a great deal of flexibility for the ECC specification, in connection with the services that the ECC provides, the authentication mechanisms supported and the national specific public policy with an special concern to protect the citizen privacy according to the applicable European legislation. The requirements described in this Technical Specification are used to: a) define a plastic body card with associated physical and logical securities; b) specify the electrical interface and data transport protocols for the ECC; c) support the basic set of Identification and, authentication elements visible at the card surface. This Technical Specification also contains a possible methodology for ECC durability testing in informative Annex B. This Technical Specification refers to the European legislation and regulations in effect. 2 Normative references The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies. ISO/IEC 7810, Identification cards Physical characteristics ISO/IEC 7816-1, Identification cards Integrated circuit(s) card(s) with contacts Part 1: Physical characteristics ISO/IEC 7816-2, Identification cards Integrated circuit cards Part 2: Cards with contacts Dimensions and location of the contacts ISO/IEC 7816-3, Identification cards - Integrated circuit cards - Part 3: Cards with contacts - Electrical interface and transmission protocols ISO/IEC 7816-4, Identification cards Integrated circuit(s) cards Part 4: Organization, security and commands for interchange CEN/TS 15480-1:2007 Licensed Copy: London South Bank University, London South Bank University, Wed May 16 03:43:15 GMT+00:00 2007, Uncontrolled Copy, (c) BSI 6 ISO/IEC 7816-5, Identification cards Integrated circuit cards Part 5: Registration of application identifiers ISO/IEC 7816-6, Identification cards Integrated circuit cards Part 6: Interindustry data elements for interchange ISO/IEC 7816-7, Identification cards Integrated circuit(s) cards with contacts Part 7: Interindustry commands for Structured Card Query Language (SCQL) ISO/IEC 7816-8, Identification cards Integrated circuit cards Part 8: Commands for security operations ISO/IEC 7816-9, Identification cards Integrated circuit cards Part 9: Commands for card management ISO/IEC 7816-10, Identification cards Integrated circuit(s) cards with contacts Part 10: Electronic signals and answer to reset for synchronous cards ISO/IEC 7816-11, Identification cards Integrated circuit cards Part 11: Personal verification through biometric methods ISO/IEC 7816-12, Identification cards Integrated circuit cards Part 12: Cards with contact USB electrical interface and operating procedures ISO/IEC 7816-15, Identification cards Integrated circuit cards Part 15: Cryptographic information application ISO/IEC 10373-3, Identification cards Test methods Part 3: Integrated circuit(s) cards with contacts and related interface devices ISO/IEC 10373-6, Identification cards Test methods Part 6: Proximity cards ISO/IEC 14443-1, Identification cards Contactless integrated circuit(s) cards Proximity cards Part 1: Physical characteristics ISO/IEC 14443-2, Identification cards Contactless integrated circuit(s) cards Proximity cards Part 2: Radio frequency power and signal interface ISO/IEC 14443-3, Identification cards Contactless integrated circuit(s) cards Proximity cards Part 3: Initialization and anticollision ISO/IEC 14443-4, Identification cards Contactless integrated circuit(s) cards Proximity cards Part 4: Transmission protocol ICAO 9303, Part 1, Machine Readable Passports ICAO 9303, Part 2, Machine Readable Visas ICAO 9303, Part 3, Machine Readable Official Documents of Identity 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. CEN/TS 15480-1:2007 Licensed Copy: London South Bank University, London South Bank University, Wed May 16 03:43:15 GMT+00:00 2007, Uncontrolled Copy, (c) BSI 7 3.1 access control mechanism for limiting the use of some ECC resources to authorized users, based on the privilege attributes of the requester and control attributes of the requested resource. Access control mechanisms may be used to protect disclosure of private sensitive data stored in the ECC 3.2 alteration fraudulent action of changing a part of an original document, e.g. by changing the biographical data of the document holder 3.3 application data structure, data elements and program modules needed for a specific functionality to be satisfied 3.4 authentication provision of assurance of the claimed identity of an entity ISO/IEC 10181-2:1996 3.5 authorization right or permission that is granted to the ECC holder after its successful authentication 3.6 card holder legal holder of the ECC 3.7 card issuing authority entity that issues the ECC 3.8 Certification Authority (CA) means an entity or a legal or natural person who issues certificates or provides other services related to electronic signatures Directive 1999/93/EC 3.9 checking the authenticity of the issuing authority verifying the authenticity of the card, verifying that the card is compliant with Civil Service specifications; verifying the issuing authority; identifying the ECC by its intrinsic properties. The authenticity inspection may be conducted using resources such as a magnifying glass, UV lamp, digital fingerprint sensor, micromodule reader etc. CEN/TS 15480-1:2007 Licensed Copy: London South Bank University, London South Bank University, Wed May 16 03:43:15 GMT+00:00 2007, Uncontrolled Copy, (c) BSI 8 3.10 counterfeiting unauthorized document that has the same security characteristics as the original document ones and that cannot be distinguished from a legitimate one. For instance a card made from a blank stolen document 3.11 credentials known data attesting to the truth of certain citizen identity attributes and stored in the ECC 3.12 electronic certificate means an electronic attestation which links signature-verification data to a person