January 2011ETSI Security Workshop

CEN/TC224: Standards for eBusiness and eGovernment

Dominique LescribaaCEN TC 224 ChairmanGIE Cartes Bancaires

CEN/TC 224 General information

Title

Personal identification, electronic signature, cards and their related systems and

operations

History

TC 224 was set up in 1990 and has initially produced standards in the area of general

card characteristics and technologies, user interface, inter-sector electronic purse,

telecommunications integrated circuit cards and terminals, surface transport

2

telecommunications integrated circuit cards and terminals, surface transport

applications

In 2003 and 2005, CEN/TC 224 has extended its scope to e-signature and

e-government

Since 2010, develop some biometric standards

Base objective

To define the necessary standards to be used to perform the desired level of

commercial interoperability for machine readable cards, related device interfaces and

operations in Europe

Business, European Government and consumers needs

Increase confidence in business relation and e-administration:Electronic commerceElectronic Signature Framework (new EC mandate)

Reinforce societal and citizen security in Europe (new EC mandate)

Reinforce the identification of European citizen:

3

Enlargement of the European UnionAutomatic border-crossing,Biometric application interoperability

Interoperable public transport applications

Confidence of consumers in respect of security, privacy, quality andergonomics, requirement for people with special needs

Business Environment5.2 Billion Smart Cards Shipped in 2009

Europe represents near 60% of IC cards of the world market

Number of application sectors (banking, telecommunications, healthcare, transport, pay TV, retail shopping, access control, E -Government, border control...)

4

retail shopping, access control, E -Government, border control...)

Parties involved: � Industry of cards and related

devices, � cryptographic and security

developers,� operators of the various

application sectors,� Public authorities, Consumers� …

CEN TC 224 Standardisation needsSince 1990, more than 60 standards were adopted

Confidence of consumers in respect of security, quality and ergonomics

Stable and reliable electronic signature

Authenticate the authorized entity

Reinforce the identification of

European citizen

5

To define the necessary standards to be used to perform the desired level of commercial interoperability in Europe, considering its very significant position in

the international market.

Protect personal data and privacy

Harmonise some payments

related transactions

International cooperation and liaisons with TC224

ISO/IEC/JTC1 SCs•SC 17 (cards and related application)���� contact less cards, Passports, visas…

•SC 27 (Security of Information)���� Common criteria, Electronic

signature, Protection of personal data, crypto…•SC 31 (Automatic Indentification)����RFID

UIT

6

CEN TC 224ETSI(TC ESI…)

EPCVISA/MASTERCARD

Global PlatformANEC

ISO TC 68financial transactions

����RFID•SC 37 (Biometric) ���� Biometric

To help protect your privacy, PowerPoint prevented this external picture from being automatically downloaded. To download and display this picture, click Options in the Message Bar, and then click Enable external content.

WG 15European Citizen

Card

Working groups of CEN/TC 224

WG 6User Interface

WG 11Surface Transport

Applications

7

L. GASTONFRANCE

WG 16Smart cards used as

secure signature creation devices

G. MEISTERGERMANY

To be reactivated in 2011

K. PHILIPPGERMANY

WG 17Protection Profiles

in thecontext of e-Sign

C. SUTTERGERMANY

WG 18Interoperability of

Biometrics recorded data

N. DELVAUXFRANCE

Focus on some activities (programme of work of WG6)

WG 6 User Interface: group currently reactivated

following the expression of new needs

Accessibility standards to be potentially revised:

EN 1332-4 : Identification card systems - Man-machine interface - Part 4: Coding of user

8

EN 1332-4 : Identification card systems - Man-machine interface - Part 4: Coding of user

requirements for people with special needs

EN 1332-3: Identification card systems - Man-machine interface - Part 3: Keypads

EN 1332-5: Identification card systems - Man-machine interface - Part 5: Raised tactile

symbols for differenciation of application on ID-1 cards

Focus on some activities (programme of work of WG11)

WG 11 Transport Applications

Two main standards already developed within the WG11 and soon

revised:EN1545-1: Identification cards system – Surface Transport Applications – Part 1:

elementary data types, general code lists and general data elements

9

elementary data types, general code lists and general data elements

EN1545-2: Identification cards system – Surface Transport Applications – Part 2:

transports’ and travel’s payments related data elements and code lists

Integration of the EU-IFM project and complete data based elements

in this revision

Focus on some activities (programme of work of WG15)

WG 15 European Citizen Card

TS 15480-1 ECC physical, electrical, and transport protocol characteristics (under

revision)

TS 15480-2 ECC logical data structures and security services (under revision)

10

TS 15480-3 ECC interoperability using an application interface (under publication)

TS 15480-4 Recommendations for ECC insurance, operation and use (under progress)

Future part 5: Overview of ECC standard and implementation guidelines (under progress)

Focus on some activities (programme of work of WG16)

WG 16 Smart cards used

as Secure Signature Creation Device:

Two main standards developed within the group:EN 14890-1: Application Interface for smart cards used as Secure Signature Creation

Devices - Part 1: Basic services

EN 14890-2: Application Interface for smart cards used as Secure Signature Creation

11

EN 14890-2: Application Interface for smart cards used as Secure Signature Creation

Devices - Part 1: Basic services

New amendments to EN 14890-1/2 regarding:

• New algorithm e.g. AES for Secure Messaging

• New formally and cryptographically proven password based authenticationprotocols e.g. PACE• New formally proved privacy protocols e.g. for online Id management

• Allgnements related to Web services and cards

Focus on some activities( ~ 15 Protection profiles in development in WG17)

WG 17 Protection Profiles in the context

of e-Signature

Ongoing conversion into TS/EN of CWA 14169 on protection profile (PP)

for a secure signature creation device (generally recognised standard in

the European Decision): priority of the European Mandate on Electronic

Signature

Conversion into TS/EN of CWA 14167 on security requirements for

trustworthy systems managing certificates for electronic signatures

12

trustworthy systems managing certificates for electronic signatures

(generally recognised standard in the European Decision): priority of the

European Mandate on Electronic Signature

+ incorporation of additional requirements such as server signing

Protection Profile

== > coordinated work with ETSI TC ESI

Drafting of an EN for a PP on signature creation and verification

application

(PP SVA/PP SVA)

Drafting of an EN for a PP on Device Authentication

Focus on some activities (programme of work of WG18)

WG 18 Interoperability of Biometrics Recorded Data: officially

launched in November 2010

Two Technical Specifications under development to comply with the

European Commission requirements for interoperability and security of

exchange at a European scale

13

Harmonisation and interoperability of slap-ten print capture for Biometrics

Application profiles of international standards to satisfy European biometrics requirements

for automatic cross-boarding equipment

For further actions

Contact your National Standardization Organisation and joint TC 224 team!

TC 224 contact points and National contact point in France

Dominique.lescribaa@cartes-bancaires.com

14

Dominique.lescribaa@cartes-bancaires.comCaroline.deconde@afnor.org

Thank you for your attention!