Professional Documents
Culture Documents
VERSION 2.9
DISCLAIMER
Copyright Reserved. This document is the property of Watchdata Technologies Pte Ltd . No part of this document can be reproduced or, otherwise disclosed without prior consent in writing from Watchdata Technologies Pte Ltd.
Version Tracking
Document Name TimeCOS TimeCOS Version 2.9 2.9_1 Changes Initial Document English Version Editor chengjinhua Date 3/2005 8/2005
Table of Content
1. About TimeCOS 2.9 Reference Manual............................................................. 9 1.1 Overview......................................................................................................... 9 1.2 Reference ........................................................................................................ 9 1.3 Definitions....................................................................................................... 9 1.4 Abbreviations and Notations.......................................................................... 11 2. TimeCOS 2.9 Introduction............................................................................... 14 2.1 About TimeCOS 2.9 ...................................................................................... 14 2.2 TimeCOS Architecture Overview .................................................................. 14 2.2.1 Card Logic infrastructure ........................................................................ 14 2.2.2 Card Operating System Architecture ....................................................... 15 2.2.3 TimeCOS 2.9 Commands Set.................................................................. 16 3. TimeCOS 2.9 File Management .......................................................................... 17 3.1 File structure.................................................................................................. 17 3.2 File format..................................................................................................... 19 3.2.1 Overview ................................................................................................ 19 3.2.2 File type ........................................................................................... 19 3.2.3 File Identifier (FID) and File Name .................................................. 20 3.2.3.1 File Identifier (FID).......................................................................... 20 3.2.3.2 Filename .......................................................................................... 20 3.3 Select Files .............................................................................................. 21 3.4 Dedicated File (DF) ....................................................................................... 21 3.4.1 Master File (MF)..................................................................................... 21 3.4.1.1 Definition ..................................................................................... 21 3.4.1.2 header definition .............................................................................. 22 3.4.1.3 File operations commands ............................................................ 22 3.4.2 Dedicated File .................................................................................. 22 3.4.2.1 Definition ..................................................................................... 22 3.4.2.2 Header file definition.................................................................... 23 3.4.2.3 File Name..................................................................................... 23 3.4.2.4 Files operations commands........................................................... 23 3.5 Common Elementary Files (CEF).............................................................. 23 3.5.1 Binary Files (BF) .................................................................................... 24 3.5.1.1 Definition......................................................................................... 24 3.5.1.2 File Body Structure-Transparent file............................................. 24 3.5.1.3 Header File Definition ................................................................. 24 3.5.1.4 File Operations Commands .......................................................... 24 3.5.2 Fixed-length Record Files (FLRF).................................................... 25 3.5.2.1 Definition......................................................................................... 25 3.5.2.2 File body structures Fixed length series file................................... 25 3.5.2.3 Header File Definition...................................................................... 25 2.1.1.1 3.5.2.4 File Operations Commands ............................................. 26 3.5.3 Cyclic Record Files (CRF) ............................................................... 26 3.5.3.1 Definition......................................................................................... 26 3.5.3.2 File body structures Cyclic file ...................................................... 26
3.5.3.3 Header File Definition...................................................................... 27 3.5.3.4 File Operations Commands ............................................................. 27 3.5.4 Elementary Purse File ...................................................................... 27 3.5.4.1 Definition......................................................................................... 27 3.5.4.2 File body structures Cyclic file ...................................................... 27 3.5.4.3 Header File Definition...................................................................... 28 3.5.4.4 File Operations Commands ............................................................. 28 3.5.5 Electrical Purse/Deposit File ............................................................ 29 3.5.5.1 Definition......................................................................................... 29 3.5.5.2 File body structures cyclic file ....................................................... 29 3.5.5.3 ED/EP File Header Definition .......................................................... 29 3.5.5.4 File Operations Commands ............................................................. 30 3.5.6 Variable-length Record Files (VLRF) ..................................................... 30 3.5.6.1 Definition......................................................................................... 30 3.5.6.2 File body structures Variable-length line file ................................. 30 3.5.6.3 File Header Definition ..................................................................... 31 3.5.6.4 File Operations Commands ............................................................. 31 3.6 Secret Elementary files .................................................................................. 32 3.6.1 Key Files ................................................................................................ 32 3.6.1.1 definition.......................................................................................... 32 3.6.1.2 File body structures-variable-length record format........................ 32 3.6.1.3 Key header-- Key type.................................................................. 33 3.6.1.4 File Header definition................................................................... 33 3.6.1.5 File Operations Commands ............................................................. 34 3.6.2 Key......................................................................................................... 34 3.6.2.1 DES Encryption ............................................................................... 34 3.6.2.2 DES Decryption ............................................................................... 34 3.6.2.3 DESMAC......................................................................................... 34 3.6.2.4 Internal key ..................................................................................... 34 3.6.2.5 Maintain Key ............................................................................... 35 3.6.2.6 Master Key................................................................................... 35 3.6.2.7 Pin Unlock Key ............................................................................ 35 3.6.2.8 PIN reset Key ............................................................................... 35 3.6.2.9 External Authentication Key ........................................................... 35 3.6.2.10 Change Overdraw Limit Key.................................................... 36 3.6.2.11 Upload Key .............................................................................. 36 3.6.2.12 Purchase Key............................................................................ 36 3.6.2.13 Load Key.................................................................................. 36 3.6.2.14 PIN ................................................................................................ 36 3.6.2.15 Unlock PIN .............................................................................. 37 3.6.3 Master Key................................................................................... 37 3.6.4 Master Key and Key distribution ...................................................... 37 3.6.5 Key Type and Command List.................................................................. 39 3.7 File type and Command List .................................................................... 40 3.8 TimeCOS file structures example............................................................. 42 3.9 File Size Calculation ................................................................................ 43 4 TimeCOS 2.9 Security Management Scheme ....................................................... 44 4.1 Security State........................................................................................... 44 4.1.1 MF security state register ................................................................. 44 4.1.2 DF security state register ................................................................. 44 All Right Reserved. Watchdata Technologies Pte Ltd
4.2 Security Access Condition ....................................................................... 45 4.3 Security mechanism ................................................................................ 46 4.4 Cryptographic algorithm ......................................................................... 47 5. Card Initialisation Settings............................................................................... 49 5.1 Card Initialisation .................................................................................... 49 5.2 Card Transmission Protocol ..................................................................... 49 5.3 Post Card Initialisation File Structure....................................................... 49 5.4 Master File............................................................................................... 49 5.5 Key File ................................................................................................... 50 5.6 Card Transmission Key............................................................................ 50 5.7 Explanation ................................................................................................... 51 7 Secure Messaging................................................................................................. 52 7.1 Concept ......................................................................................................... 52 7.1.1 Integrity protection.................................................................................. 52 7.1.2 Confidentiality protection ....................................................................... 52 7.1.3 Integrity and confidentiality protection................................................... 52 7.2 How to implement secure messaging ............................................................. 52 7.2.1 File ......................................................................................................... 52 7.2.2 Key......................................................................................................... 53 7.3 MAC generation procedure............................................................................ 53 7.4 Data Encryption / Decryption procedure ........................................................ 55 7.4.1 Data encryption procedure ...................................................................... 55 7.4.2 Data Decryption procedure............................................................... 57 7.4.3 Session Key ............................................................................................ 58 7.5 Command format for secure messaging ......................................................... 59 7.6 Application Examples.................................................................................... 60 8 Command and Response....................................................................................... 61 8.1 Typical Command and Response Format ....................................................... 61 8.2 Command Format .......................................................................................... 62 8.2.1 Header Field ........................................................................................... 62 8.2.2 Body field ............................................................................................... 62 8.3 Response Format ........................................................................................... 62 8.3.1 Response Data Field ............................................................................... 62 8.3.2 Response Status Word............................................................................. 62 8.4 Meaning of SW1 and SW2 ............................................................................ 63 9 TimeCOS 2.9 Administration & Security Commands Set ..................................... 65 9.1 Append Record.............................................................................................. 65 9.1.1 Description ............................................................................................. 65 9.1.2 Note........................................................................................................ 65 9.1.3 Command Format/Parameter................................................................... 66 9.1.4 Command Data Field .............................................................................. 66 9.1.5 Response Data Field ............................................................................... 66 9.1.6 Response Status Word............................................................................. 67 9.1.7 Application Example............................................................................... 67 9.2 Decrease ........................................................................................................ 68 9.2.1 Description ............................................................................................. 68 9.2.2 Note........................................................................................................ 68 9.2.3 Command Format / Parameter................................................................. 68 9.2.4 Command Data Field .............................................................................. 68 9.2.5 Response Data Field ............................................................................... 69 All Right Reserved. Watchdata Technologies Pte Ltd
9.2.6 Response Status Word............................................................................. 69 9.2.7 Application Example: ............................................................................. 69 9.3 External Authentication ................................................................................. 70 9.3.1 Description ............................................................................................. 70 9.3.2 Note........................................................................................................ 70 9.3.3 Command Format and Parameter ............................................................ 70 9.3.4 Command Data Field .............................................................................. 70 9.3.5 Response Data Field ............................................................................... 70 9.3.6 Response Status Word............................................................................. 71 External Authentication process....................................................................... 71 9.3.7 Application Example............................................................................... 72 9.4 Get response .................................................................................................. 72 9.4.1 Description ............................................................................................. 72 9.4.2 Command Format / Parameter................................................................. 73 9.4.3 Command Data Field .............................................................................. 73 9.4.4 Response Data Field ............................................................................... 73 9.4.5 Response Status Word............................................................................. 73 9.4.6 Application Example............................................................................... 73 9.5 Get Challenge ................................................................................................ 74 9.5.1 Description ............................................................................................. 74 9.5.2 Command Format / Parameter................................................................. 74 9.5.3 Command Data Field .............................................................................. 74 9.5.4 Response Data Field ............................................................................... 74 9.5.6 Response Status Word............................................................................. 74 9.6 Increase ......................................................................................................... 74 9.6.1 Description ............................................................................................. 74 9.6.2 Note........................................................................................................ 74 9.6.3 Command Format / Parameter................................................................. 75 9.6.4 Command Data Field .............................................................................. 75 9.6.5 Response Data Field ............................................................................... 75 9.6.6 Response Status Word............................................................................. 75 9.7 Internal Authentication .................................................................................. 76 9.7.1 Description ............................................................................................. 76 9.7.2 Note........................................................................................................ 76 9.7.3 Command Format / parameter................................................................. 76 9.7.4 Command Data Field .............................................................................. 77 9.7.5 Response Data Field ............................................................................... 77 9.7.6 Response Status Word............................................................................. 77 9.7.7 Process of Internal Authentication....................................................... 77 9.7.8 Application Example............................................................................... 78 9.8 Read Binary................................................................................................... 79 9.8.1 Description ............................................................................................. 79 9.8.2 Note........................................................................................................ 79 9.8.3 Command Format / Parameter................................................................. 80 9.8.4 Command Data Field .............................................................................. 80 9.8.5 Response Data Field ............................................................................... 80 9.8.6 Response Status Word............................................................................. 81 9.8.7 Application Example............................................................................... 81 9.9 Read Record .................................................................................................. 82 9.9.1 Description ............................................................................................. 82 All Right Reserved. Watchdata Technologies Pte Ltd
9.9.2 Note........................................................................................................ 82 9.9.3 Command Format / Parameter................................................................. 82 9.9.4 Command Data Field .............................................................................. 83 9.9.5 Response Data Field ............................................................................... 83 9.9.6 Response Status Word............................................................................. 83 9.9.7 Application Example............................................................................... 84 9.10 Select File.................................................................................................... 85 9.10.1 Description ........................................................................................... 85 9.10.2 Note...................................................................................................... 85 9.10.3 Command Format / Parameter............................................................... 86 9.10.4 Command Data Field ............................................................................ 86 9.10.5 Response Data Field.............................................................................. 86 9.10.6 Response Data Field.............................................................................. 87 9.10.7 Application Example............................................................................. 87 9.10.8 Select MF while at father-DF or son-DF ............................................... 89 9.10.9 To select file within the same DF or son-DF using File Identifier .......... 89 9.10.10 Select DF using DF filename............................................................... 89 9.11 Unblock....................................................................................................... 90 9.11.1 Description ........................................................................................... 90 9.11.2 Note...................................................................................................... 90 9.11.3 Command Format / Parameter............................................................... 90 9.11.4 Command Data Field ............................................................................ 91 9.11.5 Response Data Field.............................................................................. 91 9.11.6 Response Status Word........................................................................... 91 9.11.7 Application Example............................................................................. 91 9.12.1 Description ........................................................................................... 92 9.12.2 Note...................................................................................................... 92 9.13.3 Command Format / Parameter............................................................... 92 9.12.4 Command Data Field ............................................................................ 93 9.12.5 Response Data Field.............................................................................. 93 9.12.6 Response Status Word........................................................................... 93 9.12.7 Application Example............................................................................. 93 9.13 Update Record ............................................................................................. 94 9.13.1 Description ........................................................................................... 94 9.13.2 Note...................................................................................................... 94 9.13.3 Command Format / Parameter............................................................... 94 9.13.4 Command Data Field ............................................................................ 95 9.13.5 Response Data Field.............................................................................. 95 9.13.6 Response Status Word........................................................................... 95 9.13.7 Application Example............................................................................. 96 9.14 Verify PIN ................................................................................................... 97 9.14.1 Description ........................................................................................... 97 9.14.2 Note...................................................................................................... 97 9.14.3 Command Format / Parameter............................................................... 97 9.14.4 Command Data Field ............................................................................ 97 9.14.5 Response Data Field.............................................................................. 98 9.14.6 Response Status Word........................................................................... 98 9.15 Verify & Change PIN .................................................................................. 99 9.15.1 Description ........................................................................................... 99 9.15.2 Note...................................................................................................... 99 All Right Reserved. Watchdata Technologies Pte Ltd
9.15.3 Command Format / Parameter............................................................... 99 9.15.4 Command Data Field ............................................................................ 99 9.15.5 Response Data Field.............................................................................. 99 9.15.6 Response Status Word..........................................................................100 9. 16 Create File .................................................................................................101 9.16.1 Description ..........................................................................................101 9.16.2 Note.....................................................................................................101 9.16.3 Command Format / Parameter..............................................................101 9.16.4 Command Data Field ...........................................................................102 9.16.4.1 MF ................................................................................................102 9.16.4.2 DF.................................................................................................102 9.16.4.3 EF .................................................................................................102 9.16.5 Response data Field .............................................................................105 9.16.6 Response Status Word..........................................................................105 9.16.7 Application Example............................................................................105 9.17.1 Description ..........................................................................................107 9.17.2 Note.....................................................................................................107 9.17.3 Command Format / Parameter..............................................................107 9.17.4 Command Data Field ...........................................................................107 9.17.5 Response Data Field.............................................................................107 9.17.6 Response Status Word..........................................................................107 9.18 Erase EF/DF ..............................................................................................108 9.18.1 Description ..........................................................................................108 9.18.2 Note.....................................................................................................108 9.18.3 Command Format / Parameter..............................................................108 9.18.3 Command Data Field ...........................................................................108 9.18.4 Response Data Field.............................................................................108 9.18.5 Response Status Word..........................................................................108 9.19 Set Protocol ................................................................................................110 9.19.1 Description ..........................................................................................110 9.19.2 Note.....................................................................................................110 9.19.3 Command Format / Parameter..............................................................110 9.19.4 Command Data Field ...........................................................................110 9.19.5 Command Data Field ...........................................................................110 9.19.6 Response Data Field.............................................................................111 9.19.7 Response Status Word..........................................................................111 9.19.8 Application Example............................................................................111 9.20.1 Description ..........................................................................................112 9.20.2 Note.....................................................................................................112 9.20.3 Command Format / Parameter..............................................................112 9.20.4 Command Data Field ...........................................................................112 9.20.4.1 Key upload....................................................................................112 9.20.4.2 Key Modification ..........................................................................115 9.20.5 Response Data Field.............................................................................117 9.20.6 Response Status Word..........................................................................117 9.20.7 Application Example............................................................................117
1.
1.1 Overview
This reference manual is divided into several chapters as follows: Brief of TimeCOS This chapter gives general description on TimeCOS features and architecture. The purpose of this charter is to provide general technical information to TimeCOS users. Some examples of TimeCOS file structures TimeCOS file management. Secure messaging This charter describes secure massaging concept, procedure and commands, as well as MAC generation, DES encryption/decryption. Command and response This charter describes the structures of command and response, as well as the mean of return code SW1SW2. TimeCOS Command nnex: ATR response for TimeCOS Reset
1.2 Reference
TimeCOS/PSAM Technical Manual ISO 7816-3 Electronics signals and transmission protocol. ISO 7816-4 Inter-industry commands for interchange
1.3 Definitions
Interface device A part of terminal for IC card insertion. It includes mechanical and electric parts. Terminal Device which communicates and interfaces to IC card during card operation. It incorporates the interface device and may also include other components and interfaces such as host communications. Command The string transmitted from the terminal to card, which initiates an action or solicits a response from the card. Response A message returned by card when card completes execution of command. Function: A process accomplished by one or more commands and resultant actions that are used to perform all or part of a transaction. Integrated Circuit Electric component is designed to execute or store function. Integrated Circuit Card A card embedded with one or more integrated circuit ID-1 cards (as description ISO 7810, ISO 7811 and ISO7813)
Message String sent from terminal to card or from card to terminal, which is without transit control character Message Authentication Code This code is generated after calculated with related data or parameter. It verifies the integrality of message. Plaintext Cipher text Data without encryption. Enciphered information.
Key A serial characters are used to control encryption or conversion Secret key A key used with symmetric cryptographic techniques and usable only by a set of specified entities. Cryptographic: An algorithm that transform data in order to hide or reveal Algorithm its information content. Symmetric Cryptographic Technique A cryptographic technique which sender and receiver all use the same key to transit or convert data. It is impossible to retrieve the data without the key. Data Integrity A kind of data attribute that data is not changed by non authority way T=0 Asynchronous transmission protocol for character T=1 Asynchronous transmission protocol for block Finance Transaction An action to receive or pay money for merchandise or service between cardholder, merchant and bank Electronic Deposit (ED) A card application designed for cardholder to purchase or withdraw PIN protected. It supports load, unload, purchase, cash withdraw, modify overdrew limit and check balance. Electronic Purse (EP) An application designed for cardholder to purchase with small amount of money. It supports load, purchase and check balance. Except the load transaction, no PIN and no transaction record is required. Load The card hold transfers money from the corresponding account to his Electronic Deposit or Electronic Purse. Load Transaction must be done on connected terminal. Upload The Cardholder transfer part/total amount from ED or EP to the corresponding account. Upload transaction can only be done at connected terminal.
Purchase Purchase transaction allows cardholder to buy product or service with the balance in the ED or EP. This transaction can be done at the point of sales (POS) off line. It is compulsory to provide PIN when doing transaction with ED, but not necessary for EP. Cash Withdraw This is to allow card holder to withdraw cash with ED. This transaction can only be done at terminal but the terminal could be off line. Only ED can provide this service and PIN is necessary. Overdraw limit Overdraw limit is the credit limit base on ED application. If the balance in ED is not enough, it allows the cardholder to do transaction within the overdraw limit set by the card provider. The change of overdraw limit can only be done at online terminal and the PIN is necessary.
: Elementary File : Electronic Purse File : Elementary Time Unit : : : : : : : Finite Automaton Cryptosystem File Control Information FAC Public Key File FAC Secret Key File File Identification Fixed-Length Record FileName
: File Size : File Type : : : : Integrated Circuit Card Identifier Instruction International Organization for Standardization
: Key file
LSB : Least Significant Bit LURN : Last Updated Record Number MA MAC MF MSB MTD MTT : : : : : : Maximum Amount Message Authentication Code Master File Most Significant Bit Mainframe Transaction Date Mainframe Transaction Time
NE : Not exist. NR : Number of Record NWR : Number of Written Record OS PIN POR RFU RL RID RN RSA SAM SEF SFI SHA SKID SS SW TC TLV TN TTC TTD TTT : Operating System : Personal Identification Number : Power-On-Reset : : : : : : : : : Reserved for Future Use Record Length Registered Application Provider Identifier Record Number Rivest, Shamir, Adleman Algorithm
Secure Application Module System Elementary File Short File Identifier Secure Hash Algorithm : Secret Key Identifier : Security State : Status Word : : : : : : Transaction Certificate File format which consists of tag, length and value. Transaction Number Terminal Transaction Counter Terminal Transaction Date Terminal Transaction Time
The following notations apply: 0 to 9 and A to F 16 hexadecimal digits XX Any value (single byte) XXXX Any value (double byte) XX..XX Any value (unknown length)
2.
Figure 2-1 Logic Infrastructures TimeCOS is built-up of the following hardware modules: CPU Ensure the security of the data in the EEPROM. Prevent fraudulent or illegal access to the data. RAM It is for TimeCOS store the runtime command parameter, response, security states and temporary keys.
ROM Memory location for TimeCOS program. EEPROM Memory location where stores application data. TimeCOS stores the data in the EEPROM according to the file format. Reading and writing of file is allowed only after the access condition is fulfilled.
Communication module To oversee communication between card and card terminal, it is according to ISO 7816 standard. Ensure data is protected during communication with external world. File management module Store user data in the EEPROM in the format of file. It ensures fast data response and integrity. Security management module This is the core of the smart card. It involves card authentication and access rights verification. Command decoder module Verify and execute the commands received, according to the received parameter.
MASTER FILE
Elementary File
Father-DF
Father-DF
Elementary File
Elementary File
Son-DF
DF = Dedicated file
Elementary File
The diagram below shows a typical directories structure for a card issued by a bank for a payment system. The card consists of an electronic passbook, All Right Reserved. Watchdata Technologies Pte Ltd
electronic purse, magnetic stripe application and an undefined card issuer application. MF For a payment system EF Payment system directory
ADF
ADF EF Electroni Electroni Card Holds appl. c Purse issuer 1 data c passbook file son-appl. file
Figure 3-2
Note :-
ISO-7816-4 standard provides detail information on data stored in data files referenced under directories.
No. of byte 1 2 2 1 1 1 1 1 1
Remark :
The two RFU bytes have different meaning for different files type. For detail information of file header, can refer to 7.1 create file command. The file format is unique identified when the file is created.
Each type of file has it own format and structure. It is represented by 1 byte. File Type MF DF BF FLRF CRF EPF VLRF KF Name Main File Dedicated File Binary File Fixed-length Record File Cyclic Record File Electronic Purse File Variable-length Record File Key File Table 3-2 Value (Hex) 38 38 28 2A 2E 2F 2C 3F
File Identifier is the identifier of files and it is represented by two bytes. The TimeCOS can use FID to choose files (Except key files). Duplicate FID under the same DF hierarchy is not allowed. MF File Identifier is 3F00. Key file Identifier is 0000, FFFF is reserved for future use. To select a file, use the SELECT command together with the short FID. Short FID (SFI) is represented by the 5 bits binary number. For that reason, short FID is limited to maximum of 31 numbers. When the file is created, you can only use short FID between 1 to 31 (i.e. 00001 ~ 11111)
3.2.3.2 Filename
File Name refers to the name of DF to recognize DF. Any ADF or DDF can be selected by filename. The filename of ADF is correspond to it application ID (AID), the format of AID refers to ISO/IEC 7816-5 specification. The length of AID should be 5~16 bytes, and it is separated into two parts: the first part is registered ID with length of 5 bytes. It is managed by registration organization, including country code, application type and ID code of service provider; The second parts (PIX) is optional, its length is 0~11 bytes. This part is defined by service provider.
3.3
Select Files
Files within the card and at different DF levels can be accessed by various means such as by File Identifier and Filename.
Use FID to select TimeCOS can select the corresponding files with FID (except Key file). Use SFI to select P1 parameter will be used when using READ BINARY, UPDATE BINARY to select a file using short FID. P1 b7 1 b6 0 b5 0 b4 b3 b2 short FID b1 b0
If P1 MSB 3 bit is 100, the lower 5 bit is the short FID. Example, if P1 is 81H (10000001), the selected short FID will be 00001. P2 parameter can also be used when using READ RECORD, UPDATE RECORD, APPEND RECORD, DECREASE and INCREASE command, to select a file using short FID. P2 b7 b6 b5 short FID b4 b3 b2 1 b1 0 b0 0
If P2 MSB 5 bit is not 00000 and the lower 3 bit is 100, the MSB 5 bit will be the short FID. Example, if P2 is 0CH (00001100), the selected short FID will be 00001.
Use DF file name to select TimeCOS can find the corresponding DF files with the DF file name.
The root directory of the files system is Master File (MF). It is compulsory as the root directory of DOS system. After power-on-reset, MF will be automatically selected as the current file. Only one MF exists in each TimeCOS card. Multiple father DF, son DF and EF can exist under the MF.
File Header File type File Identification File Size Access Right 1 Access Right 2 RFU RFU
Byte 1 2 2 1 1 1 1
Description 3F 3F00 FFFF, set MF size to max Create right: the right to create files under MF Erase right: the right to erase files under MF ' FF' ' FF'
Create file Command It is compulsory to create MF before any operations if there is no MF. Select MF command It uses ' select file' command to select file with File identification' 3F00' File or name ' 1Pay.sys.DDF01' Erase DF Command It uses this command to erase all files (DF or EF) under MF directory with the erase right for the current MF. However, the current access right, size and etc of MF is not changed (i.e. It cannot erase the file header information). Dedicated File
3.4.2
3.4.2.1 Definition
In TimeCOS, Dedicated file is like the directory in DOS system. Each DF can hold multiple EF and/or multiple son-DF. TimeCOS Card can support up to three levels directory (MF-DF-DF). It is called as DDF if it contains son-directory; otherwise, it is called as ADF. Any of the DF is physically and logically independent from one another. Each of them has it own security mechanism and application data. There is no limit on how many DF exist on each card and it all depends on availability of EEPROM space in the card
3.4.2.2 Header file definition File Header type File type File Identification File Size Access right 1 Access right 2 RFU RFU Bytes 1 2 2 1 1 1 1 Description 3F Refer to 3.2.3.1 Describe the size of file body Create Right: Right to Create files under DF Erase right: Right to erase all files under DF ' FF' ' FF'
Table 3-4 File header definition of DF 3.4.2.3 File Name Refer to ' 3.2.3.3 files name' 3.4.2.4
Create file Command If has the current DF create right, can use ' create file' command to create files. Select MF command Can use ' select file' command to select file with DF identification or File name Erase DF Command Can use this command to erase all the file (DF or EF) under DF directory with the erase right for the current DF. But the current access right, size etc of DF is not changed (i.e. Cannot erase the file header information). Remark If there is no files under the DF directory, can create or read/write files without the limitation of access right. However, once leave the DF and reenter the DF, the access right will apply.
Transparent file is also called binary file or solid file, i.e. transparent file have no operations on internal structures. It uses address offset to access the data in the files (The logic address starts from 0). The Structures of transparent file: Length(bytes) 1 2 3 4 5 6 7 8 9 . . ..... ..... ..... ..... ..... ..... ..... m . . . . . . .
Figure 3-3
Transparent Structures
Example: read 5 bytes from 10 bytes file with offset 3 1 2 3 4 Offset 3, Data 3.5.1.3 5 6 7 8 9 10
Header File Definition Bytes 1 2 2 1 1 1 Description ' , The setting of security refer to ' 28' 7.1 create files' Refer to 3.2.3.1 Describe the size of file body Read Right Write right Calculate the KID of secure messaging ' FF'
File Header type File type File Identification File Size Access right 1 Access right 2 RFU
files.
If it has the current DF create right, it can use ' create file' command to create Select file command It can use ' select file' command to select file with DF identification Read Binary It can use ' binary' read command to read data when fulfill the file read right. Update Binary It can use ' write binary'command to update file when fulfill the file write right.
It is a sequence of records with fixed-length. 3.5.2.2 File body structures Fixed length series file The structure of fixed-length record file has records with same length. Each record is identified by Record Number (RN). Record can only be accessed as a whole, it is not allowed to access part of the one record. The structures of fixed-length body. Record Length (m) * Record Number (n) 1 2 3 ....................................m 1 ... ... n Figure 3-4 Fixed length record file structures
3.5.2.3 Header File Definition
File Header type File type File Identification File Size Access right 1 Access right 2
Bytes 1 2 2 1 1
Description ' , The setting of security refer to ' 2A' 7.1 create files' Refer to 3.2.3.1 Byte 1 describe the record number (2..254) Byte 2 describe the record length( <<178) Read Right Write right
Bytes
files.
Create file Command If it has the current DF create right, it can use ' create file' command to create Select file command It can use ' select file' command to select file with DF identification Read record It can use ' record' read command to read one record when fulfill the file read right. Update record It can use ' update record' command to add /update one record when fulfill the file write right.
Cyclic file is also called cyclic record file. Cyclic record file is a ring file with fixed-length records. The record number is controlled by TimeCOS. Each record is identified by Record Number (RN). Latest record is always marked as RN 1. On adding new record, the new record will be marked as RN 1 and all previous records will have the RN incremented by 1. In the case of all records in the file are filled, a new append record command will follow the FIFO rule i.e. the oldest record in the file will be replaced. The structures of cyclic file body. Record Length (m) * Record Number (n) 1 2 3 ....................................m 1 ... ... n Figure 3-5 Cyclic record file structures
File Header type File type File Identification File Size Access right 1 Access right 2 RFU
Bytes 1 2 2 1 1 1
Description ' , The setting of security refer to ' 2E' 7.1 create files' Refer to 3.2.3.1 Byte 1 describe the record number (2..254) Byte 2 describe the record length( <<178) Read Right Write right Calculate the KID of secure messaging ' FF'
files.
Create file Command If it has the current DF create right, it can use ' create file' command to create Select file command It can use ' select file' command to select file with DF identification Read record It can use ' record' read command to read one record when fulfill the file read right. Append record command It can use ' append record' command to append one record when fulfill the file append right. Update record It can use ' write binary' command to add /update one record when fulfill the file write right.
The purse file structure is similar to cyclic file. Each record is a digit. When deposit/withdraw, use the digit of first record to plus/minus the amount. Then use the new record as the first record
3.5.4.2 File body structures Cyclic file
Refer to ' 3.5.3.2 cyclic file' The record number must greater or equal to 2, the record length must be less than 8 bytes.
664445(2&))23 11$))0(('%&##$"! 52&23 $0'%&$"! 45(2&23 $0'%&$"! 5&3 $0'&$! 66 (( 2 )) 2 11 )) (( % ## "
The amount in the purse file is operated in binary format and the amount of new created files is 00. It updates the amount in the first record (RN is 1) when deposit/withdraw. Then it updates the new record as the first record.
File Header type File type File Identification File Size Access right 1 Access right 2 RFU
Bytes 1 2 2 1 1 1
Description ' , The setting of secure messaging refer to 2F' ' create files' 7.1 Refer to 3.2.3.1 Byte 1 describe the record number (2..254) Byte 2 describe the record length( <<178) decrease money right/read right Deposit right. Calculate the KID of secure messaging ' FF'
Table 3-8 File header definition of EP file Read record right The right of use ' record' read command to read specified record. Decrease right The right of using ' decrease' command to decrease the balance of the purse Deposit right The right of using ' increase' command to increase the balance of the purse.
files.
Create file Command If it has the current DF create right, it can use ' create file' command to create Select file command It can use ' select file' command to select file with DF identification Deposit command It can use ' increase'command to increase the balance of purse when fulfill deposit right. Withdraw command It can use ' decrease' command to decrease the balance of purse when fulfill withdraw right. Read record It can use ' record' read command to read one record when fulfill the file read right.
Electronic deposit The card, which is protected by PIN and used by cardholder to purchase, withdraw cash etc. It support load, upload, purchase, cash withdraw, overdraw limit and balance check. Electronic Purse The finance card designed for small amount usage by card holder. It supports load, purchase and balance check. Except load, all other transactions will not be recorded in detail and PIN is not necessary.
Refer to 3.5.3.2 file body structure cyclic file. The data structure of each transaction is show below. Data unit Balance ED/EP off line transaction code ED/EP online transaction code Length 4 2 2
Table 3-9 Data Structure of transaction Remark: For EP, the effect length of balance is 3 bytes and the first bytes is fixed to ' 00'
3.5.5.3 ED/EP File Header Definition
File Header type File Identification RFU File Type File Size SFI RFU Read Right
Bytes 2 2 1 2 1 1 1
Description 0001 is ED, 0002 is EP 0000 ' 2F' Byte 1 describes the record number (equal to 2) Byte 2 describes the record length (equal to 8) SFI of current file ' FF' Read balance right
File Header type Write right RFU Deposit Decrease RFU Max Balance limit Overdraw limit RFU
Bytes 1 1 1 1 1 4 3 8
Description Update the overdraw limit ' 00' Deposit right Decrease right ' 00' It means balance cannot over the limit (Default is FFFFFFFF, EP is 00FFFFFF) 0000000000000000
Read record right The right of using EP/ED to purchase/check balance etc. . Operations right The right of using EP/ED to load, upload, overdraw or withdraw etc Transaction detail file Identification It is used to record SFI of cyclic file contains transaction detail.
Create file Command If has the current DF create right, can use ' create file' command to create files. Select file command Can use ' select file' command to select file with DF identification
Each record can have different length when written. Data is stored in each record as a record unit. The record is identified by record number or record identification. When making changes to the record, the new record length must be the same length as the original record. Otherwise the changes will not take effect.
The record number must be in the range from 2 to 254. Different COS has different max limit for record length. The max record length of TimeCOS can support up to 255 bytes. .
Normally, VLRF exists in TLV(tag-length-value) format. In timeCOS, both VLRF and key file exist in variable-length record format.
3.5.6.3 File Header Definition File Header type File type File Identification File Size Access right 1 Access right 2 RFU Bytes 1 2 2 1 1 1 Description ' , the setting of secure messaging refer to 2C' ' create files' 7.1 Refer to 3.2.3.1 Byte 1 describe the record number (2..254) Byte 2 describe the record length( <<178) Read right Update/write right, Calculate KID of secure messaging. ' FF'
Table 3-11 File header definition of VLRF Remark The size of file body = Sum of all records length. Record length = 1 byte records identification (T) + 1 byte record length (L) + L bytes data + 1 byte verification code (calculated by TimeCOS). The max length of each record is 255 bytes.
3.5.6.4 File Operations Commands
Create file Command If it has the current DF create right, it can use ' create file' command to create files. Select file command It can use ' select file' command to select file with DF identification Read record It can use ' record' read command to read one record when fulfill the file read right. Append record command It can use ' append record' command to append one record when fulfill the file append right. Update record It can use ' write binary' command to add /update one record when fulfill the file write right.
It is used to store key and cannot be read by external device. The key in the file can be added, operated, changed when fulfill the right to add, operate or change. Remark: Only one Key File (KF) can exist within each DF or MF. Key File has to be created first within the MF or DF. If the KF and other type of files does not exist when the DF or MF is selected, new files can be created and this newly created file will have no read/write access restriction. Upon deselecting this file, subsequent access to this file must fulfill the access condition before it can be selected again.
3.6.1.2 File body structures-variable-length record format
One Key file may contains multiple types of key, each key may have multiple value. Each secret key will be stored as a variable-length record. The T, L bytes in record will be maintained by COS. Data Unit T ( maintained by COS) L (maintained by COS) Value Key Header Key Value Length 1 1 5 Different key has different length
Table 3.12 Data Unit Length Explanation: Record length = 1 byte Tag + 1 bytes length + 5 bytes Key header + Length of Key value Setting of Key header and Key value refer to 7.4 write key command Notes: To add one key record connect to MF under the key file of DF, then the record length = 1 byte TAG + 1 byte length + 1 byte Key type.
Key bytes(HEX) 30
Key Name
Type bytes(HEX)
External 39 Authentication Key Overdraw limit key 3C Upload Key Purchase Key Load Key Unlock Pin 3D 3E 3F 3A 3B
DES Decryption DESMAC Internal key Maintenance Key Master Key PIN Unlock key Pin reset Key
File Header File type File Identification File Size DF SFI Access right 2 RFU RFU
Bytes 1 2 2 1 1 1 1
Description ' 3F' ' 0000' Sum of all key length + 5 byte reserve space Refer to table 3.15 Add Key right ' FF' ' FF'
Current DF is DDF, LSB 5 bits is SFI of the elementary file under DDF directories Current DF is ADF, LSB 5 bits is SFI of special data file used by card provider
files.
Create file Command If it has the current DF create right, it can use ' create file' command to create Add or change Key command (Write Key) Write Key command can be used to write one key record (Key header and Key value), or change Key value (cannot change Key header) when fulfill the right to add or change. Read record It can use ' record' read command to read one record when fulfill the file read right. Each Key type has corresponding command, refer to 3.6.2 Key and table 3.15, Key type and command. Key Authentication or password calculation can only be used when the right is fulfilled.
3.6.2 Key
3.6.2.1 DES Encryption
DES encryption key is use for DES encryption functions. Encryption Key is involved by the command Internal Authenticate. DES decryption key is used for decryption functions. Decryption Key is involved by the command Internal Authenticate.
3.6.2.3 DESMAC
DESMAC key is used for generating the Message Authentication Codes (MAC). Decryption Key is involved by the command Internal Authenticate.
Internal Key is used to produce the transaction Authenticate code when doing purchase, cash withdraw or load. The commands involved are: Credit for Load Debit for Purchase/Cash Withdraw Update Overdraw Limit
When accessing file with secure messaging, Maintenance Key is used to produce key for secure messaging. The commands involved are: Read Binary Update Binary Read Record Update Record Append Record Increase Decrease Card Lock Application Lock Application unlock
3.6.2.6 Master Key
Master Key is used to generate the key used to produce the secure messaging, when load with secure message method or change key. The Commands involved are External Authenticates Append /change Key command (Write Key)
3.6.2.7 Pin Unlock Key
Pin Unlock key is used to produce secure message when access Pin with secure messaging. Pin Unlock command, which is suitable for PIN with Identification ' and 00' length is 2 to 6 bytes. PIN verify command Verify and change PIN, which is suitable for PIN Key with length is more than 8 bytes.
3.6.2.8 PIN reset Key
PIN reset key is used to generate MAC to reset PIN. The commands involved is Reload/Change Pin), suitable for PIN with Identification' and length from 2 00' to 6 bytes
3.6.2.9 External Authentication Key
TimeCOS will use this key to decrypt the command data (encrypted challenge code) during the external authentication operation.. When the access condition is fulfilled, it uses the EXTERNAL AUTHENTICATION command to authenticate the card terminal. Once the external authentication key is locked, it cannot be unblock.
3.6.2.10
Change Overdraw Limit Key is used to produce the session key when changing overdraw limit transaction. Session Key is used to generate MAC and TAC when changing overdraw limit. The commands involved are: Initialize for update Update overdraw limit.
3.6.2.11 Upload Key
Upload key is used to generate the session key during upload transaction. Commands involved are : Initialize for upload. Debit for upload
3.6.2.12 Purchase Key
Purchase key is used to generate the session key during purchase/withdraw transaction. Command involved are : Initialize for purchase/cash withdraw Debit for purchase/cash withdraw.
3.6.2.13 Load Key
Load Key is used to generate session key during load transaction. Commands Involved are Initialize for load Credit for load
3.6.2.14 PIN
Secret PIN is presented by the card holder during the PIN verification process. Length of Pin varies from 2 to 8 bytes. The card reach secure status after the PIN is verified, then it can continue operations, like read files. Attempts error counter will only be updated after the PIN presentation operation. Each PIN has an attempts error counter which will decrement by 1 after every unsuccessful PIN presentation. When the number of consecutive false attempt exceed the highest limit allowed, the PIN will be locked. Specified command can be used to unlock PIN. The limit is from 1 to 15. Command Involved are Verify PIN Verify and Change PIN, used for PIN more than 8 bytes. Unlock PIN, used for PIN more than 8 bytes Reset/change PIN, which is used for Key with Identification ' . The length is 00' from 2 to 6 bytes.
PIN Unlock, Used for Key with Identification' . The length is from 2 to 6 00' bytes. Master PIN If some PIN is set in MF, and the PIN is used by specified DF, then the mast PIN is master PIN. In DF, when fulfill the master PIN right, it can verify master PIN. In order to change value of bytes used by current secure status, other related command can also be used to operate on master PIN, like verify/change PIN etc.
3.6.2.15
Unlock PIN
Unlock PIN is used to unlock locked 8 bytes PIN. Once the Unblock PIN is blocked it can never be unblock. Command involved is unblock.
3.6.3 Master Key
If some key is set in MF, and the key can be used by the specified DF, then this key is Master Key. Implementation method. Add some Key record connect to MF under the key file of MF, i.e. Write Key only point out the same Key identification and Key type in MF. The real key property and content is the key property and content of corresponding key type and Identification of MF. Application Method In DF, when fulfill the access right of master Key, the corresponding operations can be done, when fulfill the right to change of master key, can use write Key command to change Key (Except PIN). Example In order to use one PIN in each application, it uses the master PIN.
Left 8 bytes after Right 8 bytes after distribution distribution Figure 3-7 Triple DES key distribution Thus, the terminal must know the master key.
HEX Command Update Record Verify & Change PIN Verify PIN Write Key
30 31 32 34 36 39 37 38
39 3A 3B 3C 3D 3E 3F
Remark: The V in the table means the command can be applied on the corresponding key type. Key type is represented by 1 byte. For example, key type 30 mean the key is DES encryption Key. Key type is set when the key file is load. The matched pair of key type and hex value is shown in table 3.16. Key Type DES encryption DES decryption DES & MAC Internal Key Maintenance Key HEX 30 31 32 34 36 Key type Master Key Pin Unlock Pin Reset HEX 39 37 38 Key type Unlock Pin Upload Purchase HEX 3B 3D 3E
File type (HEX) Commands Decrease Erase DF Get Balance Increase Initialize for Withdraw Initialize for Load Initialize for Purchase Initialize for unload Initialize for Update Read Binary Read Record Select File Update Binary Update Limit Write Key Overdraw Cash
MF DF 38 38
V V V V V V V V V V V V V V V V V V V V V
V V
Update Record
Table 3-17 File type and command list Remarks V in the table means the command can be applied on the corresponding file. File type shows the internal structures of the file, which is represented by 1 byte. For example, one file type is 28H means it is binary file. File type is defined when the file is created.
Application Master Key Purchase Sub-Key(DPK) (Purchase Key) Load Sub-Key(DLK) (Load Key) TAC Sub-Key(DTK) (Internal Key) PIN Unlock Sub-Key(DPUK) (PIN unlock Key) PIN Reset Sub-Key(DRPK) (PIN reset Key) Application Maintain Sub-Key (DAMK) (Maintain Key) Upload Sub-Key)(DULK) (Upload Key) Change Overdraw Limit Sub-Key (DUK) (Change Overdraw Limit) PIN
Public Application Elementary file 0015 (Binary File) Card Holder Elementary file 0016 (Binary File) Transaction Detail File 0018 (Cyclic Record file) Electronic Purse File 0002 (Electronic Purse file) Electronic Deposit file 0001 (Electronic Deposit File)
Other Application
Table 3-18 TimeCOS/PBOC file structure example
3.9 File Size Calculation As shown above, the format of each in EEPROM is shown below. 12 bytes Header (EP/ED is 30 bytes) (File type, file Identification, file body size, access right, verification) File Body Size
Size of each file in EEPROM = file header + file body Fixed length, purse and cyclic file size = record number * (record length + 1) The size of DF in EEPROM = DF header (12 bytes) + all file size under DF + DF name length MF size = MF header (12 bytes) + sum of all file size .
User can define and determine the type of security mechanism at the application level.
4.1
Security State
Security State is referring to the security level at the current directory. For TimeCOS 2.9, the MF and DF have 16 types of security level individually. Two 4-bit register inside TimeCOS 2.9 is used to indicate the current security state. Both registers can have any value between 0 to F. These two registers are:[1] MF security state register It determines the security level for the global level. [2] DF security state register It is the security level at current DF level only.
4.1.2 DF security state register The security state register will be reset to 0 when the following happens :[1] After card reset. [2] Changes in current directory, such as, select father directory (which
is not the MF), or select son DF. [3] The PIN verification command or external authentication command return a failure code of 63CX. Only PIN and external authentication of current DF will affect the security state register after a successful PIN verification and external authentication. If the current directory is MF, the security state register at current directory will be equal to the current security state register of this MF.
4.2
During file creation, each type of access right is represented by 1 byte. As compared to other COS, TimeCOS 2.9 uses a different method to control the access rights. It is using a predefined field to restrict others from accessing it illegally. Assuming the value of security state register at current level is represented by V. If the access condition of MF is 0Y, to access the files at this level, the security state register of MF must be equal or greater than ' ; Y'
i.e. for access condition = 0Y V >= Y If a particular file has a read access right of 05, which means that the MF security state register must be equal or greater than 5 before the file can be read; i.e. for read access right = 05 V >= 5 f a file at current level has the access condition is ' (in which X XY' is not equal to 0), which means the value in the security state register must fulfill both condition i.e. equal or greater than Y and also equal or smaller than X. For the case X>Y: i.e. for access condition ' where X > Y V >= Y XY' V <= X For the case X=Y then the security state register at current level must be equal to X. i.e. for access condition ' where X=Y V = X = Y XY' For the case X<Y, it is a inhibit operation.
Example 1 : A file with write access right of 53, it means when writing to the file, the security state register must have a value of 3, 4 or 5. Example 2 : A file with read access right of F0 and write access right of F1. It means the file can be read without any restriction. However, when comes to writing, the security state register must be equal or greater than 1. Example 3: A file with read access right of FE, which means the security state register must match the value F or E before read access is granted.
4.3
Security mechanism
This refers to the security process involved in managing the transfer from one security state to the other state. TimeCOS 2.9 uses the PIN verification and external authentication results to change the value of the security state register. At MF level, the value of the security state register at MF and at DF level will be updated upon successful authentication. If not at MF level, upon successful verification, you can change the security state register at that level only. When creating the PIN or external authentication key, the security state will indicates if the PIN verification is successful or external authentication is successful. The security state register will be set equal to the value of the current security state.
e.g. If the security state of the PIN key is 1, which means the security state register will be equal to 1 after a successful PIN verification. The current security state register will be set to 0 upon power-on-reset and when going from father-DF to son-DF or vice versa.
Assuming the card has a binary file which has been defined as : Read access right = F1 ; Write access right = F2 ; DF has a PIN; After successful PIN verification, the security state is 1; Card has an external authentication key; use right is 11; After successful external authentication, the security state is 2 ;
4.4
Cryptographic algorithm
TimeCOS supports single-DES, Triple-DES and FAC public key functions. Eg: Read Data = X1, X2, ... Sent Data = Y1, Y2, ... Single DES:Encryption: YI DES K [ XI ]
Decryption:
9 A8
XI
DES-1 K [ YI ]
9 @8
Decryption:
If the secret key is 8 bytes long when created, single DES algorithm will be used. If the secret key is 16 bytes long, then Triple-DES will be used. Message Authentication Codes (MAC) can be generated using singleDES or triple-DES algorithm. During computation, the secret key type (assigned to identify different type of secret key) will determine if it is for encryption or decryption. In fact, secret key assigned for encryption cannot be used for decryption or generating MAC code. Secret key assigned for external authentication cannot be use for internal authentication. If the input data length is not a multiple of 8 then additional trailing 8000.. 00 will be padded to the data to make it multiple of 8 before DES computation is applied. e.g. Suppose the data is 1223 3456 7889 90A1 B1 (number of bytes not multiple of 8); during the encryption process, the data will be changed to 1223 3456 7889 90A1 B1 80000000 0000 00 before it is encrypted.
5.
5.1
5.2
5.3
5.4
Master File
File Header Definition:File Type: ' 38' File Identification: ' 3F00' File Size: ' FFFF'set MF size to max , MF Create Right: ' AA' MF Erase Right: ' AA' File Name: 1PAY.SYS.DDF01
5.5
Key File
Key File consists of a card transmission key to ensure a secure transmission process. The operations of the card can only be accomplished upon verifying the validity of this key. File Header Definition: File Type: ' 3F' File Identification: ' 0000' File Size: ' 1C' MF Short File Identifier: ' 01' Append Key Right: ' EF'
5.6
Note: An unique customised card transmission key can be requested when ordering.
5.7 Explanation
As explained previously, the create and erase access rights of the MF in the card has been prefixed as ' . This cannot be changed. The card can only be AA' used after a valid verification of the card transmission key, followed by setting the security state register to ' . 0A' The following are two possible steps to take subsequently: 1) Erase all files under the master file (MF) and recreate the card structure 2) Change the transmission key and recreate and the card structure
7 Secure Messaging
7.1 Concept
Secure messaging is to ensure the data integrity, confidentiality and authentication between the other parties. Data confidentiality was protected by encryption on transmitted data. On the other hand, the data integrity and authentication are assured by using MAC.
Example: To protect a binary file by secure messaging, change the file type from 28 to A8 during creating file.
7.2.2 Key
The key can be transmitted using secure messaging. To transmit key using secure messaging (Write key or Verify PIN), just set 2 MSB of key type when loading. Definite key type as figure 4-2: B7 B6 B5 B4 B3 0 0 Key type 1 0 Key type 1 1 Key type Figure 4-2 B2 B1 B0 Protecting method None MAC DES&MAC
Example: To protect an external authentication key using secure messaging (DES&MAC), it can change the key type from 39to F9. 7.3 MAC generation procedure MAC always is appended the last data field of command of response. The TimeCOS defined the length of MAC is 4 bytes. The procedure to generate MAC is as shown in following 6 steps: Step 1: Terminal sends a GET CHALLENGE command to the card to request for a 4 bytes challenge code (random number). Pad 4 bytes of trailing 00s to the challenge code returned by the card. Use the result as the seed value (Sv). Follow the sequence to chain the data into a data block. -CLA, INS, P1, P2, Lc+4, Data The lower nibble of CLA must be Hex 4 The command data field (if exists) contains plain data or encrypted data (for example: if the secure messaging applies, the encrypted data is put in the command data field during transmission). - Response: Data (contain plain or encrypted) - Data defined by TimeCOS Divide the data block into several 8-byte data blocks and identify as D1, D2, D3 etc.. The last data block can contain 1 to 8 bytes. If the last data block is 8 bytes, you still need to add Hex 8000 0000 0000 0000. Then go to step 5.
Step 2:
Step 3:
Step 4:
If the last data block is less than 8 bytes, it need add Hex 80. After the data block reaches 8 bytes then go to Step 5. If not, pad trailing 00s until the last block is exactly 8 bytes. Step 5: Use the selected secret key to encrypt the data blocks. If the secret key is 8 bytes, MAC generation procedure is as Figure 4-3: - (due to the various length of the data generated during step3, the procedure may be more or less than tree steps). If the secret key is 16 bytes, MAC generation procedure is as Figure 4-4: - (due to the various length of the data generated during step3, the procedure may be more or less than tree steps). The 4 bytes MAC will be the left 4 bytes of the final results.
Step 6:
XOR
D1
D2
D3
DES encryption by K1
DES encryption by K1
DES encryption by k1
XOR
XOR
XOR
D1
D2
D3
K1=left half of 16 bytes secret key (8 bytes) Kr= right half of 16 bytes secret key (8 bytes) Figure 4-4. Calculate MAC by Triple DES
Step 3 :
Step 4 :
Step 5 : Combine all the encrypted results (i.e. encrypted D1 + encrypted D2 + ) into a data block in the original sequence, then put the data block into the data field of command. 8 bytes data block Dn
Encrypted bytes)
result
Dn
(8
DES encryption by left part of 16 bytes key Kl DES decryption By right part of 16 bytes key Kr
8 bytes results DN
encrypted
Kl = left half of 16 bytes secret key (8 bytes) Kr = right half of 16 bytes secret key (8 bytes) Figure 4-6 Data Encryption by Triple DES
Step 3 :
Step 4 :
Decrypted data block Dn (8 bytes) Figure 4-7. Data Decryption by Single DES
DES decryption By left part of 16 bytes key Kl DES decryption By right part of 16 bytes key Kr
Kl = left half of 16 bytes secret key (8 bytes) Kr = right half of 16 bytes secret key (8 bytes) Figure 4-8 Data Decryption by Triple DES
8 bytes key
Single DES
16 bytes key
Single DES
Case 2 :- Without command data field but with response data field Without secure CLA messaging:With secure CLA messaging:For secure messaging :INS P1 INS P1 P2 P2 Lc Lc MAC Le
Case 3 :- With command data field but without response data field. Without secure CLA messaging:With secure CLA messaging:INS P1 INS P1 P2 P2 Lc Lc Data Data MAC
For secure messaging :CLA lower nibble must be 4 Lc is the length of data in the data field + MAC (4 bytes) Case 4 :- With command data field and response data field Without secure CLA messaging:With secure CLA messaging:INS P1 INS P1 P2 P2 Lc Lc Data Data Le MAC Le
For secure messaging :CLA lower nibble must be 4 All Right Reserved. Watchdata Technologies Pte Ltd
Lc is the length of data in the command data field + MAC (4 bytes) Le is the length of data in the response data field + MAC (4 bytes)
P1
P2
Le
XX XX XX XXXX
Note :
[1] [2]
When SW1 high nibble is 9, and low nibble not 0, the meaning depends on the related application. When SW1 high nibble is 6, and the low nibble is not 0, the meaning has no relation with the application.
9.1.2 Note
Append Record command is only applicable to Variable-length Record file & Cyclic file Command for record file: Create File Select File Read Record Update Record Append Record
This command is only executed when read record file right was fulfilled If the last cyclic record has been reached, then the append record will write the data into the first record. The record number of this new record is 1.
Note : -- Designation of P2 parameters: P2 b7 b6 b5 Select file based on Short FID FID Select current file 0 0 0
Table 9.3
Designation
b4 0
b3 0
b2 0 0
b1 0 0
b0 0 0
-- Lc is the number of bytes for writing. (1) If secure messaging applies, Lc = length of data for writing + 4 bytes of MAC. (2) If encrypted secure messaging applies, Lc = length of the encrypted data for writing + 4 bytes of MAC.
9.2 Decrease
9.2.1 Description DECREASE command is to deduct from EPF with record length less than 8 bytes. 9.2.2 Note DECREASE command only works on common EPF. Command for E purse file: Create File Select File Increase/Decrease Read Record This command is only executed when the common EPF decrease right was fulfilled.
Explanation: The P2 setting is as follows: Designation P2 b7 X b4-b8 is the SFI 0 Current file
b6 X 0
b5 X 0
b4 X 0
b3 X 0
b2 1 1
b1 0 0
b0 0 0
9.2.4 Command Data Field The data filed contains the cash amount to be deducted. If secure messaging applies, the data contains the cash amount to be deducted and 4 bytes of MAC. If encrypted secure messaging applies, the data field contains the encrypted cash amount and 4 bytes of MAC. For secure messaging, the Maintenance key will be used.
9.2.5 Response Data Field Response data field consists of new balance in EPF (Lc bytes) and the deduction amount for this transaction (Lc bytes). If secure messaging applies, it consists of new balance, deduction amount and additional 4 bytes MAC. If encrypted secure messaging applies, it consists of encrypted new balance, encrypted deducted amount and 4 bytes MAC. 9.2.6 Response Status Word The response status word could be: SW1 90 61 SW2 00 XX Description Successful Successful XX indicates length of respond data field. Use GET RESPONSE to get the respond data (only for T=0) Failed writing to EEPROM. Lc and EPF length mismatch. Not an EPF. Deduction and top-up EPF access condition not fulfilled. Missing secure message. File not found. Data error detected in secure messaging. Insufficient cash.
65 67 69 69 69 6A 93 94
81 00 81 85 87 82 02 01
Deduct 2 dollar from the EPF. 80 30 00 1C 04 0000 00 02 6108 For T=0, 6108 indicates the length of response data. By using the GET RESPONSE command, it can get the response data. For reader of Watchdata reader can auto get the response data and therefore there is no need to send the GET RESPONSE command.
Explanation: 0000 0007 is the new balance in the EPF. 0000 0002 is the amount deducted for this transaction.
Explanation: Use the specified authentication key to decrypt the data in command field. Then the result is compared with the original random number. If its the same, then external authentication passes. Then the security status will be set to the following status and the reset the error counter. If its not the same, then external authentication fails. The number of error counter decreases one and the security status remains the same. 9.3.4 Command Data Field It contains 8 bytes of encrypted random number. 9.3.5 Response Data Field Not exist.
9.3.6 Response Status Word SW1 90 63 67 69 69 69 6A 93 94 SW2 00 CX 00 81 82 83 82 02 03 Description Successful X remaining attempts left Incorrect length Not an external authenticate key External authenticate key access right of use not fulfilled Authentication (external authentication key) was blocked Key File not found Error detected during secure messaging Key not found
External Authentication process External Authentication is the process that card authenticates the external terminal. The process is as follows: Terminal Get 8 bytes random number Direction TimeCOS 2.9smart card
==> <==
the
challenge
Terminal encrypts the RNDicc using the Cardkey, which is the same as the external authentication key and get the encrypted D1. That is D1=DES (Cardkey,RNDicc) Send D1 authentication for external Card uses the specific external authentication key to decrypt D1 and get D2.Compare D2 with RNDicc 1) D2=DES-1(KID,D1) 2) D2? = RNDicc Send the comparison result (SW1SW2) to terminal. If comparison is successful, set the value of the security state register equal to the following status
==>
<==
Explanation: 1. The terminal gets the random number RNDicc 2. The terminal uses the specific key to encrypt RNDicc by DES and generates D1 3. The terminal sends the external authentication command to card and sends D1 00 82 00 kid 08 D1 4. After card receives D1, it uses the corresponding key to decrypt D1 by DES and generates 8 bytes D2. The card compares RNDicc and D2. 5. If its the same, then external authentication passes. Then the security status will be set to the following status and the reset the error counter. 6. If its not the same, then external authentication fails. The number of error counter decreases one and the security status remains the same.
Command: 00 84 00 00 08 Response: D3 89 BF 67 45 B9 35 50 9000 [Step 2] Card terminal uses the secret key 57415443484441544154696D65434F53 (which is the same as the external authentication key) to encrypt the random number and the result is C1 8A 5B 4B 13 40 25 21. [Step 3] Card terminal sends the encrypted random number to the card to do external authentication. Command: 00 82 00 00 08 C1 8A 5B 4B 13 40 25 21 Explanation: C1 8A 5B 4B 13 40 25 21 is the encrypted data from [Step 2] Response: 9000 Explanation: Since its successful, it sets the security status to be the following status 01.
You can only use this command to request for the response data when the current response is 61 XX, where XX is the number of data bytes expected to return by the card during previous command response. Notes: Only applicable to T=0 transmission protocol.
SW1 90 67 6F
SW2 00 00 00
Description Successful Incorrect length (Le larger than the response data length). Card does not have data to return.
Designation
Byte/s 1 1 1 1 1
9.6 Increase
9.6.1 Description INCREASE command is for topping up value to EPF, which record length is less than 8 bytes. 9.6.2 Note INCREASE is only applicable to common EPF The following command is applied to the command EPF: Create File Select File
Increase/Decrease Read Record This command can only be executed when the access right is fulfilled.
9.6.3 Command Format / Parameter Code CLA INS P1 P2 Lc DATA Le Designation Without secure messaging ----Refer to explanation Record length of EPF Top-up amount --Value (Hex) 80/84 32 00 XX XX XX...XX 00 Byte/s 1 1 1 1 1 XX 1
Explanation: P2 is set as follows: Designation P2 b7 Select file by using X FID 0 Select current file b6 X 0
Table 2
b5 X 0
b4 X 0
b3 X 0
b2 1 1
b1 0 0
b0 0 0
90 61
00 XX
62 67 69 69 6A 93 94
83 00 81 85 82 02 01
Successful Successful XX indicates the length of response data. GET RESPONSE is the command to get response data. (Only for T=0) File checksum error Lc length is mismatch with EPF length Not an EPF Deduction and top-up EPF access condition not fulfilled File not found Secure messaging error Cash overflow or current top up amount = 0
----Encryption Decryption MAC calculation KID for DES key P2 --Lc DATA Authentication data --Le
Table 3
Explanation: If P1=00, its encryption process and the key type is the DES encryption key If P1=01, its decryption process and the key type is the DES decryption key If P1=02, its MAC generation and the key type is DES&MAC key
67 69 69 69 6A 94
00 81 82 85 82 03
Explanation: If there is no matching responding key type, the card will return 9403, which means there is no correct key found.
Explanation: 1. Terminal generates 8 bytes random number RNDifd by itself or gets it from PSAM card. 2. Terminal sends Internal Authentication to card and sends RNDifd 00 88 00 KID 08 RNDifd 3. Card receives RNDifd and it uses the corresponding key in the card to do DES encryption. 8 bytes D1 are then generated. 4. Card sends D1 to the terminal. 5. The terminal receives the authentication data D1 from the card, and it uses corresponding key to do the DES encryption for random data RNDIFD. It then generates 8 bytes authentication data D2. The terminal compares D1 and D2. If matching, the authentication is successful; otherwise, fail.
[2]
[3]
Response: 6108 For cards of T=0, 6108 indicates the length of data card returned. Command GET RESPONSE can get the returned data. WATCHDATA readers can auto get returned data without GET RESPONSE command. Command: 00 C0 00 00 08 Response: 11 22 33 44 55 66 77 88 Explanation: 11 22 33 44 55 66 77 88 is the results of internal authentication or DES decryption. KID = 01; Key type is the DES&MAC Decryption Key Use access right = 0xF0; Change access right = 0xEF; Algorithm identifier = 01; Secret key version number = 01; 16 bytes Secret key = 57415443484441544154696D65434F53; Data for MAC generation = 11 22 33 44 55 66 77 88 Step: Internal authentication or generate MAC Command: 00 88 02 01 08 11 22 33 44 55 66 77 88 Response: 6104 For cards of T=0, 6104 indicates the length of data card returned. Command GET RESPONSE can get the returned data. WATCHDATA readers can auto get returned data without GET RESPONSE command. Command: 00 C0 00 00 04 Response: 87 56 E2 85 9000 Explanation: 87 56 E2 85 is the 4 byte MAC generated by the internal authentication process. The initial 8 bytes value for MAC generation = 0000000000000000
9.8.2 Note
Read Binary command is only applied to binary file Commands for binary file are as follows: Create file Select File Read Binary / Update Binary This command can only be executed if the read access right is fulfilled.
Designation
Byte/s 1 1 1 1 1
Explanation: If the MSB of P1 is 100, the lower 5 bit will be the short FID and P2 will be the offset to read. P1 b7 1 b6 0 b5 0 b4 b3 b2 short FID b1 b0 P2 Offset
If the MSB of P1 is not 1 then P1 and P2 will be the offset to read and the current file is the file to read. b6 b5 b4 Offset value b3 b2 b1 b0 P2
P1 b7 0
67 69 69 6A 6A 6C 6B
00 81 82 81 82 XX 00
Explanation: If the file checksum is incorrect, the card still sends the data out together with the warning status word SW1 SW2 = 6281. Once the file is written again, card will calculate a new checksum. To read a binary file, which does not have any data in it, it will return 6281 as well. For cards of T=0, if Le=00 or it goes beyond the EF size, the card will return the warning status word 6CXX to ask the Le be set as XX. Meanwhile, it reissues the command. [1] File type: Binary file FID = 0005; File body size = 8 bytes; Step: Read data starting from the offset 00 until the end of file with no secure messaging protection. Command: 00 B0 85 00 00 Response: 6C08 Explanation: For cards of T=0, 6C08 means it is required that the terminal resends previous command header with Le = 08 Command: 00 B0 85 00 08 Response: 11 22 33 44 55 66 77 88 9000
9.9.2 Note
Read Record command is applied on Fixed-Length Record, Cyclic Record, Electronic Purse File and Variable-Length Record files Commands for Record file are: Create File Select File Read Record Update Record Append Record The command is only applicable when the read access right is fulfilled.
Designation
Byte/s 1 1 1 1 1
Explanation: Designation for P1: Type Designation for P1 FLRF Record number - If the file has N records, then the record number can be any value of 1 to N. Record number - If the file has N records then the record VLRF number can be any value of 1 to N. Record tag - It is read by record tag, the LSB 3 bit of P2 must be 000. Record number - The latest record to be written is RN 1, CRF the previous updated record is RN 2 and etc. Record number - The latest record to be written is RN 1, EPF the previous updated record is RN 2 and etc. Designation for P2 is as follows:
Designation for P2 Explanation B7 b6 b5 b4 Read current file 0 0 0 0 SFI X X X X According to record number, read the record indicated by P1 According to record number, read from the record indicated by P1 to the last record According to record number, read from the last record to the record indicated by P1 According to record tag indicated by P1, read the first matching record According to record tag indicated by P1, read the last matching record Read the next record after the record which record tag is P1 Read the next record before the record which record tag is P1
b3 0 X -
b2 1 1
b1 0 0
b0 0 1
0 0
1 1
0 1
67
00
69 69 6A 6A 6C 6A
81 82 81 82 XX 83
Command and file structure mismatch Read condition not fulfill Current function not support (MF missing or blocked) File not found Incorrect Le Record not found
Note: If CLA=04, Le is ignored and the whole record will be returned. If CLA=00, when Le is not equal to the record length, it returns the warning status code 6CXX to request Le to be set as XX. Meanwhile, it requests the command to be reissued.
[2]
[3]
File type: VLRF FID = 0007; The file was created without secure messaging protection Step: Read VLRF based on the record tag = AA; Command: 00 B2 AA 38 00 Explanation: Since read is based on record tag, LSB 3 bit of P2 must be 000. Response: 6C03 Explanation: For cards of T=0, 6C03 requests the terminal to resend a command header with Le=03 Command: 00 B2 AA 38 03 Response: AA 01 11 9000 Explanation: The record retrieved is in TLV format. AA is the record tag, 01 is the data length and 11 is the data from the record.
[4]
File type: EPF FID = 0004 The EPF has 2 records Record length = 4 bytes The file was created without secure messaging protection Step: Retrieve the record of RN 01, which is the latest updated record. Command: 00 B2 01 24 00 Response: 6C04 Explanation: For the card of T=0, 6C04 requests the terminal to resend a command header with Le=4 Command: 00 B2 01 24 04 Response: 0000 0001 9000 Explanation: 0000 0001 is the balance in the EPF
9.10.2 Note
If select MF is successful, the secure register of MF will be reset to 0. If select DF under MF is successful, the secure register of DF will be reset to 0 and the secure register of MF remain unchanged.
Explanation: P1 = 00
Selection is based on FID (P2 must be 0). It can select: - EF or son-DF under the current DF - DF, which is the same level of the current DF P1 = 04 Select by DF filename, which has two cases: - P2=00, indicates the first or only one - P2=02, indicates the next one This method is also applicable to DF Under all circumstances, FID = 3F00 or filename 1PAY.SYS.DDF01 can be used to select the MF.
9.10.4 Command Data Field It is empty or contains FID or DF filename. 9.10.5 Response Data Field It contains FCI of the selected ADF or DDF as defined in following tables: Table 9.21 FCI when the DDF is successfully selected: FCI 6F 84 A5 88 Designation File control information template DF name FCI Proprietary data SFI of the directory elementary file
Table 9.21
Table 9.22 FCI when the ADF is successfully selected: FCI 6F 84 A5 9F0C Designation File control information template DF filename FCI Proprietary data FCI Issuer Discretionary Data Present Always Always Optional Optional
67 6A 6A 6A
00 81 82 86
Step: To retrieve the first record in the EF (DIR); Command: 00 B2 01 0C 00 Response: 6C15 Explanation: For cards of T=0, 6C15 requests the terminal to resend a command header with Le=0x15 Command: 00 B2 01 0C 15 Response: 70 13 61 11 4F 09 A000 0000 0386 9807 0150 04 50 42 4F 43 9000 Explanation: The returned information is in TLV format. - 70 is the tag of variable length record. - 13 is the data length of variable length record. - 61 is the entry tag for ADF application directory - 15 is the data length - 4F is the record tag of ADF filename for the banking application. - 09 is data length of ADF filename for the banking application (excluding Tag and Length). - A0 00 00 00 03 86 98 07 01 is 9 bytes record data, which is the ADF filename for the banking application. - 50 is the application label - 04 is the data length of the application label - 50 42 4F 43 67 is the data [step 3] Conditions: When creating the ADF for banking application. The ADF must have a card issuer dedicated data file with SFI = 0x95 ADF file name is A000 0000 0386 9807 01 Step: Select the ADF Command: 00 A4 04 00 09 A000 0000 03 86 9807 01 Response: 6130 Explanation: For cards of T=0, 6130 indicates the length of data will be resent by card. Send Get Response command to fetch the data. For WATCHDATA reader, it can auto return the response data. Therefore, the GET Response command is not required. Command: 00 C0 00 00 30 Response: 6F 2E 84 09 A0 00 00 00 03 86 98 07 01 A5 21 9F 0C 1E 11 11 22 22 33 33 00 06 03 01 00 06 19 98 08 17 00 00 00 30 19 98 08 15 19 98 12 31 55 66 9000
Explanation: The returned information is in TLV format. - 6F is the record tag for the FCI template. - 2E is the record length for the FCI template (excluding Tag and Length). - Followed by 44 bytes of record data (underlined) - 84 is the record tag for DF filename. - 09 is the record length for the DF filename (excluding Tag and Length). - A0 00 00 00 03 86 98 07 01 is the 9 bytes record data for the DDF filename. - A5 is the record tag for the FCI dedicated data file. All Right Reserved. Watchdata Technologies Pte Ltd
- 21 is the record length for the FCI dedicated data file (excluding Tag and Length). - 9F 0C is the record tag of FCI for card issuer defined data. - Followed by 30 bytes of record data, which is contents of the binary file with FID = 0015.
MF will become the current directory after successful selection. The current security state register will be updated to be the same value as the security state of MF. SELECT command can select the file by the filename 1PAY.SYS.DDF01 as well.
9.10.9 To select file within the same DF or son-DF using File Identifier
Command Format / Parameter CLA INS 00 A4 P1 00 P2 00 Lc 02 DATA SFI
If the selected file is son-DF, the select son-DF will be the current directory. The security state register will be set to 0 If the selected file is EF, this file will become the current selected file. The security state will remain unchanged.
Lc is the length of DF filename The current security state register will become 0 when this command is successfully executed.
9.11 Unblock
9.11.1 Description
UNBLOCK command is to unblock the 8 byte PIN which has been blocked.
9.11.2 Note
This command can only be executed when the access condition for UNBLOCK PIN is fulfilled and the UNBLOCK PIN must not be blocked. Executing this command will not update the value of the security state register. When the Unblock PIN verification is successful, the new PIN value will replace the original PIN (which has been blocked) as specified by the UNBLOCK PIN command. Both PIN and UNBLOCK PIN attempts error counter will be initialized to maximum tries. If UNBLOCK PIN verification fails, the UNBLOCK PIN remaining attempts counter will decrement by 1. For instance, after N fail verification, the attempts error counter will reach 0 and the Unblock PIN will be blocked. A card will be invalid (permanently blocked) if it is blocked.
When the Unblock PIN verification is successful, the new PIN value will replace the original PIN (which has been blocked) as specified by the UNBLOCK PIN command. Both PIN and UNBLOCK PIN attempts error counter will be initialized to maximum tries. If UNBLOCK PIN presentation fails, the UNBLOCK PIN remaining attempts counter will decrease by 1. For instance, after N false presentation, the attempts error counter will reach 0 and the Unblock PIN will be blocked. A card will be invalid (permanently blocked) if it is blocked.
Step :-
Command :- 00 2C 00 06 10 11 22 33 44 55 66 77 88 01 02 03 04 05 06 07 08 Explanation :- 11 22 33 44 55 66 77 88 is the 8 bytes Unblock PIN. 01 02 03 04 05 06 07 08 is the 8 bytes new PIN.
9.12.2 Note
Update Binary is only for Binary File Commands for the Binary File - Create File - Select File - Read Binary/ Update Binary This command can only be executed only when have the write Access Right fulfilled.
If the MSB of P1 is not 1 then P1 and P2 will be the offset value for currently selected file. P1 P2 b7 b6 b5 b4 b3 b2 b1 b0 0 Offset value Offset value
Le is the number of bytes to write. If secure messaging applies, Lc will be the total length of data for writing and 4 bytes MAC. If encrypted secure messaging applies, Lc will be the total length of encrypted data for writing and 4 bytes of MAC. All Right Reserved. Watchdata Technologies Pte Ltd
9.13.2 Note
UPDATE RECORD command is for writing fixed-length record file, variable-length record file and cyclic record file. Commands applicable for Record file are shown below: - Create File - Select File - Read Record - Update Record - Append Record Update record command can only be executed when the write Access Right is fulfilled. For the Variable-Length Record File, the length of new record must be the same as the original record; else the command is void.
Explanation: P2 Parameter b7 0 X 1 b6 0 x 1 b5 0 x 1 b4 0 x 1 b3 0 x 1 b2 1 1 0 0 0 0 0 b1 x 0 x 0 0 1 1 b0 x 0 x 0 1 0 1 Description Current EF file SFI RFU Record Number in P1 is applicable P1 is the Record Number Record Tag in P1 is applicable The first record matches the Record indicated in P1 The last record matches the Record indicated in P1 The next record from the record indicated by P1 The last record from the record indicated by P1
Note: x x x x x stands for the Short File Identity (SFI); - - - - - stands for all 0 or Short File Identity Note: 1. Only P1 = 00 & P2 = 03 can be used to append a new record to cyclic record file. 2. When P1<>00 and P2 = 04, it appends record if P1 equals to the existing Maximum Record Number + 1.
6A 6A 6A
82 83 84
File is not found Record is not found Insufficient space for writing
9.14.2 Note
This command can only be executed when the access condition is fulfilled. If the last few values of the PIN is consecutive FF, these FF value can be ignored in verification. If the PIN values are all FF, then at least one FF must be inputted.
9.15.2 Note
When the Access Right is fulfilled, Verify & Change PIN is used to verify and further change the 8 bytes PIN.
Note: If the PIN verification is successful, the security state register will be set to the following status of that PIN. The old PIN is then replaced by new PIN and PIN attempts error counter is initialised. If the verification is not successful, the number of attempts is decreased by 1. However, the PIN value does not change.
9. 16 Create File
9.16.1 Description
Create File command is used to create the file structure.
9.16.2 Note
DF and EF can only be created when the create Right is fulfilled for the current DF. There is only one Key File under each DF. This Key File must be created first before any other files. When the current DF is erased, file creation and accessing is free and not restricted by the Access Right. However, when DF is accessed again after leaving, it must follow the corresponding Access Right. Directory file cannot be auto-selected after creation (MF exclusive). Therefore, Select File command must be applied.
--1 --1 --2 Data length 1 0002 for purse file 2 0001 for passbook XXXX XX DATA File Control Information Not exist Le Table 9.36 Command Format to Create a Purse or Passbook (method 2)
Space 2 FFFF
Create Right 1 XX
Erase Right 1 XX
Table 9.37 FCI of MF 9.16.4.2 DF Data Length (byte) Value (HEX) File Type 1 38 Space 2 XXXX Create Right 1 XX Erase Right 1 XX RFU 3 FFFFFF DF Name 5 - 16 DF name
Table 9.38 FCI of DF 9.16.4.3 EF File Type Binary File Fix Length Record File Cyclic Record File Purse File B1 28 2A 2E 2F B2 File Space B3 B4 Read Right Read Right Read Right Read /Debit Right Read Balance/ Debit Right B5 Write Right Write Right Write Right Credit Right Overdue/ Withdraw Right Write Right B6 FF FF FF FF FF B7 KID, refer to Note[2] KID, refer to Note[2] KID, refer to Note[2] KID, refer to Note[2] SFI for the transaction file KID, refer to Note[2]
2<=Record Record no.<=254 length <= 178 2<=Record Record no.<=254 length <= 178 2<=Record Record no.<=254 length <= 8 Record Record No. = 2 Length =8
Space = all the record Read length +1 byte Right Checksum (calculated by COS) Each Record length = Record length + 1 byte Checksum (calculated by COS)
FF
Key File
3F
Space = total key length + 5 reserved bytes For the calculation on each record, please refer to Note[4]
FF
FF
Table 9.40 FCI of e-Purse/Passbook Note: 1. SFI is a one byte value, the definition is as follows: B7 To return control information: 1 Not return 0 return B6 To write transaction details: 1 Not write 0 Write (only effective to e-purse file. Transaction details are always updated for passbook) B5 B4 B3 B2 B1 B0 To allow Debit, Withdraw, Overdue limit: 1 Allow 0 Not allow SFI for the current file
2. For the file that protected by the Secure Messaging, the corresponding secure method must be applied when write. 3. If the features of e-purse debit, withdraw and overdue limit are supported, the following transaction type must be added: Value Definition 0B Debit on e-purse file 0C Withdraw from e-purse file 0D Change the overdue limit of the purse file Table9.41 Extended Transaction Type 4. If features of debit, withdraw and overdue limit are supported, the corresponding command is applied with P2 set to 02. 5. The remaining limit means the remaining value should not exceed this value when crediting (If no limit is set, set FFFFFFFF for e-passbook and 00FFFFFF for purse file)
6. If command from version 2.8 is applied to create e-purse file, this purse file dose not support updating transaction, debit, withdraw, overdue limit feature. Note: [1] For Binary file, Fix-length Record File, Variable-length Record File, Cyclic file (except Key File), secure messaging can be applied. To enable the secure messaging, two MBS of file type are set during file creation. Byte 1 (File Type) is set as follows: B7 B6 B5 B4 B3 0 1 1 0 0 1 File Type File Type File Type B2 B1 B0 Secure Messaging None MAC DES & MAC
For example, File type will be changed from 28 to A8 for secure messaging. [2] Note for KID Byte 7 is defined as follows: B7 File effectiveness 1 File effective 0 File not effective (usually not applied) B6 File Write Position 1 EEPROM, that is the current 32K 0 expanded EEROM, that is the space out of 32K B5 Atomic Protection 1 Yes 2 No B4 Read Method 1 Plain Text 0 Encrypted Text B3 Invert 2 bit for reading KID B2 B1 Invert 2 bit for writing KID Table 9.42 Explanation on KID Note: To TimeCOS, the 32K and expanded space is separately managed. Each file consists of file header and body, while ll the file headers are located in the 32k. For the file body, it all locates in 32K or all in the expanded separately 32K. Only binary file can be created in the expanded space, and the space must not greater than 32k. [3] e-passbook/purse file It is compatible to commands from TimeCOS 2.8. Note: FID for e-passbook must be 0001; FID for purse file must be 0002
[4] KEY File Note: SFI for Key file must be 0000 a. Each record length = 1byte TAG + 1byte length + 5 bytes key header + key length T and L bytes are maintained by COS Note: For Key file under MF, Record length = 1 byte TAG + 1byte length + 1 byte Key type T and L bytes are maintained by COS b. SFI for DF SFI for DF is illustrated as follows: B7 B6 B5 B4 B3 B2 B1 0 0 0 x x x x 1 1 1 0 1 1 0 0 1 x x 1 x x 1 x x 1 x x 1
B0 x x x 1
Description If the current DF is DDF, the lowest 5 bits of LBS is the SFI If the current DF is ADF, the lowest 5bits of LBS is the SFI for the issuer It includes the SFI for A5 module of current DF RFU
Table 9.42 SFI for DF Note: A5 is the record tag for File Control Information
Return: 9000 2. To create a purse file, with FID = 0002, file type = 2F. It allows updating transaction, debit, getting cash and changing overdue limit. Credit Right = F0, Debit Right = F0. Limit = FFFFFF Command: 80E000001E000200002F0208E2FFF0F000F0F000FFFFFFFFFFFFFF000 0000000000000 File 0018 is the default transaction file Return: 9000
9.17.2 Note
When fulfill the erase right for the MF, this command can erase all DF and EF under MF. However, MF information of the access right and space do not change (that is it doesnt change MF header). MF name doesnt change too. When there is no files under MF, its free to erase MF with no restriction of access right After MF has been erased, its free to create and read/write file with no access right restriction. However, when the MF is accessed again, access right is applied.
9.18.2 Note
This command must be executed under the father DF and the erase right must be fulfilled. When the DF erase right is fulfilled, the EF/DF specified by P1P2 can be erased. The corresponding access right and space information (including header and file name) are erased. With file erase, the memory is re-allocated. This command can also be used to erase the EF/DF under DDF. The erase to the specific EF/DF does not have any effect on other EF/DF.
69
82
9.19.2 Note
Only when the current directory is MF and it fulfills MF erase right, Set Protocol can be used. When there are no files under MF, this command doesnt restrict by any access right.
B0 = 0 T=0 communication protocol B0 =1 T=1 communication protocol The default value for setting parameter is FE; which means it uses 3.57MHz crystal, 9600 bps baud rate, T=0 transmission protocol.
Explanation: Parameter FE (in binary is 11111111), which means using 3.57MHz crystal, 9600 bps baud rate and T=1 transmission protocol.
9.20.2 Note
When the Append Right is fulfilled for the Key file under current DF, Write Key command can be used to write Key into Key File When the Modification Right is fulfilled, key value can be changed (exclusive for PIN)
----For Key unload Key type, for key renew Secret key identifier (SKID) P2 Length of data field Lc DATA Key header + key value Not exist Le
Command Data Field = Key header (5 bytes) + key value If secure messaging is applied, it consists of encrypted data and 4 bytes MAC
Key Type DES encryption Key DES decryption Key DESMAC key Internal Key Maintenance Key Master Key External Authentication Key PIN Unblock Key PIN Reload Key Change Overdraw Limit Key Withdraw Key Debit Key Credit Key PIN Key
Byte 2 Byte 3 Byte 4 Byte 5 Key length Use Modify Key Algo ID 8/16 Right Right version 31 Use Modify Key Algo ID 8/16 Right Right version 32 Use Modify Key Algo ID 8/16 Right Right version 34 Use Modify Key Algo ID 8/16 Right Right version 36 Use Modify FF Error 8/16 Right Right Counter Its the external authentication key with KID = 00. Its command data field is the same as the external authentication key. 39 Use Modify Following Error 16 Right Right Status Counter 37 38 3C 3D 3E 3F 3B Use Right Use Right Use Right Use Right Use Right Use Right Use Right Modify Right Modify Right Modify Right Modify Right Modify Right Modify Right EF FF FF Key Version Key Version Key Version Following Status Error Counter Error Counter Algo Tag Algo Tag Algo Tag Algo Tag Error Counter 8/16 8/16 8/16 8/16 8/16 8/16 2-8 (for the PIN under Finance Directory, if the length of PIN is less than 6, FF needs to be appended 8
Byte 1 30
Unblock Key
PIN
3B
Use Right
Key under MF
3X
PIN Key Error ID that Counter needs to be unblocked There is only one 1 byte of Key Type for this data field For the key installed by this method, its key type and content are the one corresponding to the key under MF
Modify Right
Table 6.44 Data Field for Key Upload by Write Key Command Note: For the Key Version and Following Status, please refer to the Explanation [4] Explanation: [1] Secure Messaging is also applied on Key. To enable the Secure Messaging on Key (Write Key, Verify, etc.), two MSB in Byte1 (Key Type) need to be set when the key is stored.
B7 0 0 1
The definition of Byte1 (Key Type) is illustrated as follows: B6 B5 B4 B3 B2 B1 B0 0 1 1 Key Type Key Type
For example: To have the DES&MAC secure messaging for keys, the External Authentication Key type 39 is converted to F9. Note: For the key with Secure Messaging, its install and upload must apply the corresponding secure method, except the Master Key under MF. [2] When keys are installed and uploaded in Secure Messaging method: There are two cases when installing the Master Key under MF: i. The manufacturer loads a Secure Messaging Master Key in MF Key file (which is the Transportation Key). Users can authenticate or replace this key when the card is first issued. ii. After the MF has been erased by the user, the MF Master key can be loaded in plain text. However, Secure Messaging can be set for renewing the key in secure mode.
To modify the MF Master Key, the data needs to be encrypted by MF Master Key and MAC is calculated.
When loading the Master key for Application Directory (except MF), data is encrypted by the father DF Master Key and MAC is calculated. When modifying the Master key for Application Directory (except MF), data is encrypted by the current DF Master Key and MAC is calculated.
When loading/modifying the Key (except Master Key) for Application Directory (MF or DF), data is encrypted by the current DF Master Key and MAC is calculated.
Please refer to the Secure Messaging for the MAC calculation. [3] If there is only one Key of certain type under the Application directory, its KID is 00; else KID should starts from 01. Under one application:
There is only one Master Key, PIN unblock Key and PIN Reload Key, and its KID must be 00. There are maximum 4 Maintenance Key and the KID is 00-03 For the PIN under Finance Directory, its KID is 00 KID cannot be FF
[4] Explanation on Technical Terms: Use Right It stands for the right that must be fulfilled before verification, authentication and computation. For example: If the Use Right is 41, it means the Security Register value must be greater or equal than 1 and less or equal than 4 for using that key.
Modify Right It means the right to change the key by Write Key command. When the Modify Right is fulfilled, Write Key command can change the content of key. However, the value of error counter remains. Error Counter The 4 highest bits stands for the maximum allowed consecutive unsuccessful trail. The 4 lowest bits stands for the number of remaining trails. If the number of consecutive unsuccessful trails is greater than the allowed value, the Key will be blocked. For example: If the Error Counter is 33, it means the maximum unsuccessful key verification is 3. If it fails once, the counter will be 32 and further changed to 31 if it fails again. If the next verification or authentication is correct, the counter will change to 33. For a successful Unblock Key command, the 4 highest bits will be set to the same value as the 4 lowest bits. At the same time, the key value is changed. If unsuccessful, the number of allowed trails decreases by 1. The card will be permanently blocked if the unblock PIN and External Authentication Key is blocked.
Following Status After a successful verification or external authentication, the Security Register is set to the same value as the 4 lowest bits of the following status.
Unblock KID For a successful unblock Key command, the Key specified KID is unblocked.
Command Data Field = New Key Value If Secure Messaging applies, it consist of encrypted data and 4 bytes MAC
If the Modify Right fulfills, Write Key command can change the key value. However, the value of error counter remains.
It does not apply on the PIN Key. It does not applicable when the key is blocked.
Response: 9000