EN 14890-1:2008

Foreword
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviations
5 Signature application
   5.1 Application Flow
   5.2 Trusted environment versus untrusted environment
   5.3 Selection of ESIGN application
   5.4 Selection of cryptographic information application
   5.5 Concurrent usage of signature applications
   5.6 Security environment selection
   5.7 Key selection
   5.8 Basic Security Services
6 User verification
   6.1 General
   6.2 Knowledge based user verification
   6.3 Biometric user verification
7 Digital Signature Service
   7.1 Signature generation algorithms
   7.2 Activation of digital signature service
   7.3 General aspects
   7.4 Signature Generation
   7.5 Selection of different keys, algorithms and input formats
   7.6 Read certificates and certificate related information
8 Device authentication
   8.1 Certification authorities and certificates
   8.2 Authentication environments
   8.3 Key transport and key agreement mechanisms
   8.4 Key transport protocol based on RSA
   8.5 Device authentication with privacy protection
   8.6 Privacy constrained Modular EAC (mEAC) protocol with
         non-traceability feature (based on elliptic curves)
   8.7 Asymmetric Authentication summary
   8.8 Symmetric authentication scheme
   8.9 Compute Session keys from key seed K[IFD/ICC]
   8.10 Compute send sequence counter SSC
   8.11 Post-authentication phase
   8.12 Ending the secure session
   8.13 Reading the Display Message
   8.14 Updating the Display Message
9 Secure messaging
   9.1 CLA byte
   9.2 TLV coding of command and response message
   9.3 Treatment of SM-Errors
   9.4 Padding for checksum calculation
   9.5 Send sequence counter (SSC)
   9.6 Message structure of Secure Messaging APDUs
   9.7 Response APDU protection
   9.8 Use of TDES and AES
10 Key Generation
   10.1 Key generation and export using PrK.ICC.AUT
   10.2 Key generation and export with dynamic or static SM
   10.3 Write certificates
   10.4 Setting keys in static secure messaging
11 Key identifiers and parameters
   11.1 Key identifiers
   11.2 Public Key parameters
   11.3 DSA with ELC public key parameters
   11.4 RSA Diffie-Hellman key exchange parameters
   11.5 ELC key exchange parameters
12 Data structures
   12.1 CRTs
   12.2 Key transport device authentication protocol
   12.3 Privacy device authentication protocol
13 AlgIDs, Hash- and DSI Formats
   13.1 Algorithm Identifiers and OIDs
   13.2 Hash Input-Formats
   13.3 Formats of the Digital Signature Input (DSI)
14 CV_Certificates and Key Management
   14.1 Level of trust in a certificate
   14.2 Key Management
   14.3 Card Verifiable Certificates
   14.4 Use of the public key extracted from the certificate
   14.5 Validity of the key extracted from a certificate
   14.6 Structure of CVC
   14.7 Certificate Content
   14.8 Certificate signature
   14.9 Coding of the certificate content
   14.10 Steps of CVC verification
   14.11 Commands to handle the CVC
   14.12 C_CV.IFD.AUT (non self-descriptive)
   14.13 C_CV.CA.CS-AUT (non self-descriptive)
   14.14 C.ICC.AUT
   14.15 Self-descriptive CV Certificate (Example)
15 Files
   15.1 File structure
   15.2 File IDs
   15.3 EF.DIR
   15.4 EF.SN.ICC
   15.5 EF.DH
   15.6 EF.ELC
   15.7 EF.C.ICC.AUT
   15.8 EF.C.CA[ICC].CS-AUT
   15.9 EF.C_X509.CH
   15.10 EF.C_X509.CA.CS (DF.ESIGN)
   15.11 EF.DM
16 Cryptographic Information Application
   16.1 ESIGN cryptographic information layout example
Annex A (informative) - Device authentication - Cryptographic
        view
   A.1 Algorithms for authentication with key exchange or key
       negotiation
   A.2 Device authentication with key transport
       A.2.1 Conformance to ISO/IEC 11770-3
       A.2.2 Using min(SIG, N-SIG) for the signature token
   A.3 Device authentication with key negotiation
       A.3.1 Diffie-Hellman Key Exchange
   A.4 Device authentication with privacy protection
       A.4.1 The authenticity of the public DH parameters
   A.5 Device authentication with non traceability
       A.5.1 Diffie-Hellman Key Exchange
   A.6 The 'Grandmaster Chess Attack'
Annex B (informative) - Personalization scenarios
Annex C (informative) - Build scheme for mEAC Object Identifiers
Bibliography

Part 1 of this series specifies the application interface to Smart Cards during the usage phase, used as Secure Signature Creation Devices (SSCD) according to the Terms of the European Directive on Electronic Signature 1999/93 to enable interoperability and usage as SSCD on a national or European level.This document describes the mandatory services for the usage of Smart Cards as SSCDs based on CEN CWA 14890. This covers the signing function, storage of certificates, the related user verification, establishment and use of trusted path and channel, requirements for key generation and the allocation and format of resources required for the execution of those functions and related cryptographic token information.Thereby the functionality of CWA 14890-1 is enhanced in the following areas:- Device authentication with Elliptic Curves (ELC) for existing asymmetric authentication protocols (RSA Transport, Privacy Protocol),- Enhancement of existing asymmetric authentication protocols due to privacy and non-traceability constraints,- Card Verifiable (CV) Certificate Formats (self descriptive) with ELC for all types of authentication and authorization protocols,- Secure Messaging Tags and use of commands with Odd-INS Code in compliance to the actual ISO/IEC 7816-4,- Further hash algorithms (SHA2–family) with corresponding Object identifier and Algorithm references,- Use of AES in authentication protocols,- Use of AES for secure messaging.The following items are out of scope:1)The physical, electrical and transport protocol characteristics of the card,2)The external signature creation process and signature environment,3)The elements required to verify an electronic signature produced by a card used as a SCCD,4)The error handling process.