Previous | Table of Contents | Next |
The Verify Command
The Verify command is a command sent by a reader-side application to the security system on the card to allow it to check for a match to password-type information stored on the card. That is, this command is used to allow the reader-side application to convince the card that it (the reader-side application) knows a password maintained by the card to restrict access to information on the card.
The password-type information may be attached to a specific file on the card or to part or all of the file hierarchy on the card. Successful execution of this command indicates that the reader-side application did know the correct password and puts the card into a state such that a subsequent access to a file guarded by this password information will succeed.
If the Verify command fails (that is, the password required by the card is not correctly provided by the reader-side application), an error status indicator is returned by the card to the reader-side application.
The Internal Authenticate Command
The Internal Authenticate command is a command sent by a reader-side application to the security system on the card to allow the card to prove that it possesses a secret key that is shared with the reader-side application. To prepare this command, the reader-side application creates a set of challenge data; that is, essentially the reader-side application generates a random number. This number is then encrypted with some agreed on algorithm (with the card); this constitutes a challenge to the card.
When given the command, the card decrypts the challenge with a secret key stored in a file on the card. The information derived from the decryption is then passed back to the reader-side application as a response to the command. If the card really does have the correct secret key, the information passed back will be the random number generated by the reader-side application prior to issuing the Internal Authenticate command.
This command is used by the reader-side application to authenticate the cards identity. That is, when the command is successfully completes, the reader-side application knows the identity of the card and can give to the card access to information or services within the reader-side application.
The External Authenticate Command
The External Authenticate command is used by a reader-side application in conjunction with the Get Challenge command (described in the next section) to allow the reader-side application to authenticate its identity to the card.
Through the Get Challenge command, the reader-side application receives a set of challenge data from the card (that is, a random number generated by the card). The reader-side application then encrypts this information with a secret key. This then forms a cryptogram that is sent to the card via the External Authenticate command. If the reader-side application knows the same secret key that is stored on the card, then when the card decrypts the cryptogram it will find the same random number generated by the last Get Challenge command. Therefore, the card now knows the identity of the reader-side application and can give it (the reader-side application) access to data stored on the card.
The attractive characteristics of this method (from a security standpoint) is that the secret key used to authenticate identity between the reader-side application and the card was never transferred between the reader-side application and the card.
The Get Challenge Command
The Get Challenge command is used by the reader-side application to extract information that can be used to formulate a cryptogram for the card and validated through an External Authenticate command. The result of this command is the generation of a random number by the card, which is then passed back to the reader-side application.
The Manage Channel Command
The Manage Channel command is used by the reader-side application to open and close logical communication channels between it and the card. When the card initially establishes an application-level protocol with the reader-side application (that is, following the ATR sequence), a basic communication channel is opened. This channel is then used to open or close additional logical channels via the Manage Channel command.
Previous | Table of Contents | Next |