BS-EN-726-7-1999.pdf

| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BRITISH STANDARD BS EN 726-7:1999 The European Standard EN 726-7:1999 has the status of a British Standard ICS 35.240.15 NO COPYING WITHOUT BSI PERMISSION EXCEPT AS PERMITTED BY COPYRIGHT LAW Identification card systems Ð Telecommunications integrated circuit(s) cards and terminals Ð Part 7: Security module Licensed Copy: sheffieldun sheffieldun, na, Tue Nov 07 02:44:29 GMT+00:00 2006, Uncontrolled Copy, (c) BSI This British Standard, having been prepared under the direction of the DISC Board, was published under the authority of the Standards Committee and comes into effect on 15 November 1999 BSI 11-1999 ISBN 0 580 35472 5 BS EN 726-7:1999 Amendments issued since publication Amd. No.DateComments National foreword This British Standard is the English language version of EN 726-7:1999. The UK participation in its preparation was entrusted to Technical Committee IST/17, Identification cards and related devices, which has the responsibility to: Ð aid enquirers to understand the text; Ð present to the responsible European committee any enquiries on the interpretation, or proposals for change, and keep the UK interests informed; Ð monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee can be obtained on request to its secretary. Cross-references The British Standards which implement international or European publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled ªInternational Standards Correspondence Indexº, or by using the ªFindº facility of the BSI Standards Electronic Catalogue. A British Standard does not purport to include all the necessary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an inside front cover, the EN title page, pages 2 to 48, an inside back cover and a back cover. The BSI copyright notice displayed in this document indicates when the document was last issued. Licensed Copy: sheffieldun sheffieldun, na, Tue Nov 07 02:44:29 GMT+00:00 2006, Uncontrolled Copy, (c) BSI CEN European Committee for Standardization Comite  Europe Âen de Normalisation Europa Èisches Komitee fu Èr Normung Central Secretariat: rue de Stassart 36, B-1050 Brussels 1999 CEN All rights of exploitation in any form and by any means reserved worldwide for CEN national Members. Ref. No. EN 726-7:1999 E EUROPEAN STANDARDEN 726-7 NORME EUROPE ÂENNE EUROPA ÈISCHE NORM January 1999 ICS 35.240.15 Descriptors: telecommunications, IC cards, telecommunication terminals, safety, specifications English version Identification card systemsÐ Telecommunications integrated circuit(s) cards and terminalsÐ Part 7: Security module Syste Ámes de cartes d'identification Ð Cartes a Á circuit inte Âgre  et terminaux pour les te Âle Âcommunications Ð Partie 7: Module de se Âcurite  Identifikationskartensysteme Ð Chipkarten und Endgera Ète fu Èr Telekommunikationszwecke Ð Teil 7: Sicherheitsmodul This European Standard was approved by CEN on 1 January 1999. CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the Central Secretariat or to any CEN member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CEN member into its own language and notified to the Central Secretariat has the same status as the official versions. CEN members are the national standards bodies of Austria, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and United Kingdom. Licensed Copy: sheffieldun sheffieldun, na, Tue Nov 07 02:44:29 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Page 2 EN 726-7:1999 BSI 11-1999 Foreword This European Standard has been prepared by Technical Committee CEN/TC 224, Machine-readable cards, related device interfaces and operations, the Secretariat of which is held by AFNOR. This European Standard shall be given the status of a national standard, either by publication of an identical text or by endorsement, at the latest by July 1999, and conflicting national standards shall be withdrawn at the latest by July 1999. According to the CEN/CENELEC Internal Regulations, the national standards organizations of the following countries are bound to implement this European Standard: Austria, Belgium, Czech Republic, Denmark, Finland, France, Germany, Greece, Iceland, Ireland, Italy, Luxembourg, Netherlands, Norway, Portugal, Spain, Sweden, Switzerland and the United Kingdom. Contents Page Foreword2 1Scope3 2Normative references3 3Definitions and abbreviations3 3.1Definitions3 3.2Abbreviations5 4Physical characteristics of the SM6 5Electronic signals and transmission protocols6 6Logical model for SM6 7General concepts7 7.1General security principles7 7.1.1 Access conditions7 7.1.2 Sequence control7 7.2SM Life cycle7 7.3Configuration of the system7 7.4SM security functions9 8Description of the functions of a SM9 8.1Functions without MAC10 8.1.1 SELECT KEYSET10 8.1.2 DIVERSIFY KEYSET10 8.1.3 ASK PARAMETER10 8.2Functions used to compute a cryptogram or message authentication codes (MAC)11 8.2.1 COMPUTE LOAD KEY11 8.2.2 COMPUTE MAC12 8.2.3 COMPUTE CRYPTOGRAM13 8.3Functions verifying cryptograms or message authentication codes (MAC)14 8.3.1 VERIFY MAC14 8.3.2 UPDATE (SM)15 8.3.3 INCREASE (SM)15 8.3.4 DECREASE (SM)16 8.3.5 VERIFY CRYPTOGRAM17 8.4Functions for downloading of keys from the SM to the UC17 8.5Functionality on SM±EW interface17 8.6Linking functions with keys18 8.7Limitations of the usage of keys18 9Data elements18 9.1Data for SM identification18 9.1.1 SM identifier18 9.2UC data19 9.2.1 IC serial number of user card19 9.2.2 Application Expiry date19 9.2.3 Application Identifier (AID)19 9.2.4 Key file version19 9.2.5 Algorithm identifier19 9.2.6 Amount19 9.2.7 Value20 9.2.8 Type of units20 9.3Status conditions returned by the SM20 9.3.1 Functions versus possible status responses20 Annex A (normative) The case of a SM in the form of an IC card23 Annex B (informative) Example of scenarios for SM in the form of an IC card35 Annex C (informative) Bibliography48 Licensed Copy: sheffieldun sheffieldun, na, Tue Nov 07 02:44:29 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Page 3 EN 726-7:1999 BSI 11-1999 1 Scope This part of EN 726 specifies: Ð the minimum security requirements for a Security Module (SM); Ð the general card related functions embedded in the SM±terminal protocols including minimum data exchange; The data elements and cryptographic processing described in annex A for the case where the SM is an ICC should be supported if the SM is not an ICC or the configuration of the system, e.g. where the SM handles more than one terminal/user card. Configurations where the SM handles more than one terminal/user card are not fully specified in this standard. Further mechanisms may be required to enable these configurations; Ð the necessary security services and mechanisms to provide application and cryptographic security information for the processing of telecommunication transactions. considering several types of SMs at different locations in the system and different system configurations. This part of EN 726 allows interaction between the Integrated Circuit Card (IC card) and the SM via the terminal in a way that may be functionally transparent to the terminal and possibly also the network(s). This provides the flexibility to use different techniques, commands and message formats at the terminal±SM interface. This part of EN 726 supports IC cards with payment applications following EN 726-5 and all card applications following clauses 4 to 7 of this part of the standard. This part of EN 726 supports IC cards following EN 726-3:1994. Other telecommunication cards which are not in accordance with EN 726, e.g. simple memory cards, may also be supported by the SM described in this part. 2 Normative references This European Standard incorporates by dated or undated reference, provisions from other publications. These normative references are cited at the appropriate places in the text and the publications listed hereafter. For dated references, subsequent amendments to, or revisions of any of these publications apply to this European Standard only when incorporated in it by amendment or revision. For undated references the latest edition of the publication referred to applies. EN 726-2:1995, Identification card systems Ð Telecommunications integrated circuit(s) cards and terminals Ð Part 2: Security framework. EN 726-3:1994, Identification card systems Ð Telecommunications integrated circuit(s) cards and terminals Ð Part 3: Application independent card requirements. EN 726-5, Identification card systems Ð Telecommunications integrated circuit(s) cards and terminals Ð Part 5: Payment methods. EN 24217, Codes for the representation of currencies and funds. (ISO 4217:1990) EN ISO/IEC 7816-4, Information technology Ð Identification cards Ð Integrated circuit(s) cards with contacts Ð Part 4: Interindustry commands for interchange. (ISO/IEC 7816-4:1995) EN ISO/IEC 7816-5, Identification cards Ð Integrated circuit(s) cards with contacts Ð Part 5: Numbering system and registration procedure for application identifiers. (ISO/IEC 7816-5:1994) ISO 10202-4, Financial transactions cards Ð Security architecture of financial transaction systems using integrated circuit cards Ð Part 4: Secure application modules. 3 Definitions and abbreviations 3.1 Definitions For the purposes of this standard, the following definitions apply: 3.1.1 access conditions (AC) a set of security attributes associated to a file 3.1.2 application an application consists of a set of security mechanisms, files, data and protocols (excluding transmission protocols) which are located and used in the IC card and outside the IC card (external application) Licensed Copy: sheffieldun sheffieldun, na, Tue Nov 07 02:44:29 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Page 4 EN 726-7:1999 BSI 11-1999 3.1.3 application provider (AP) the entity which is responsible for the application after its allocation. One AP may have several applications in one card. The files allocated in the card corresponding to one application are called a card-application. There may exist several applications on a given card from the same application provider or from several application providers 3.1.4 application session a link between the card application part and the external world application part of the same application 3.1.5 application specific command set (ASC) to a DF can be associated, optionally, an ASC-set (an application specific command set and/or an application specific program). This means that when selecting this application, the general command set is extended or modified by this specific command set. The ASC is valid for the whole subtree of this application unless there are other ASCs defined at the lower levels of this application 3.1.6 card a multi-application card can be considered as a set of files, some of them shared by the different application providers and/or the card issuer, other files owned exclusively by the different application providers or the card issuer. Files can, e.g. be read, written or executed 3.1.7 dedicated file (DF) a file containing AC and allocatable memory. It may be the parent of elementary files and/or dedicated files 3.1.8 elementary file (EF) a file containing AC, data or a program and no other files, as: Ð EFDIRis an elementary file at the master file or at DF level, which contains a list of all, or part of, available applications in the card; Ð EFIDis an elementary file at the master file level, containing the identification number of the card Ð EFICCis an elementary file at the master file level, containing general information concerning the IC and IC card; Ð EFKEY_OPis an elementary file containing operational keys; Ð EFKEY_MANis an elementary file containing management keys; Ð EFDIK_OPis an elementary file containing diversified operational keys; Ð EFDIK_MANis an elementary file containing diversified management keys. 3.1.9 file identifier (ID) each file (MF, DF, EF) has an identifier consisting of 2 bytes 3.1.10 file qualifier first byte of the file identifier 3.1.11 master file (MF) the mandatory unique file representing the root of the file structure and containing AC and allocatable memory. It may be the parent of elementary files and/or dedicated files 3.1.12 operating system that which is required to manage the logical resources of a system, including process scheduling and file management Licensed Copy: sheffieldun sheffieldun, na, Tue Nov 07 02:44:29 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Page 5 EN 726-7:1999 BSI 11-1999 3.1.13 path concatenation of file identifiers without delimitation 3.1.14 secrets algorithm(s), related key(s), security procedures and information 3.1.15 security module a device containing logically and physically protected secrets Ð algorithm(s), related key(s), security procedures and information to protect applications in such a way that unauthorized access is not feasible. In order to achieve this the module may in addition be further physically, electrically and logically protected 3.1.16 security module provider see ISO 10202-4 3.1.17 sequence control a feature assuring that operations, invoked by commands, can only be performed by the SM in allowed, predefined order(s) 3.2 Abbreviations ACAccess Condition AIDApplication Identifier AUTAuthenticated CHVCard Holder Verification information DFDedicated File EFElementary File EWExternal World ICIntegrated Circuit ICCIntegrated Circuit Card IDIdentifier of a file IFDInterface Device INT.AUTHInternal Authentication INVInvalidate LENLength MACMessage Authentication MFMaster File NEVNever PROProtected RANRandom REHRehabilitate RFUReserved for Future Use SMSecurity Module UCUser Card Licensed Copy: sheffieldun sheffieldun, na, Tue Nov 07 02:44:29 GMT+00:00 2006, Uncontrolled Copy, (c) BSI Page 6 EN 726-7:1999 BSI 11-1999 4 Physical characteristics of the SM If the SM is an IC card the physical characteristics shall be in accordance with clause 4 of EN 726-3:1994. For any other case the physical characteristics are out of the sc