1 Introduction
During the process of building an IC card application system, how to define the data information (relative to the logical encryption card) in the card or the application type and its data information (relative to the CPU card) in the card and write the data information into the card for application in the system. Trading is an important part. This aspect is often referred to in the industry as card personalization. Card personalization can be performed on a special equipment machine to facilitate the personalization of large-volume cards. It can also be done by connecting an IC card reader on a PC to facilitate the small-volume card. Regardless of the hardware device, a set of program software must be designed for personalization. This program software is often called a card issuer. This article discusses the key technical issues and solutions that will be encountered during the design of the CPU card issuer.
CPU card issuance can be roughly divided into three components: (1) card structure establishment; (2) key writing; (3) personal data writing. Of course, in order to ensure correct card issuance, it is best to use the card structure while writing the key and personalization data in the programming process.
2 Preparation before card issuance
Generally, when the card supplier provides the card, the card has been initialized (mainly used to test the card), that is, the master file (MF) and the master key file (Keyfile under MF) have been created on the card. The initial card master key has also been written in the master key file.
Before establishing a specific card structure and writing keys and data to the CPU card, the first step in programming should be to externally authenticate the card. The key used for external authentication is the initial card master key.
When the external authentication is completed, it is better to erase the existing card structure on the card and then start re-establishing the card structure.
In the design process, many card issuing programs do not take into account the existing card structure on the card, but directly rewrite the card master key of the original card's master key file after completing the external authentication. The common problem is that the space of the original master key file is not enough. When the card issuing program tries to write the card maintenance key in addition to the card master key, it will inevitably cause insufficient writing space and cause writing. unsuccessful.
3 Key file creation and key value writing
In order to independently manage security issues between different applications on a card, each application in the CPU card is placed in a separate ADF. Access to each ADF and its subordinate file data (including rewriting, reading) can only be applied to the key value in the key file under the ADF. For the sake of discussion, it is assumed here that there is only one ADF.
The following two key files and corresponding keys exist in the user card structure:
(1) Key file under MF (referred to as KMF), the key to be loaded is the card master key (referred to as CCK, the same below);
(2) A key file (abbreviated as KADF) under the ADF, and the key to be loaded has an application master key (abbreviated as ACK, the same below), an application maintenance key (AMK), and other application keys;
(3) Other keys, such as password key PIN, password unlocking key, DES operation key, and the like.
3.1 Creation of a key file
Each key file must be carefully considered in the following two elements:
(1) the allocation of file size;
(2) Provisions regarding the subsequent status values ​​after the authority and key usage.
The size of the key file is allocated depending on the number of keys to be loaded. Each key is a variable length record, and the length of each record is 7 times the length of the key data. This allows you to calculate the size of the key file. In the process of card issuance design, it is often the case that the key cannot be written because the key file is not allocated enough.
The definition of the authority and the subsequent state value after the key is used in the key file establishment process plays a role in the security maintenance of the key file itself, and on the other hand, determines the flow of the card operation. Obviously this element is crucial.
3.2 Write of each key value
Regarding the writing of key values, the key issue is to figure out what form the key requires to be written. There are usually the following forms:
(1) written in clear text (common such as the writing of the password key PIN);
(2) Write in the form of line protection (requires calculation of MAC);
(3) Writing in ciphertext after encrypting the key value (requires calculation of DES or 3DES);
(4) Write in the form of encrypting the key value and having line protection (requires calculation of DES & MAC).
If the key value is required to be encrypted and protected by line protection, the key value must be written in cipher text after DES&MAC calculation. (Of course, the card operating system automatically interprets it as Clear text), with line protection is to prevent the key value from being robbed during the writing process. If line protection writes are not required, they can be written directly in clear text.
In the card issuance design process, pay particular attention to the relationship between the card master key, the application master key, the application maintenance key, and other keys and their write requirements.
3.2.1 Card Master Key and Application Master Key
The card master key is a key that controls the access to the entire card, written by the card manufacturer, and replaced by the card issuer as the card master's card master key. During the card issuance design process, the card master key must be used for external authentication before any operation on the card.
The application master key is the application's control key and is written under the control of the card master key. Generally, after the card issuer replaces the card's master key, in order to verify that the replacement work is correct, the new card master key is used for an external authentication.
During the process of building an IC card application system, how to define the data information (relative to the logical encryption card) in the card or the application type and its data information (relative to the CPU card) in the card and write the data information into the card for application in the system. Trading is an important part. This aspect is often referred to in the industry as card personalization. Card personalization can be performed on a special equipment machine to facilitate the personalization of large-volume cards. It can also be done by connecting an IC card reader on a PC to facilitate the small-volume card. Regardless of the hardware device, a set of program software must be designed for personalization. This program software is often called a card issuer. This article discusses the key technical issues and solutions that will be encountered during the design of the CPU card issuer.
CPU card issuance can be roughly divided into three components: (1) card structure establishment; (2) key writing; (3) personal data writing. Of course, in order to ensure correct card issuance, it is best to use the card structure while writing the key and personalization data in the programming process.
2 Preparation before card issuance
Generally, when the card supplier provides the card, the card has been initialized (mainly used to test the card), that is, the master file (MF) and the master key file (Keyfile under MF) have been created on the card. The initial card master key has also been written in the master key file.
Before establishing a specific card structure and writing keys and data to the CPU card, the first step in programming should be to externally authenticate the card. The key used for external authentication is the initial card master key.
When the external authentication is completed, it is better to erase the existing card structure on the card and then start re-establishing the card structure.
In the design process, many card issuing programs do not take into account the existing card structure on the card, but directly rewrite the card master key of the original card's master key file after completing the external authentication. The common problem is that the space of the original master key file is not enough. When the card issuing program tries to write the card maintenance key in addition to the card master key, it will inevitably cause insufficient writing space and cause writing. unsuccessful.
3 Key file creation and key value writing
In order to independently manage security issues between different applications on a card, each application in the CPU card is placed in a separate ADF. Access to each ADF and its subordinate file data (including rewriting, reading) can only be applied to the key value in the key file under the ADF. For the sake of discussion, it is assumed here that there is only one ADF.
The following two key files and corresponding keys exist in the user card structure:
(1) Key file under MF (referred to as KMF), the key to be loaded is the card master key (referred to as CCK, the same below);
(2) A key file (abbreviated as KADF) under the ADF, and the key to be loaded has an application master key (abbreviated as ACK, the same below), an application maintenance key (AMK), and other application keys;
(3) Other keys, such as password key PIN, password unlocking key, DES operation key, and the like.
3.1 Creation of a key file
Each key file must be carefully considered in the following two elements:
(1) the allocation of file size;
(2) Provisions regarding the subsequent status values ​​after the authority and key usage.
The size of the key file is allocated depending on the number of keys to be loaded. Each key is a variable length record, and the length of each record is 7 times the length of the key data. This allows you to calculate the size of the key file. In the process of card issuance design, it is often the case that the key cannot be written because the key file is not allocated enough.
The definition of the authority and the subsequent state value after the key is used in the key file establishment process plays a role in the security maintenance of the key file itself, and on the other hand, determines the flow of the card operation. Obviously this element is crucial.
3.2 Write of each key value
Regarding the writing of key values, the key issue is to figure out what form the key requires to be written. There are usually the following forms:
(1) written in clear text (common such as the writing of the password key PIN);
(2) Write in the form of line protection (requires calculation of MAC);
(3) Writing in ciphertext after encrypting the key value (requires calculation of DES or 3DES);
(4) Write in the form of encrypting the key value and having line protection (requires calculation of DES & MAC).
If the key value is required to be encrypted and protected by line protection, the key value must be written in cipher text after DES&MAC calculation. (Of course, the card operating system automatically interprets it as Clear text), with line protection is to prevent the key value from being robbed during the writing process. If line protection writes are not required, they can be written directly in clear text.
In the card issuance design process, pay particular attention to the relationship between the card master key, the application master key, the application maintenance key, and other keys and their write requirements.
3.2.1 Card Master Key and Application Master Key
The card master key is a key that controls the access to the entire card, written by the card manufacturer, and replaced by the card issuer as the card master's card master key. During the card issuance design process, the card master key must be used for external authentication before any operation on the card.
The application master key is the application's control key and is written under the control of the card master key. Generally, after the card issuer replaces the card's master key, in order to verify that the replacement work is correct, the new card master key is used for an external authentication.
Stainless Steel Bottles are made from high-grade 18/8 stainless steel. This material is food grade, non-toxic, durable and easy to clean.
And we got a lot of different kinds of Stainless Steel Bottles. For example: Stainless Steel Cola Bottle, a classic design that is popular in the market and easy to use, also looks good. Speaking of looking, our Cola Bottle comes in changeable colors and diverse patterns.
Stainless Steel Cola Bottle,Stainless Steel Vacuum Cola Bottle,Stainless Steel Silk Printing Bottle,Stainless Steel Rubber Printing Bottle
Ningbo Auland International Co.,Ltd. , https://www.ecocolabottle.com