BS ISO IEC 18328-3 pdf download.Identification cards — ICC- managed devices
1 Scope
This document specifies the logical interface of an application supporting the necessary security features in a card‑IC which communicates with the external world by a physical interface supporting APDUs. This application supports the usage of electronic devices. This involves the design of commands, data structures and security mechanisms which are required to handle the data and handling the additional devices itself. The handling of the additional devices is always controlled by the card‑IC. External inputs or outputs shall be managed by the existing interfaces. This document deals not with physical characteristics of the card and interface technology, but only with the logical aspects. Management of data for additional devices that is not subdued by the COS or application control is out of the scope of this document. Definitions of coding requirement for “trust assessment” of the managed data like warning, font, colour etc. is in the scope of this document. A description of the logical internal interface functionality used by the COS or by device drivers, if any, is also part of this document. Due to the fact that relevant technologies may evolve or be adopted very fast, this document defines commands and structures supporting extensions and adaptations.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses: — IEC Electropedia: available at http://www.electropedia.org/ — ISO Online browsing platform: available at http://www.iso.org/obp 3.1 access rule data element containing an access mode referring to an action and security conditions to fulfil before acting 3.2 application structures, data elements and program modules needed for performing a specific functionality 3.3 button tactile device used for a singular input 3.4 card-IC integrated circuit with COS 3.5 command-response pair set of two messages at the interface EXAMPLE A command APDU followed by a response APDU in the opposite direction. 3.6 data element item of information seen at the interface for which are specified a name, a description of logical content, a format and a coding 3.7 data object information seen at the interface consisting of the concatenation of a mandatory tag field, a mandatory length field and a conditional value field 3.8 device additional electronic feature used as an extension of the ICC 3.9 device driver part of the operating system which provides the required functionality and interfaces to the additional devices on ICC 3.10 device identifier data element used to reference a device 3.11 device handle logic data element used to work with a selected device 3.12 device manager entity in an ICC which controls the device operation 3.13 device unit electronic system providing all relevant entities to work with the device on the card EXAMPLE Connections, driver‑microcontroller, etc. 3.14 EF.ATR/INFO optional EF indicating operating characteristics of the card, also known as Information file 3.15 electronic display electronic device transporting optical information 3.16 file structure for application and/or data in the card, as seen at the interface when processing commands 3.17 identification card card identifying its holder and issuer, which may carry data required as input for the intended use of the card and for transactions based thereon 3.18 interindustry occurring, existing or using between two or more industries 3.19 key sequence of symbols controlling a cryptographic operation EXAMPLE Encipherment, decipherment, a private or a public operation in a dynamic authentication, signature generation production, signature verification. 3.20 keypad array of several buttons organized as one entity 3.21 payload data of arbitrary length, to be sent to the card or by the card, in order to be processed together 3.22 record string of bytes stored within EF, referenced and handled as a unit 3.23 secure messaging set of means for cryptographic protection of (parts of) command‑response pairs 3.24 security attribute condition of use of objects in the card including stored data and data processing functions, expressed as a data element containing one or more access rules 3.25 secure element tamper-resistant ICC in a different form factor securely hosting applications and their confidential and cryptographic data 3.26 security environment set of components required by an application in the card for secure messaging or for security operations 3.27 structure DF, EF, record, Data String or DO 3.28 template concatenation of BER-TLV data objects, forming the value field of a constructed BER-TLV data object
BS ISO IEC 18328-3 pdf download
