EN 14890-1:2008

Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic services EN 14890-1:2008

Publication date:   Aug 21, 2009

General information

99.60 Withdrawal effective   Dec 10, 2014

CEN

CEN/TC 224 Personal identification and related personal devices with secure element, systems, operations and privacy in a multi sectorial environment

European Norm

35.240.15   Identification cards. Chip cards. Biometrics

Buying

Withdrawn

Language in which you want to receive the document.

Scope

Part 1 of this series specifies the application interface to Smart Cards during the usage phase, used as Secure Signature Creation Devices (SSCD) according to the Terms of the European Directive on Electronic Signature 1999/93 to enable interoperability and usage as SSCD on a national or European level.
This document describes the mandatory services for the usage of Smart Cards as SSCDs based on CEN CWA 14890. This covers the signing function, storage of certificates, the related user verification, establishment and use of trusted path and channel, requirements for key generation and the allocation and format of resources required for the execution of those functions and related cryptographic token information.
Thereby the functionality of CWA 14890-1 is enhanced in the following areas:
- Device authentication with Elliptic Curves (ELC) for existing asymmetric authentication protocols (RSA Transport, Privacy Protocol),
- Enhancement of existing asymmetric authentication protocols due to privacy and non-traceability constraints,
- Card Verifiable (CV) Certificate Formats (self descriptive) with ELC for all types of authentication and authorization protocols,
- Secure Messaging Tags and use of commands with Odd-INS Code in compliance to the actual ISO/IEC 7816-4,
- Further hash algorithms (SHA2–family) with corresponding Object identifier and Algorithm references,
- Use of AES in authentication protocols,
- Use of AES for secure messaging.
The following items are out of scope:
1) The physical, electrical and transport protocol characteristics of the card,
2) The external signature creation process and signature environment,
3) The elements required to verify an electronic signature produced by a card used as a SCCD,
4) The error handling process.

Life cycle

PREVIOUSLY

WITHDRAWN
CWA 14890-1:2004

NOW

WITHDRAWN
EN 14890-1:2008
99.60 Withdrawal effective
Dec 10, 2014

REVISED BY

WITHDRAWN
EN 419212-1:2014