Previous | Table of Contents | Next |
We started by creating an internal authentication key file that contains the 8-byte key 0 Vagabond. This file, 000116, is in the root directory and looks as shown in Table 5.14.
Byte Number | Description | Value | Interpretation of Value |
---|---|---|---|
1 | Unused | 0016 | Unused |
2 | Length of key 0 | 816 | Key 0 is 8 bytes long. |
3 | Algorithm for key 0 | 016 | Use DES with key 0. |
4-11 | Key 0 | 5616 6116 6716 6116 6216 6F16 6E16 6416 | Vagabond |
12 | Maximum attempts for key 0 | 0316 | Block key after three successive failed attempts. |
13 | Remaining attempts for key 0 | 0316 | There are three failures left before the key is blocked. |
14 | Length of key 1 | 016 | No more keys in the file. |
The terminal starts the authentication process by sending to the card an Internal Authentication command, which contains the random challenge
CLA | INS | P1 | P2 | Length | Challenge |
---|---|---|---|---|---|
C016 | 8816 | 0016 | 0016 | 0816 | 2A16 6116 BD16 8016 A416 F916 F316 3E16 |
The card encrypts the challenge using the key and algorithm of key 0 in 000116 and then responds with the status code
6116 0616
which means OK, I encrypted the challenge with key 0 in the file 0001 and I have six bytes of the result to give back to you.
The terminal uses the Get Response command to get the 6 bytes from the card
1E16 8616 1516 C716 1516 8C16
and compares them with the first 6 bytes of its own DES encryption of the challenge using the key Vagabond. The bytes are identical, so the card possesses the key that the terminal was looking for, hence the identity of the card has been established.
We have said that there can be a PIN and up to 16 external authentication keys in each directory on the card. We have also noticed that the access conditions for operations on files are expressed in terms of a PIN or one of 16 cryptographic keys.
What happens when you successfully present a PIN in one directory and then move to another directory with a different PIN file? Does the first PIN authentication follow you? What if you move to a directory that doesnt have a PIN file, but there is a file in this new directory with an operation that is protected by a PIN? Does your old PIN work? The same questions obviously apply to cryptographic key authentication.
Smart cards vary as to their authentication-state maintenance policies and the ISO standards are mute on the subject. What we describe here is the policy of your Multiflex card. Do not assume that all cards behave the same way.
Authentication state in the Multiflex card is carried in three 2-byte variables:
When an access-controlled operation is about to take place, the operating system simply checks these variables. If PIN authentication is required and the PIN authentication directory variable is non-null, then the operation is allowed to proceed. Otherwise, it fails. If a cryptographic key authentication is required, the external authentication directory and external authentication key variables are checked. If the first is non-null and the bit corresponding to the required key in the second is set, then the operation is allowed to proceed. Otherwise, it fails.
Moving from one elementary file to another within a directory does not change the setting of the authentication state variables since all elementary files in a directory use the same PIN and external authentication files for their access controls. Selecting a new directory does change the authentication state. Figure 5.1 shows the procedure for the PIN authentication directory variable.
Figure 5.1. PIN authentication procedure.
The procedure for the external authentication directory and external authentication keys variables is exactly the same except the external authorization directory and externalization authorization keys state variables are cleared rather than the PIN authentication directory state variable.
The bottom line of this procedure is that authorizations dont follow you as you hop from one directory to another on the card unless the files in the new directory use the same authorization files as the files in the old directory. This seems perfectly reasonable. What PIN and external authentication files is a particular file governed by? If there is a PIN or an external authentication file in the same directory as the file, thats the one the file uses. If not, search from the directory back toward the master file and use the first PIN or external authorization file depending on what you are looking forthat you find.
In the frequent case that you move into a subdirectory of the current directory, your authorizations stay with you unless there is a new authorization filePIN or externalin the subdirectory, in which case the corresponding authorizations are cleared and you have to show possession of the new key(s) in order to regain them.
Previous | Table of Contents | Next |