Gemalto MPCOS Version 0.1

transcript

MULTI-APPLICATION PAYMENT CHIP

OPERATING SYSTEM (MPCOS) By Ata Ebrahimi, 2010

AGENDA

1. Abstract

2. Features

3. File and Data Structure

4. Access Condition

5. Cryptography

6. Command Format

7. Commands

8. Discussion

9. References

ABSTRACT

Understanding How the MPCOS Applets works

Developing Terminal Applications for MPCOS cards

AGENDA

1. Abstract

2. Features

4. Access Condition

5. Cryptography

6. Command Format

7. Commands

8. Discussion

9. References

FEATURES

Multi-Purpose and Payment Applications

JAVA Open Platform Card

AGENDA

1. Abstract

2. Features

4. Access Condition

5. Cryptography

6. Command Format

7. Commands

8. Discussion

9. References

FILE AND DATA STRUCTURE

Global Level

Local Level

GLOBAL LEVEL

Master Files (MF)

Elementary Files (EFs)

LOCAL LEVEL

Dedicated Files (DFs)

Elementary Files (EFs)

HIERARCHY OF MPCOS FILES

MASTER FILE

Root of the MPCOS File Structure = Root Directory in MS DOS

Only One Per Card

Storing Up to 63 Dedicated Files and Elementary Files

Unique Identifier = 3F00 h

DEDICATED FILES

Directory in MS DOS

Storing Up to 63 Elementary Files

Nested DFs Are Not Supported

13-byte File Descriptor and A File Body

File Descriptor = Information Needed by MPCOS to Manage the File

File Body = DF’s Name

STRUCTURE OF DEDICATED FILE DESCRIPTOR

IDENTIFIER (FID)

Length = 2 Bytes

Allocated When the File Is Created

Short File Identifier (SFI) = 5 Least Significant Bits of FID

Designating a File From Within a File Operation Command

FILE DESCRIPTOR BYTE (FDB)

Length = 1 Byte

FILE OPTION BYTE (OPT)

Length = 1 Byte

Bit Value Option

1 Reserved for Future (RFU)

2 1 Cancel Debit Command Disabled

0 Cancel Debit Command Enabled

3 1 Current Balance Can Be Used To Compute Sign Certificates

0 Current Balance Can Never Be Used To Compute Sign Certificates

4-7 Reserved for Future (RFU)

8 1 Select Purse & Key and Select File Key Commands Require External Authentication

0 Select Purse & Key and Select File Key commands Do Not Need An External Authentication

BODY SIZE

Length = 2 Bytes

Specifies the Size of the File Body

Usually Contains the DF Name, Up to 16 Bytes

ACCESS CONDITION GROUP 1, 2

Length = 2 Bytes

Define the Access Conditions Assigned to the DF

CHECKSUM

Length = 1 Byte

Computed by the OS When the File Is Created

To Control the Integrity of the Descriptor In Case of Memory Failure

FILE BODY

Stores An Optional Name in DFs

Name Length = Up to 16 Bytes

Can Be Used By Select File Command to Select a DF

DF Do Not Have A Structure

SELECTION BY PARTIAL NAME

MPCOS Allows DF To Be Selected By Partial Name

Example_EP = Example

The DF That Was Created First Will Be Selected

ELEMENTARY FILE

Main Component of the MPCOS File Structure

Contain System and Application Data

13-byte File Descriptor and A File Body

File Descriptor = Information Needed by MPCOS to Manage the File

File Body = Data

STRUCTURE OF ELEMENTARY FILE DESCRIPTOR

IDENTIFIER (FID)

Length = 2 Bytes

Allocated When the File Is Created

Short File Identifier (SFI) = 5 Least Significant Bits of FID

Designating a File From Within a File Operation Command

Length = 1 Byte

Information About The EF Type and Structure

When Creating An EF, The OS Does Not Check The Contents Of The FDB, So More Than One of Each Type of File Can Be Created

If More Than One of Unique EFs Like Secret Code and IADF IS Created, Only The First One Is Recognized

RECLGT

Length = 1 Byte

Contains The Record Length For Linear Fixed and Cyclic Files With A Fixed Record Length

No Value For Other File Types

BODY SIZE

Length = 2 Bytes

Specifies the Size of the File Body

EF File Body Contains The Data

ACCESS CONDITION GROUP 1, 2, 3

Length = 2 Bytes

Define the Access Conditions Assigned to the EF

CHECKSUM

Length = 1 Byte

Computed by the OS When the File Is Created

To Control the Integrity of the Descriptor In Case of Memory Failure

FILE BODY

Stores Data

Six Types Of EFs

TYPE OF EFS

Purse Files

Enhanced Purse Files

Key Files

Transaction Manager Files

Secret Code Files

Internal Application Data Files (IADF)

PURSE FILES

FDB: 0001 1001 b or 19 h

Contain One Purse Only

Each DF Can Hold Up To 32 Purse Files

Must Be Among The First 32 Files Created In A Dedicated File

PURSE STRUCTURE

MAXIMUM BALANCE

Length = 3 Bytes

Maximum Balance That The Purse Can Hold

CREDIT KEY FILE

Length = 5 Bytes

Specifies The Short File Identifier Of The File Holding The Purse Credit Key

MAXIMUM FREE DEBIT

Length = 3 Bytes

The Maximum Value That Can Be Debited From The Purse When The Debit Access Condition Has Not Been Fulfilled

If This Value Is Set To 0 h, The Debit Access Condition Must Be Fulfilled For All Debits

Length = 1 Nibble

Access Condition For Debit

0000 Not Protected By Secret Code

0xxx Protection By Secret Code xxx

1xxx Debiting Not Allowed

Length = 1 Nibble

Access Condition To Read The Purse Balance

0000 Not Protected By Secret Code

0xxx Protection By Secret Code xxx

1xxx Debiting Not Allowed

CURRENT BALANCE

Length = 3 Bytes

The Current Balance Value Of The Purse

BACKUP BALANCE

Length = 3 Bytes

The Previous Balance Value Of The Purse

Before The Last Transaction Was Carried Out

MPCOS Can Use This Value To Restore The Purse Balance After Any Incorrect Purse Updates

TERMINAL TRANSACTION COUNTER (TTC)

Length = 2 Bytes

Contains The TTC’s Two Most Significant Bytes While The Debit Operation Is Being Processed

Used To Identify Which Terminal Performed The Last Debit Operation

Checked By MPCOS Before Any Cancel Debit Command Operation

ENHANCED PURSE FILES

FDB: 0001 1001 b or 19 h

Enhanced Purses Include An Extra Word At The Offset 5 Position

Extra Word Can Be Used To Protect The Credit Operation With a Secret Code

Specify The Hierarchical Level Of The Access Conditions For The Read Balance, Debit and Credit

EXTRA WORLD FORMAT IN ENHANCED PURSE

The First Three Bytes Are Reserved For The Future

Length = 1 Bit

Defines The Hierarchical Level Of The EF Secret Code Files For The Read Balance, Debit and Credit Access Condition

0 Global, The Secret Codes Are Contained In The EF Secret Code Of The Master File

1 Local, The Secret Codes Are Contained In The EF Secret Code Of The Currently Selected Dedicate

CREDIT ACCESS CONDITION

0000 b No Secret Code Protection For Credit Operations

0xxx b Credit Operations Are Protected By Secret Code Number xxx

1xxx b This Purse Cannot Be Credited

KEY FILES

FDB: 0010 1001 b or 29 h

Consists Of 12 Bytes

Header = First Four Bytes

The Next Eight Bytes Contain Its Confidential Value

KEY STRUCTURE

SYSTEM

Length = 1 Byte

Used To Indicate The Key Type

KEY VERSION (KV)

Length = 1 Byte

The Key Version May Be Used To Memorize A Key Version Number After A Key Is Updated

CHECKSUM

Length = 1 Byte

The Checksum Is An Integrity Control Of Data

K8 TO K1

Length = 1 Byte

Each Secret Key = Over 8 Bytes

A Key File Contains Up to 8 Keys

KEY FILES

Storing The Cryptographic Keys Used In All MPCOS Cryptographic Functions

The Master File An Each Dedicated File Can Store One Or More Key Files

Each Key File Can Store Up To Four 3DES_16 Keys

COMMANDS THAT REQUIRE CRYPTOGRAPHIC KEYS

KEY TYPES

Administration Keys Used For The Computation of Temporary Administration Keys And Secure Messaging

Payment Keys Used For The Payment Commands Such As Transaction Certificate Generation And

The Computation Of Temporary Certification Keys

Log Keys

(Multi-purpose Keys)

Used For Initiate A Payment Session But Not An Administration Session

Signature Keys Dedicated To The Computation Of Signatures

Authentication Keys Used For Authentication Commands

COMMANDS THAT REQUIRE CRYPTOGRAPHIC KEYS

TRANSACTION MANAGER FILES

FDB: 0001 0001 b or 11 h

Each Dedicated File Holding Purse Files Must Also Hold A Transaction Manager File In Order To Recognize Payment Commands

A Transparent EF And Eight Bytes In Length

MF And Each DF Can Hold Only One Transaction Manager File

The Access Condition For Updating And Writing To Transaction Manager Files Must Be Locked

DATA STRUCTURE OF A TRANSACTION MANAGER FILE

CURRENT CARD TRANSACTION COUNTER (CURRENT CTC)

A Three Byte Counter That Is Incremented Every Time A Payment Transaction Session Is Established

Used As A Variable Element For Payment-Oriented Cryptographic Processing

BACKUP CARD TRANSACTION COUNTER (BACKUP CTC)

Stores The Value Of The Card Transaction Counter That Was Current Before The Last Transaction Was Executed

CKS AND CKS’

Invert(Exclusive-OR(First Three Bytes Of Each Word))

SECRET CODE FILES

FDB: 0010 0001 b or 21 h

Transparent EF

MF And Each DF Can Sore Up To One EF Secret Code

Only The First Secret Code File Created In The DF or MF Can Be Interpreted

Each Secret Code File Can Store Up To Eight Secret Codes

Secret Codes Are Stored On 8 Bytes

STRUCTURE OF SECRET CODE

Length = 4 Bits

The System Nibble Defines How The Secret Code Is To Be Entered

MAXIMUM PRESENTATION NUMBER (MPN)

Length = 3 Bits

Defines The Maximum Presentation Number On Nibble

Specifies The Number Of Times That The Secret Code Can Be Incorrectly Entered Consecutively Before MPCOS Locks It

From 2 to 8

RATIFICATION SECRET CODE (RSC)

Length = 8 Bits

Must Be Initialized With The Value FF h When Creating The Secret Code

The Counter Record The Number Of Consecutive Times That The Secret Code Has Been Presented Incorrectly And Decrements The Counter By One

Counter Value = MPN Value Card Locks The Secret Code

Secret Code Is Correctly Entered The Card Sets This Value To FF h

UNBLOCKING CODE REFERENCE (UCR)

Length = 4 Bits

Used For Unblocking The Secret Code On Three Least Significant Bits

UNBLOCKING CODE REFERENCE (UCR)

L = Define The Hierarchical Level Of The Secret Code EF Containing The UCR, 0: MF Level, 1: Local Level

Secret Code Number (SCN) = Defines The Secret Code Sequential Number In The Relevant Secret Code EF

SECRET CODE

Length = 4 Bytes

Extracts From The Least Significant Nibble Of Each Character Of Eight-Byte Secret Code

INTERNAL APPLICATION DATA FILE (IADF)

FDB: 0000 1001 b or 09 h

Transparent EF

Interpreted By The MPCOS Applet In Order To Return Information After The Selection Of A DF

Allows The Implementation Of The File Control Information (FCI) To Be Returned After The Selection of A DF

Any Number Of IADFs Can Be Created In A DF, But Only The First One Can Be Interpreted By OS

IADF STRUCTURE

BLOCK SIZE OF BLOCK 1 (BS1)

Length = 1 Byte

Defines The Block Size Of Block 1

If Size = 0 h No FCI Will Be Returned By The Card

BLOCK 1

Codes The Answer To Select FCI

Directly Interpreted By The MPCOS Applet To Build The Response Message When Selecting The DF

BLOCK 1

TLg Total Length Of The Response In Bytes

Tn, Ln, Vn Represent a proprietary TLV Format And Are Interpreted By The MPCOS Applet

Tn Represent A Proprietary Tag.

TAG VALUE

Tn = 55 h (Direct Addressing) : Vn Holds The Data To Be Sent And Ln Holds Its Length

Tn = AA h (Logical Addressing) : Vn Holds Logical Information Used By The Card To Access The Data And Ln

Holds Data Length

TAG VALUE

T Type (0: EF, 1: DF)

L Level (0: Global, 1: Local)

Short ID Short File Identifier (SFI) Of The File

Offset / Rec.nb. The Most Significant Bytes Of The Offset In The Case Of A Transparent File

Rec.nb. In The Case Of A Structured File

Offset Offset in Bytes :

•Logical Addressing In A DF Data Forms Part Of The DF Name

•Logical Addressing And When Addressing An EF The Read Access Conditions Should Be Unrestricted

•The Sum L1+L2+…+Ln Must Be Equal To TLg

BLOCK SIZE OF BLOCK 2 (BS2)

Length = 1 Byte

Defines The Block Size Of Block 2

BLOCK 2

Has No Administrative Meaning And May Be Used For Applicative Purpose

DIRECTORY FILE

Directory EF Is A Record EF Listing DDFs And Application Definitions Files Contained Within The Directory

Must Be Accessible By The Read Record Command

APPLICATION ELEMENTARY FILE

Application EF Is An Record EF That Contains The Data Element And TLV Format Used By The Application In Its Processing

Must Be Accessible By The Read Record Command

EF STRUCTURE

Transparent File

Structured File

TRANSPARENT FILE

FDB: 0000 0001 b or 01 h

Unstructured Sequence Of Bytes That Can Be Accessed By Specifying An Offset Relative To The Start Of EF

Offset Size = 4 Bytes

First Byte Relative Address 00 h

DATA REFERENCING IN A TRANSPARENT FILE

STRUCTURED FILE

Linear Fixed Files

Linear Variable Files

Cyclic Files

LINEAR FIXED FILE

FDB: 0000 0010 b or 02 h – No Further Information

Or FDB : 0000 0011 b or 03 h – Simple TLV (Tag, Length, Value)

Consist Of Sequence Of Individually Identifiable Records Of The Same Size

The Size Is Determined During The File Creation And Is Stored In The File Descriptor

LINEAR FIXED FILE

Records Are Referenced #1, #2, #3

Updating A Record Does Not Modify The Record Number

The Record Number Assigned To A Linear Fixed File Cannot Be Higher That 255

LINEAR FIXED FILE

LINEAR VARIABLE FILE

The Record Selection Is The Same As For Linear Files With Records Of Fixed Size

The Is Handled By The Interface As A Sequence Of Independent Record

CYCLIC ELEMENTARY FILE

AGENDA

1. Abstract

2. Features

4. Access Condition

5. Cryptography

6. Command Format

7. Commands

8. Discussion

9. References

AGENDA

1. Abstract

2. Features

4. Access Condition

5. Cryptography

6. Command Format

7. Commands

8. Discussion

9. References

AGENDA

1. Abstract

2. Features

4. Access Condition

5. Cryptography

6. Command Format

7. Commands

8. Discussion

9. References

AGENDA

1. Abstract

2. Features

4. Access Condition

5. Cryptography

6. Command Format

7. Commands

8. Discussion

9. References

AGENDA

1. Abstract

2. Features

4. Access Condition

5. Cryptography

6. Command Format

7. Commands

8. Discussion

9. References

DISCUSSION

AGENDA

1. Abstract

2. Features

4. Access Condition

5. Cryptography

6. Command Format

7. Commands

8. Discussion

9. References

REFERENCES

• MPCOS- Reference Manual, Document Reference: DOC108514B, 2007

• MPCOS-Product Training, 2008

Gemalto MPCOS Version 0.1

Software