1 1 Update: ISO/IEC 24727- Identification Cards - Integrated circuit cards programming interfaces Teresa Schwarzhoff, U.S. Department of Commerce Porvoo-12:

Slides:



Advertisements
Similar presentations
Digital Certificate Installation & User Guide For Class-2 Certificates.
Advertisements

Installation & User Guide
FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Status of U.S. Smart Card Deployment Jim Dray Porvoo 7/ World eID Meeting May 2005.
Digital Certificate Installation & User Guide For Class-2 Certificates.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Digital Certificate Installation & User Guide For Class-2 Certificates.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Status Report of the Study Group on MDR/MFI Implemenations ISO/IEC JTC 1/SC 32/WG2 Interim Meeting Santa Fe, NM, USA, November 11~15, 2013 Dongwon Jeong,
The Austrian Governmental eDelivery System Technical Aspects Ankara, March 17th, 2015 Christian Maierhofer, EGIZ The E-Government Innovation Center is.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Update on European Citizen Card: Part 4 Kristina Unverricht Consumer Council of DIN, Germany Chairperson of ANEC Information Society Working Group October.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
ISO/IEC JTC1 SC37 Overview
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)
Federal Information Processing Standard (FIPS) 201, Personal Identity Verification for Federal Employees and Contractors Tim Polk May.
PIV Data Model Testing Ketan Mehta March 3, 2006.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All ITU-T Identity Management Update Bilel Jamoussi, Chief, SGD/TSB ITU Abbie Barbir, Q10/17 Rapporteur.
FIT3105 Smart card based authentication and identity management Lecture 4.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Country Update: Austria Herbert Leitold Secure Information Technology Center - Austria
Security and DICOM Lawrence Tarbox, Ph.D. Chair, DICOM Working Group 14 Siemens Corporate Research.
Vilnius, October 21st, 2002 © eEurope SmartCards Securing a Telework Infrastructure: Smart.IS - Objectives and Deliverables Dr. Lutz Martiny Co-Chairman,
Standards The standards landscape, with a focus on standards related to secure identity credentials and interoperability. Presented to the State of California.
8 Nob 06 / CEN/ISSS ETSI STF 305: Procedures for Handling Advanced Electronic Signatures on Digital Accounting CEN/ISSS Workshop.
Defence and Security Division SC37 Paris status report CEN Biometric Focus Group Brussels January 26th 2005.
Masud Hasan Secue VS Hushmail Project 2.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
© Copyright 2010 ecsec GmbH, All Rights Reserved. © 2013 Open eCard Team An extensible client platform for eID, signatures and more Tobias Wich, Moritz.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.
Special Publication : Interfaces for Personal Identity Verification Jim Dray NIST NPIVP Workshop March 3, 2006.
Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
Draft – discussion only Content Standards WG (Documents and Data) Proposed HITSC Workgroup Evolution 1 Architecture, Services & APIs WG Transport and Security.
TOSCA Technical Committee Kick-off December 12, 2011.
Web Security : Secure Socket Layer Secure Electronic Transaction.
XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.
Business and Systems Aligned. Business Empowered. TM Federal Identity Management Handbook May 5, 2005.
Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.
DICOM and ISO/TC215 Hidenori Shinoda Charles Parisot.
Slide 1© 2006 Human Factors Solutions ISO/IEC JTC 1 Special Working Group on Accessibility (SWG-A) JTC 1 SWG-A N DocumentPresentation Type.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
ISO/IEC JTC1 SC 32 WG1 eBusiness July 2007 JTC1 SC32 N1620.
9 th Open Forum on Metadata Registries Harmonization of Terminology, Ontology and Metadata 20th – 22nd March, 2006, Kobe Japan. Presentation Title: Day:
Ivo Rosol, OKsystem Middleware.
European Electronic Identity Practices CEN TC224 WG15 European Citizen Card Standard Speaker: L. Gaston AXALTO Date: 26 May 05.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Work Group / Work Item Proposal Slide 1 © 2012 oneM2M Partners oneM2M-TP oneM2M_Work_Group_Work_Item_Proposal Group name: Technical Plenary Source:
1 ISO/IEC JTC1/SC37 Standards A presentation of the family of biometric standards October 2008.
ISO/IEC JTC1 SC 32 WG1 eBusiness. WG 1 scope Standardization in the field of generic information technology standards for open electronic data interchange.
Overview of SC 32/WG 2 Standards Projects Supporting Semantics Management Open Forum 2005 on Metadata Registries 14:45 to 15:30 13 April 2005 Larry Fitzwater.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
1 Thuy, Le Huu | Pentalog VN Web Services Security.
Secure Identification of persons and objects in mobile applications
ISO Smart and Sustainable Cities developments
e-Health Platform End 2 End encryption
ISO Update and Priorities
Standards The standards landscape, with a focus on standards related to secure identity credentials and interoperability. Presented to the State of California.
NAAS 2.0 Features and Enhancements
ISO Update and Priorities
ISO Smart and Sustainable Cities developments
Presentation transcript:

1 1 Update: ISO/IEC Identification Cards - Integrated circuit cards programming interfaces Teresa Schwarzhoff, U.S. Department of Commerce Porvoo-12: Grossetto ITALY

2 2 Topics  Background/overview  ISO/IEC  Part 1  Part 2  Part 3  Part 4  Part 5  Conclusion

3 3 Topics  Background/overview  ISO/IEC  Part 1  Part 2  Part 3  Part 4  Part 5  Conclusion

4 4 ISO/IEC JTC 1 SC 17/WG 4/TF 9  ISO/IEC Joint Technical Committee 1 Sub Committee 17  ISO/IEC JTC1 SC 17/ WG 4  ISO/IEC work assigned to WG4 - Task Force 9 (TF9)  ISO/IEC built upon NIST smart card ‘interoperability’ specification  TF9 chaired by U.S. (NIST) and ANSI secretary  TF9 scope  Standardization of a set of structured programming interfaces for interactions between integrated circuit cards and external applications to include generic services for multi-sector use  Good technical expert representation in TF 9 -- includes Australia, France, Germany, Japan, UK, US, and TC 224/WG15

5 5 ISO/IEC multi-part standard ISO/IEC – Identification Cards - Integrated circuit cards programming interfaces Builds upon ISO/IEC 7816 Focuses on services and interfaces Card type neutral Contact and contactless agnostic eID: identification, authentication, and signature services Goal: Independent implementations that are interchangeable

6 6 Why ISO/IEC 24727?  Existing standards  Too many options  Focus on physical card  Lack of interface standardization  Simplification  Simplify developer’s life  Improve portability  Interoperability  Ubiquitous interoperability: what we are all trying to achieve but must be kept simple Interoperability and security and Conformance testing and privacy: “two” sides of the same coin

7 7 ISO/IEC 24727: A Standard in 5* Parts * To be discussed in future slide

8 8 Topics  Background/overview  ISO/IEC  Part 1  Part 2  Part 3  Part 4  Part 5  Conclusion

9 9 ISO/IEC  ISO/IEC Identification Cards - Integrated circuit cards programming interfaces – Part 1: Architecture  Overarching framework  Common terminology  Logical architecture for framework  Status  Published, available for purchase via your national body standards group or the ISO on-line store

10 ISO/IEC  ISO/IEC Identification Cards - Integrated circuit cards programming interfaces – Part 2: Generic card interface  Common card interface  7816 toolkit fine-tuning  Discovery mechanism  Card capability description (CCD)  Application capability description (ACD)  ISO/IEC  ISO/IEC  Status  FDIS ballot anticipated November 2007  Anticipate IS Spring 2008

11 ISO/IEC  ISO/IEC Identification Cards - Integrated circuit cards programming interfaces – Part 3: Application interface  New territory for smart card standards  Normative API/middleware  Normative authentication protocols  Normative Services  Connection  Card application discovery and retrieval  Identity  Cryptographic  Authorization  Status  Learning curve for committee technical experts: not about the ‘card’ but rather card-applications  FCD ballot launched last Friday, 14 September  Anticipate FDIS in Spring 2008

12 Example of actions for a service found in ISO/IEC : Connection service Initialize Terminate CardApplicationPath CardApplicationConnect CardApplicationDisconnect CardApplicationStartSession CardApplicationEndSession Authentication protocols PIN password symmetric key asymmetric key digital certificate biometric image or template pair of symmetric keys; e.g., one for encryption and one for message authentication code (MAC) generation

13 Name of authentication protocolGeneral definition of protocol ASYMMETRIC INTERNAL AUTHENTICATEFetch certificate Send challenge to be signed (on-card) Validate (off-card) signature based on certificate ASYMMETRIC EXTERNAL AUTHENTICATEFetch challenge Sign (off-card) and validate signature (on-card) SYMMETRIC INTERNAL AUTHENTICATESend challenge to be signed (on-card) Validate signature (off-card) SYMMETRIC EXTERNAL AUTHENTICATEFetch challenge Sign challenge (off-card) Validate signature (on-card) COMPAREMatch input parameter with marker PIN COMPAREMatch input parameter with marker and limiting number of incorrect compares – reset on successful compare BIOMETRIC COMPARETranslate input parameter to template form and compare with base template SYMMETRIC KEY NONCEMutual authenticate of card-application and client- application plus generation of session keys ANYBODYNULL authentication protocol

14 ISO/IEC  ISO/IEC Identification Cards - Integrated circuit cards programming interfaces – Part 4: API administration  Implementation details of Part 2 and Part 3 interactions  Normative security architecture and stack configurations  Normative IFD API  TLS protocol Status  FCD launched October 2007  FDIS anticipated Spring 2008

15 ISO/IEC  ISO/IEC Identification Cards - Integrated circuit cards programming interfaces – Part 5: Testing  Test requirements as technical text is developed  Testing levels and modular approach  Status  Parts 2, 3, and 4 maturity/stability prerequisite has been met  Part 5 WD under modification to reflect recent decisions on the three parts  TF 9 meeting - November  Goal: CD late Spring 2008

16 NEW: ISO/IEC  ISO/IEC Identification Cards - Integrated circuit cards programming interfaces – Part 6: Registration authority procedures for the authentication protocols for interoperability  Decision taken at recent WG 4 meeting to establish a RA for future ISO/IEC authentication protocols  RA streamlines introduction of new normative authentication protocols  Lead: Standards Australia

17 Topics  Background/overview  ISO/IEC  Part 1  Part 2  Part 3  Part 4  Part 5  Conclusion

18 ISO/IEC interoperability goals  Re-use of middleware and tokens  Independence of middleware  Independence of tokens  Independence of token administration  Independence of component certification

19 Challenges  Existing investments, application neutrality  Maintaining progress  ISO process  Learning curve – have reached the right side of the bell curve!  Sustain simple forward looking, verifiable approach  Avoid options; think beyond the ‘plastic’  Conformance testing  Global standard synchronization  Global eID projects  Standard activities in other areas

20 Who is using the standard?  Australia  Australian access card for social services  Queensland drivers license (trailblazer, beginning in 2005)  Europe  EU Citizen Card  German health card  US  Future migration for federal government credential mandated by FIPS 201 (PIV)

21 Contact Information: Teresa Schwarzhoff U.S. Department of Commerce, NIST Thank you. Questions…. The best standard is one in which everyone is equally happy (and unhappy).

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.