Smart Card Application Standard Draft



Similar documents
Functional Specification of the OpenPGP application on ISO Smart Card Operating Systems

MUSCLE Cryptographic Card Edge Definition for Java 1 Enabled Smartcards

Exercise 1: Set up the Environment

Gemalto Mifare 1K Datasheet

ACR122 NFC Contactless Smart Card Reader

MDG. MULTOS Developer's Guide. MAO-DOC-TEC-005 v MAOSCO Limited. MULTOS is a registered trademark of MULTOS Limited.

ETSI TS V1.2.1 ( )

Overview of Contactless Payment Cards. Peter Fillmore. July 20, 2015

Application Programming Interface

Measurement and Analysis Introduction of ISO7816 (Smart Card)

Reverse engineering smart cards

AN1304. NFC Type MIFARE Classic Tag Operation. Application note PUBLIC. Rev October Document information

AN1305. MIFARE Classic as NFC Type MIFARE Classic Tag. Application note COMPANY PUBLIC. Rev October Document information

EMV (Chip-and-PIN) Protocol

Getting to know your card: Reverse-Engineering the Smart-Card Application Protocol Data Unit for PKCS#11 Functions

SIM CARD PROTOCOLS. This paper attempts in broad strokes to outline the construction of these protocols and how they are used.

Securing Card-Not-Present Transactions through EMV Authentication. Matthew Carter and Brienne Douglas December 18, 2015

EMV (Chip and PIN) Project. EMV card

USB Card Reader Configuration Utility. User Manual. Draft!

[MS-RDPESC]: Remote Desktop Protocol: Smart Card Virtual Channel Extension

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,

RVS Seminar Deployment and Performance Analysis of JavaCards in a Heterogenous Environment. Carolin Latze University of Berne

Keep Out of My Passport: Access Control Mechanisms in E-passports

Interoperability Specification for ICCs and Personal Computer Systems

Biometrics, Tokens, & Public Key Certificates

The Answer to the 14 Most Frequently Asked Modbus Questions

ACR122U USB NFC Reader

Nemo 96HD/HD+ MODBUS

AN MIFARE DESFire as Type 4 Tag. Rev May Application note COMPANY PUBLIC. Document information.

Caml Virtual Machine File & data formats Document version: 1.4

HOST Embedded System. SLAVE EasyMDB interface. Reference Manual EasyMDB RS232-TTL. 1 Introduction

CHAPTER 5 SMART CARD TECHNOLOGY

Technical Support Bulletin Nr.18 Modbus Tips

Specifications for the Smart-Card Operating System for Transport Applications (SCOSTA)

The SmartLogic Tool: Analysing and Testing Smart Card Protocols

Security Analysis of PLAID

Contactless Smart Cards vs. EPC Gen 2 RFID Tags: Frequently Asked Questions. July, Developed by: Smart Card Alliance Identity Council

NFC Tag Type 5 Specification

Government Smart Card Interoperability Specification

Java Card. Smartcards. Demos. . p.1/30

Functional Specification of the OpenPGP application on ISO Smart Card Operating Systems. Version Author: Achim Pietig

GlobalPlatform. Card Specification. Version 2.2

Open Mobile API Test Specification for Transport API

RFID MODULE Mifare Reader / Writer SL030 User Manual Version 2.6 Nov 2012 StrongLink

Mifare DESFire Specification

Smart Card. Smart Card applications

Extending EMV payment smart cards with biometric on-card verification

Smart Card Based User Authentication

Sample EHG CL and EHG SL10 16-bit Modbus RTU Packet

Introducing etoken. What is etoken?

Volume Serial Numbers and Format Date/Time Verification

EUROPEAN CARD FOR e-services

The English translation Of MBA Standard 0301

JCB Terminal Requirements

Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems Version 2.3

Tamper protection with Bankgirot HMAC Technical Specification

Acquirer Device Validation Toolkit (ADVT)

Secure Automatic Ticketing System

MODBUS APPLICATION PROTOCOL SPECIFICATION V1.1b CONTENTS

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

An NFC Ticketing System with a new approach of an Inverse Reader Mode

Mobile and Contactless Payment Security

Application Note. Introduction AN2471/D 3/2003. PC Master Software Communication Protocol Specification

Introduction...3 Terms in this Document...3 Conditions for Secure Operation...3 Requirements...3 Key Generation Requirements...

Configuring SSL Termination

Toshiba Serial Driver Help Kepware Technologies

Signalling Control System Serial Train Information Interface

Smart Card Technology Capabilities

Binary Representation

Applying recent secure element relay attack scenarios to the real world: Google Wallet Relay Attack

Simple Network Management Protocol

Moven Studio realtime. streaming

Services and Data Definitions

jcardsim Java Card is simple!

EMV 96 Integrated Circuit Card Terminal Specification for Payment Systems

New Attacks against RFID-Systems. Lukas Grunwald DN-Systems GmbH Germany

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

AN mifare Ultralight Features and Hints. Document information. Multiple ticketing, secured data storage, implementation hints

MODBUS APPLICATION PROTOCOL SPECIFICATION V1.1b3 CONTENTS

Modbus and ION Technology

Lesson-3 CASE STUDY OF AN EMBEDDED SYSTEM FOR SMART CARD

AN2598 Application note

3GPP TS V ( )

Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems Version 2.2

Detailed Specifications

OCRA Validation Server Profile

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

SSH Secure Shell. What is SSH?

OPENID AUTHENTICATION SECURITY

APPLICATION PROGRAMMING INTERFACE

EMVCo Letter of Approval - Contact Terminal Level 2

RFID MODULE Mifare Reader / Writer SL025B User Manual Version 1.4 Nov 2012 StrongLink

CTNET Field Protocol Specification November 19, 1997 DRAFT

MF1 IC S General description. Functional specification. 1.1 Contactless Energy and Data Transfer. 1.2 Anticollision. Energy

NISTIR 7676 Maintaining and Using Key History on Personal Identity Verification (PIV) Cards

ACCESS 9340 and 9360 Meter Ethernet Communications Card ETHER

1 DNS Packet Structure

Transcription:

Smart Card Application Standard Draft

Contents 1 SCOPE... 6 1.1 DEFINITIONS / DOCUMENT CONVENTIONS... 6 2 KEY DATA ELEMENTS AND CONCEPTS... 7 2.1 STATIC CARD INFORMATION... 7 2.1.1 Card ID (CdID)... 7 2.1.2 Application Version... 8 2.2 CHALLENGE/RESPONSE VERIFICATION... 8 2.2.1 Challenge... 9 2.2.2 Response... 10 2.2.3 Verification... 10 3 CARD READING PROCESS... 11 4 APDU/RPDU SPECIFICATIONS... 12 4.1 ERROR HANDLING... 12 4.2 SELECT EVAPP COMMAND/RESPONSE... 12 4.2.1 APDU... 12 4.2.2 RPDU... 12 4.3 STATIC READ APPLICATION COMMAND/RESPONSE... 13 4.3.1 APDU... 13 4.3.2 RPDU... 14 4.4 SECURITY OPERATION COMMAND/RESPONSE... 14 4.4.1 APDU... 14 4.4.2 RPDU... 15 5 VERIFICATION REQUEST... 17

Scope This document standardizes a contactless smartcard EV application (EVAPP) to ensure that an EV charging card can be read and verified. The document introduces key concepts and then specifies the actual messages between the smart card and the CS. Definitions / Document Conventions Term Charge Spot (CS) Card Charge Spot Operator (CS Operator) Card Issuer Verification EVAPP APDU RPDU Definition A power outlet to which a vehicle connects and which includes an ISO/IEC 14443 type A and B contactless smartcard card reader and a communication network connecting to the card issuer. An ISO/IEC 14443 type A or B contactless smartcard. The organization operating the CS. A CS would normally connect to a control center operated by the CS operator and only through it to the card issuer systems. The organization that issued the card to the customer and can verify its authenticity. This organization would normally have some contact in place with both the customer and the CS operator to facilitate the use of electricity by the customer at the CS. The process of ensuring that a card is genuine and information was not retransmitted. The card application standardized in this document. This application would be issued a unique card application ID according to ISO/IEC 7816-5. APDU stands for Application Protocol Data Unit. A communication unit between a smartcard reader and a smartcard. The structure of an APDU is defined by the ISO/IEC 7816 standards. Short for response APDU.

Key Data Elements and Concepts Static card information The following information should be available on the card, transmitted to the CS and forwarded to the acquirer during a card read. Card ID (CdID) The card ID is send by the card both in clear text and signed as part of the cryptogram for verification purposes. The card ID is used by the CS or CS operator to route the verification request to the card acquirer. Content Field Country Operator Card Number Length/Range 2 characters 1-100 1-999,999,999 Description Country code Numerical code of the card issuer Management Display Format According to ISO 3166 2 Allocated by national standardization bodies. Serial number assigned to the card Assigned and manage by a card issuer. Field Country Separator Operator Separator Serial Number Format/Value String. Decimal Number Example Transport Format IL.1.14534. Decimal Number Field Padding Country Operator Serial Number Format Example ASCII 00 00IL001000014534 2 character ASCII string Decimal number left padded with zero to fill 3 characters ASCII string Decimal number left padded with zero to fill 9 characters ASCII string 2 http://www.iso.org/iso/english_country_names_and_code_elements

Application Version CdVer and CdEnc are 4 bytes unsigned integers written to the card at issuing or pre-personalization and should not be writable from the outside afterwards. CdVer and CdEnc are sent by the card with each use and relayed to the card acquirer. Their use is determined by the card issued and acquirer and is opaque to CS and CS operator. These fields enable flexibility in issuing cards which enable updates while keeping compatibility with older cards. Two use cases already identified are: o Changing a master key: a different CdVer value could be used to indicated a different master key in case of a compromise or key distribution. o Changing encryption algorithms: if the card is capable of more advanced algorithms, or if a flaw is found in the response generation function, CdEnc can indicate a different encryption suite. Challenge/Response Verification Card verification is performed between the CS, card and the card issuer using a challenge/response mechanism and the following flow. Note that the actual implementation of the response generation is internal to the card and issuer system and not part of this standard.

Challenge The following fields should be sent by the CS to the card as a challenge: TransTime Unsigned Integer 8 bytes Current time in Unix time format 3. RdRand Unsigned Integer 4 bytes A random number CsIDHash Unsigned Integer 4 bytes See section 0 for more information 3 For details on Unix time refer to http://en.wikipedia.org/wiki/unix_time

CSID. Response The following fields should be sent by the card to the CS as a response: Cryptogram Unsigned Integer 24 bytes The card response to the challenge. CdCount Unsigned Integer 2 bytes The card may keep a 16 bit internal card register that is incremented each time the card provided a challenge response to a reader. The counter enables a verification server to ensure that a response is not recorded and retransmitted intentionally. Note that while the card has this feature the verification server does not have to use and can rely on the alternate time based method Verification As noted the details of the verification process are internal to the card issuer implementation. However, the system allows for the following mechanisms to ensure that information cannot be copied of replayed: The card ID may be signed by the card. The transaction time may be signed by the card. CdCount may be implemented and signed by the card to ensure it is an ever increasing number. The device ID of the charge spot is signed by the card. The issuer may alternate means of validating the ID, such as ensuring the charge requests for a device are received only from the partner to which this device belongs.

Card Reading Process The card read phase will have the following phases: Phase Request Response Description 1 ISO/IEC 14443 Polling 2 ISO/IEC 14443 Anti-Collision 3 ISO/IEC 14443 Activation According to the ISO/IEC 14443 principles. 4 Select EVAPP by AID 5 Read Static Record EVAPP FCI See 0 Card Static information See 0 6 Perform Security Operation Cryptogram See 0 7 ISO/IEC 14443 Teardown Close the connection as defined by ISO 14443.

APDU/RPDU specifications Error Handling Any other coding of the any of the APDU below will be answered by the card using an ISO/IEC 7816-4 SW1SW2 that define a relevant error code. A multi-application reader might send to the card other commands during the application selection phase not listed below, the card will response to any other commands not listed below using an ISO/IEC 7816-4 SW1SW2 error code. Select EVAPP Command/Response APDU The Select Application command is detailed in the standard ISO/IEC 7816-4. The coding of the select EVAPP APDU will be according to the following: Issue: Length Issue: APDU Field Issue: Value Issue: 1 Issue: CLA Issue: 0x00 Issue: 1 Issue: INS Issue: 0xA4 Issue: 1 Issue: P1 Issue: 0x04 Issue: 1 Issue: P2 Issue: 0x00 Issue: 1 Issue: Lc Issue: 0x07 Issue: 7 Issue: Data Issue: EVAPP Issue: 1 Issue: Le Issue: 0x00 Packet Example: 0000 02 00 A4 04 00 07 XX XX 0008 XX XX XX XX XX 00 RPDU The above Select application APDU will be responded by the card with the following RPDU:

Issue: Length Issue: Template Issue: Tag Issue: 2 Issue: 0x6F Issue: Issue: 8 Issue: Issue: 0x84 Issue: 3 Issue: Issue: 0xA5 Issue: 8 Issue: Issue: Issue: 8 Issue: Issue: Packet Example: 0000 02 6F 1B 84 07 XX XX XX 0008 XX XX XX XX A5 10 DF 81 0010 10 04 XX XX XX XX DF 81 0018 11 04 XX XX XX XX 90 00 Static Read Application Command/Response APDU The Read Redcord command is detailed in the standard ISO/IEC 7816-4. The coding of the APDU of read record command in the EVAPP will be according to the following: Issue: Length Issue: APDU Field Issue: Value Issue: 1 Issue: CLA Issue: 0x00 Issue: 1 Issue: INS Issue: 0xB2 Issue: 1 Issue: P1 Issue: 0x01 Issue: 1 Issue: P2 Issue: 0x0C

Issue: 1 Issue: Lc Issue: 0x00 Packet Example: 0000 03 00 B2 01 0C RPDU The above Select application APDU will be responded by the card with the following RPDU: Issue: Length Issue: Template Issue: Tag Issue: 2 Issue: 0x70 Issue: Issue: 13 Issue: Issue: 0xDF 0x81 0x12 Packet Example: 0000 03 70 14 DF 81 12 10 XX 0008 XX XX XX XX XX XX XX XX 0010 XX 90 00 Security Operation Command/Response APDU The Perform Security Operation command is detailed in the standards ISO/IEC 7816-4 and ISO/IEC 7816-8. The APDU of the perform security operation in the EVAPP APDU will be according to the following: Issue: Length Issue: APDU Field Issue: Template/Tag Issue: 1 Issue: CLA Issue: Issue: 1 Issue: INS Issue: Issue: 1 Issue: P1 Issue:

Issue: 1 Issue: P2 Issue: Issue: 1 Issue: Lc Issue: Issue: 7 Issue: Data Issue: 0xF0 Issue: Issue: Issue: 0xDF 0x81 0x13 Issue: Issue: Issue: 0xDF 0x81 0x14 Issue: Issue: Issue: 0xDF 0x81 0x15 Issue: 1 Issue: Le Issue: Packet Example: 0000 02 80 2A 82 80 1E F0 1C 0008 DF 81 13 08 XX XX XX XX 0010 XX XX XX XX DF 81 14 04 0018 YY YY YY YY DF 81 15 04 0020 TT TT TT TT 00 RPDU The above security operation APDU will be responded by the card with the following RPDU: Issue: Length Issue: Template Issue: Tag Issue: 2 Issue: 0x77 Issue: Issue: 6 Issue: Issue: 0xDF 0x81 0x17 Issue: 28 Issue: Issue: 0xDF 0x81 0x16 Packet Example: 0000 02 77 22 DF 81 17 02 XX 0008 XX DF 81 16 18 YY YY YY

0010 YY YY YY YY YY YY YY YY 0018 YY YY YY YY YY YY YY YY 0020 YY YY YY YY YY

Verification Request Based on information the charge spot gathers during card read, it creates a verification block. The verification block is the data unit sent across the network from the charge spot to the card issuer and used to verify the authenticity of the card. The structure of the verification block is: Field Format Length Description CdVer Unsigned integer 4 bytes Application version used by the card as sent by the card. CdEnc Unsigned integer 4 bytes Encryption algorithm used by the card as sent by the card. CdID Fixed length string 16 bytes The Card ID in transport format (see 0). CdCryptogram Unsigned Integer 24 bytes The response provided by the card for the challenge as sent by the card. CdCount Unsigned Integer 2 bytes The card use counter as received in the response. TransTime Unsigned Integer 8 bytes Challenge time in Unix time 4 format RdRand Unsigned Integer 4 bytes Challenge random number CsID Null terminated string 64 bytes The charging device ID from which the CDevHash was derived. 4 For details on Unix time refer to http://en.wikipedia.org/wiki/unix_time

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information