第1页 / 共65页
第2页 / 共65页
第3页 / 共65页
第4页 / 共65页
第5页 / 共65页
第6页 / 共65页
第7页 / 共65页
第8页 / 共65页
globalplatform 个人化通用指南.pdf
Document Overview
Scope
Intended Audience
Document Structure
Normative References
Abbreviations and Notations
Overview of the Common Personalization Process
The Infrastructure of Common Personalization
Secure Messaging
The Store Data Command and Data Groupings
The Data Container Format
Common Personalization and CAMS
Data Preparation
Personalization Device Processing
IC Card Application Processing
Process Overview
Data Preparation
Creating Personalization Data
Application Provider Master Keys and Data
Application Keys and Certificates
Application Data
Creation of Data Groupings
DGIs Defined by Common Personalization
Completion of Personalization
Restricting the Store Data Command after Personalization
Replacing the initial Security Domain key(s) after Personalization
Multiple Transport Key Capability
Processing Step
Creation of Personalization Device Instructions
Order that Data must be sent to the Smart Card
Support for Migration to New Versions
Encrypted Data Groupings
PIN Block Format
Random Number for Processing
Group of DGIs in one Store Data command
The PDI Field
ICC Data populated with DGIs
The ICC Data Field
Pre-computed APDU Commands \(Processing Step ‘0B
Types of pre-computed APDU Commands
Coding of APDU Commands
Coding of commands
Coding of error bypass flag ‘C9’
ICC Data populated with pre-computed APDUs
The ICC Data Field
Creation of Personalization Log Data
Personalization Device Processing
Processing Step with code action ‘0F’
Key Management
Processing Flow
External Authenticate Command
Get Data Command
Card Recognition Data
Issuer Identifier (ISSUERID)
Initialize Update Command
Select Command
Store Data Command
Using the Store Data Command as the last Personalization Command
Return Data From Smart Card application
Processing Step with code action ‘0B’
Syntax Checking
Types of data elements in ICC Return data field
Coding of ICC Return Data Field
Coding of termination reason
Coding of the command counter
Abstraction from transport layer
Personalization Log Creation
IC Card Processing
Preparation for Personalization
Personalization
Smart Card Requirements
Command Support
Secure Messaging
Cryptography for Personalization
Key Zones
Session Keys
MACs
Encryption
Decryption
DES Calculations
Data Dictionary
List of data elements
ACT (Action to be Performed)
AID (Application Identifier)
CMK (Final Master Key)
CMODE (Chaining Mode)
DTHR (Date and Time)
ENC (Encryption Personalization Instructions)
GROUP (Group of Data Grouping as part of Personalization Instructions)
IDTK (Identifier of the Transport Key)
IDOWNER (Identifier of the Application Specification Owner)
IDTERM (Identifier of the Personalization Device)
ISSUERID (Issuer Identifier Data for Personalization)
KENC (DES Key for Creating Personalization Session Key for Secret Data Encryption)
KKEK (DES Key for Creating Personalization Session Key for DES Key Encryption)
KMAC (DES Key for Creating Personalization Session Key for MACs)
KEYDATA (Derivation Data for Initial Update Keys)
KMC (DES Master Key for Personalization Session Keys)
L (Length of Data)
LOGDATA (Data Logging Personalization Instructions)
MACINP (MAC of All Data for an Application)
MACkey (MAC Key)
MIC (Module Identifier Code)
ORDER (Data Grouping Order Personalization Instructions)
RCARD (Random Number from the Smart Card)
RTERM (Random Number from the Personalization Device)
RANDOM (Random Number)
REQ (Required or Optional Action)
SEQNO (Sequence Number)
SKUENC (Personalization Session Key for Encryption)
SKUDEK (Personalization Session Key for Secret Data Exchange)
SKUMAC (Personalization Session Key for MACing)
TAG (Identifier of Data for a Processing Step)
TK (Transport Key)
TYPETK (Indicator of Use(s) of Transport Key)
VERCNTL (Version Control Personalization Instructions)
Examples of document
Examples of Data Groupings
CPS Demonstrator
Examples of Personalization Device Instructions
CPS Demonstrator
Support for Data Grouping Order
Support for Migration to New Versions
Encrypted Data Groupings
Group of Data Grouping
Completion of Personalization
CPS Demonstrator
Examples of APDU mapping to T=0 TPDU
Guide to Common Personalization
Version 1.0
March 2003
03/26/2003
GlobalPlatform Guide to Common Personalization v1.0
ii
Table of Contents
2.5.1
2.5.2
2.5.3
1. Document Overview _______________________________________________________________ 1
1.1 Scope________________________________________________________________________ 1
1.2
Intended Audience_____________________________________________________________ 1
1.3 Document Structure ___________________________________________________________ 1
1.4 Normative References __________________________________________________________ 2
1.5 Abbreviations and Notations ____________________________________________________ 2
2. Overview of the Common Personalization Process _______________________________________ 6
2.1 The Infrastructure of Common Personalization_____________________________________ 6
2.2 Secure Messaging _____________________________________________________________ 7
2.3 The STORE DATA Command and Data Groupings ___________________________________ 7
2.4 The Data Container Format _____________________________________________________ 8
2.5 Common Personalization and CAMS ____________________________________________ 10
Data Preparation_________________________________________________________ 11
Personalization Device Processing ___________________________________________ 12
IC Card Application Processing _____________________________________________ 12
2.6 Process Overview_____________________________________________________________ 13
3. Data Preparation ________________________________________________________________ 16
3.1 Creating Personalization Data __________________________________________________ 16
Application Provider Master Keys and Data____________________________________ 16
Application Keys and Certificates ____________________________________________ 16
Application Data _________________________________________________________ 17
3.2 Creation of Data Groupings ____________________________________________________ 17
3.3 DGIs Defined by Common Personalization _______________________________________ 18
Completion of Personalization ______________________________________________ 18
Restricting the STORE DATA Command after Personalization _______________________ 18
Replacing the initial Security Domain key(s) after Personalization __________________ 18
3.4 Multiple Transport Key Capability ______________________________________________ 20
3.5 Processing Step ______________________________________________________________ 21
3.6 Creation of Personalization Device Instructions (Processing Step ‘0F’) ________________ 21
Order that Data must be sent to the Smart Card _________________________________ 22
Support for Migration to New Versions________________________________________ 22
Encrypted Data Groupings _________________________________________________ 23
PIN Block Format ________________________________________________________ 24
Random Number for Processing _____________________________________________ 24
Group of DGIs in one STORE DATA command ___________________________________ 24
The PDI Field ___________________________________________________________ 25
ICC Data populated with DGIs ______________________________________________ 26
3.7 Pre-computed APDU Commands (Processing Step ‘0B’) ____________________________ 27
Types of pre-computed APDU Commands _____________________________________ 27
Coding of APDU Commands________________________________________________ 27
ICC Data populated with pre-computed APDUs_________________________________ 28
3.8 Creation of Personalization Log Data ____________________________________________ 29
4. Personalization Device Processing __________________________________________________ 30
4.1 Processing Step with code action ‘0F’ ____________________________________________ 30
Key Management _________________________________________________________ 30
Processing Flow _________________________________________________________ 31
Return Data From Smart Card application_____________________________________ 39
4.2 Processing Step with code action ‘0B’ ____________________________________________ 40
3.6.1
3.6.2
3.6.3
3.6.4
3.6.5
3.6.6
3.6.7
3.6.8
3.7.1
3.7.2
3.7.3
3.1.1
3.1.2
3.1.3
3.3.1
3.3.2
3.3.3
4.1.1
4.1.2
4.1.3
Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use
of this information is governed by the GlobalPlatform license agreement and any use inconsistent with that
agreement is strictly prohibited.
03/26/2003
GlobalPlatform Guide to Common Personalization v1.0
iii
5.
5.2.1
5.2.2
5.2.3
4.2.1
4.2.2
4.2.3
4.2.4
Syntax Checking _________________________________________________________ 40
Types of data elements in ICC Return data field _________________________________ 41
Coding of ICC Return Data Field ____________________________________________ 41
Abstraction from transport layer _____________________________________________ 42
4.3 Personalization Log Creation___________________________________________________ 43
IC Card Processing_______________________________________________________________ 44
5.1 Preparation for Personalization_________________________________________________ 44
5.2 Personalization_______________________________________________________________ 44
Smart Card Requirements __________________________________________________ 44
Command Support ________________________________________________________ 44
Secure Messaging ________________________________________________________ 44
6. Cryptography for Personalization ___________________________________________________ 45
6.1 Key Zones___________________________________________________________________ 45
6.2 Session Keys_________________________________________________________________ 46
6.3 MACs ______________________________________________________________________ 46
6.4 Encryption __________________________________________________________________ 46
6.5 Decryption __________________________________________________________________ 46
6.6 DES Calculations_____________________________________________________________ 47
7. Data Dictionary__________________________________________________________________ 48
7.1 List of data elements __________________________________________________________ 48
ACT (Action to be Performed)_______________________________________________ 48
7.1.1
AID (Application Identifier)_________________________________________________ 48
7.1.2
CMK (Final Master Key)___________________________________________________ 48
7.1.3
CMODE (Chaining Mode) _________________________________________________ 48
7.1.4
DTHR (Date and Time) ____________________________________________________ 48
7.1.5
ENC (Encryption Personalization Instructions) _________________________________ 48
7.1.6
GROUP (Group of Data Grouping as part of Personalization Instructions) ___________ 49
7.1.7
IDTK (Identifier of the Transport Key) _________________________________________ 49
7.1.8
IDOWNER (Identifier of the Application Specification Owner)________________________ 49
7.1.9
7.1.10
IDTERM (Identifier of the Personalization Device) ________________________________ 49
ISSUERID (Issuer Identifier Data for Personalization) ___________________________ 49
7.1.11
7.1.12 KENC (DES Key for Creating Personalization Session Key for Secret Data Encryption) __ 49
7.1.13 KKEK (DES Key for Creating Personalization Session Key for DES Key Encryption)_____ 49
7.1.14 KMAC (DES Key for Creating Personalization Session Key for MACs) ________________ 50
7.1.15 KEYDATA (Derivation Data for Initial Update Keys) ____________________________ 50
7.1.16 KMC (DES Master Key for Personalization Session Keys)_________________________ 50
7.1.17
L (Length of Data) ________________________________________________________ 50
7.1.18
LOGDATA (Data Logging Personalization Instructions) __________________________ 50
7.1.19 MACINP (MAC of All Data for an Application) __________________________________ 50
7.1.20 MACkey (MAC Key) ______________________________________________________ 50
7.1.21 MIC (Module Identifier Code)_______________________________________________ 50
7.1.22 ORDER (Data Grouping Order Personalization Instructions) ______________________ 51
7.1.23 RCARD (Random Number from the Smart Card) __________________________________ 51
7.1.24 RTERM (Random Number from the Personalization Device)_________________________ 51
7.1.25 RANDOM (Random Number) _______________________________________________ 51
7.1.26 REQ (Required or Optional Action) __________________________________________ 51
SEQNO (Sequence Number) ________________________________________________ 51
7.1.27
7.1.28
SKUENC (Personalization Session Key for Encryption) ____________________________ 51
7.1.29
SKUDEK (Personalization Session Key for Secret Data Exchange) ___________________ 51
7.1.30
SKUMAC (Personalization Session Key for MACing) ______________________________ 52
TAG (Identifier of Data for a Processing Step) __________________________________ 52
7.1.31
7.1.32
TK (Transport Key) _______________________________________________________ 52
Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use
of this information is governed by the GlobalPlatform license agreement and any use inconsistent with that
agreement is strictly prohibited.
03/26/2003
GlobalPlatform Guide to Common Personalization v1.0
iv
7.1.33
TYPETK (Indicator of Use(s) of Transport Key)__________________________________ 52
7.1.34 VERCNTL (Version Control Personalization Instructions)_________________________ 53
8. Examples of document ____________________________________________________________ 54
8.1 Examples of Data Groupings ___________________________________________________ 54
CPS Demonstrator________________________________________________________ 54
8.2 Examples of Personalization Device Instructions___________________________________ 56
CPS Demonstrator________________________________________________________ 56
8.3 Completion of Personalization __________________________________________________ 57
CPS Demonstrator________________________________________________________ 57
9. Examples of APDU mapping to T=0 TPDU ___________________________________________ 58
8.1.1
8.2.1
8.3.1
Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use
of this information is governed by the GlobalPlatform license agreement and any use inconsistent with that
agreement is strictly prohibited.
03/26/2003
GlobalPlatform Guide to Common Personalization v1.0
v
Table of Figures
Figure 2-1 – Personalization Data by MIC......................................................................................................8
Figure 2-2 – Overview of Smart Card Personalization Data Format...............................................................9
Figure 2-3 – Overview of Personalization Data for a Single Smart Card Application....................................9
Figure 2-4 – CAMS Architecture Diagram ...................................................................................................11
Figure 2-5 – Example Personalization Data Layout for one application.......................................................12
Figure 2-6 – Example of Personalization Data for one Application for one Card.........................................13
Figure 2-7 – Personalization Input File for One Card ...................................................................................13
Figure 2-8 – Interface between the SCMS and the Loader............................................................................14
Figure 2-9 – Interface between the SCMS and the Personalization device ...................................................15
Figure 3-1 – Layout of ICC Data Portion of Record .....................................................................................26
Figure 3-2 – Formatting of Personalization Data within ICC Data Portion of Record..................................26
Figure 3-3 – Pre-computed APDU Command placed in BER–TLV structure..............................................27
Figure 3-4 – Layout of ICC Data Portion of Record .....................................................................................28
Figure 3-5 – Formatting of Personalization Data within ICC Data Portion of Record..................................29
Figure 4-1 – Personalization Command Flow with Explicit Initiation SCP..................................................32
Figure 4-2 – Personalization Command Flow with Implicit Initiation SCP..................................................33
Figure 6-1 – Common Personalization Key Zones........................................................................................45
Figure 6-2 – Common Personalization Key Zone in pre-computed APDU commands ................................45
Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use
of this information is governed by the GlobalPlatform license agreement and any use inconsistent with that
agreement is strictly prohibited.
03/26/2003
GlobalPlatform Guide to Common Personalization v1.0
vi
Table of Tables
Table 1-1 – Normative References..................................................................................................................2
Table 1-2 – Abbreviations ...............................................................................................................................3
Table 3-1 – Data Content for DGI ‘7FFF’.....................................................................................................18
Table 3-2 – Example of Key Diversification Data for the Issuer Security Domain ......................................19
Table 3-3 – Example of Key Diversification Data for a Supplementary Security Domain...........................19
Table 3-4 – FORMATTK Codes and Associated Data ...................................................................................20
Table 3-5 – Layout of TKDATA for FORMATTK ‘01’.................................................................................21
Table 3-6 – Data Content for the Field ORDER ...........................................................................................22
Table 3-7 – Data Contents for the Field VERCNTL .....................................................................................23
Table 3-8 – Data Contents for the Field ENC ...............................................................................................23
Table 3-9 – Data Content for the Field GROUP ...........................................................................................25
Table 3-10 – Personalization Device Instructions for Personalization Processing Step................................25
Table 4-1 – Example of Key Diversification Data ........................................................................................35
Table 4-2 – STORE DATA Command Coding for application personalization data........................................37
Table 4-3 – Coding of P1 in STORE DATA Command ...................................................................................37
Table 4-4 – Contents of ICC Return Data field.............................................................................................39
Table 4-5 – Contents of Personalization Log ................................................................................................43
Table 7-1 – Coding of TYPETK .....................................................................................................................53
Table 8-1 – CPS Demonstrator Data Groupings ...........................................................................................54
Table 8-2 – Data Content for DGI ‘0101’ .....................................................................................................54
Table 8-3 – Data Content for DGI ‘0102’ .....................................................................................................55
Table 8-4 – Data Content for DGI ‘0103’ .....................................................................................................55
Table 8-5 – Data Content for DGI ‘8101’ .....................................................................................................55
Table 8-6 – Data Content for DGI ‘9101’ .....................................................................................................55
Table 8-7 – Data Content for DGI ‘9102’ .....................................................................................................55
Table 8-8 – Data Content for DGI ‘1101’ .....................................................................................................56
Table 8-9 – Data Content for DGI ‘1102’ .....................................................................................................56
Table 8-10 – Data Content for the Field ORDER .........................................................................................56
Table 8-11 – Data Content for the Field VERCNTL.....................................................................................56
Table 8-12 – Contents of the Field ENC with PIN data ................................................................................57
Table 8-13 – Data Content for the Field GROUP .........................................................................................57
Table 8-14 – Data Content for DGI ‘7FFF’...................................................................................................57
Table 9-1 – Case 1 command ........................................................................................................................58
Table 9-2 – Case 2 command with matching expected length ......................................................................58
Table 9-3 – Case 2 command, greedy mode..................................................................................................58
Table 9-4 – Case 2 command with too low expectations ..............................................................................59
Table 9-5 – Case 3 command ........................................................................................................................59
Table 9-6 – Case 4 command, greedy mode..................................................................................................59
Table 9-7 – Case 4 command anticipating the correct response length.........................................................59
Table 9-8 – Case 4 command with too low expectations ..............................................................................59
Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use
of this information is governed by the GlobalPlatform license agreement and any use inconsistent with that
agreement is strictly prohibited.
03/26/2003
GlobalPlatform Guide to Common Personalization v1.0
1
1. Document Overview
1.1 Scope
The personalization process described in this document is designed to facilitate the personalization of
multi-application cards. It creates a personalization infrastructure that allows upgrades to applications
without requiring a change to the Personalization Device processing.
This document is a Guide for a common approach to ‘in-card’ personalization. This Guide supports up
to the GlobalPlatform Card Specification 2.1. Personalizing an application through its Security Domain
using the Install [for personalization] is not addressed. ‘Off-card’ application personalization in which
personalization data is included in an application load file, is not addressed.
This document should be read in conjunction with the GlobalPlatform Load and Personalization
Interface Specification.
1.2 Intended Audience
There are two intended audiences for this document:
• The designers of a specific application. This audience will use this document as one of the
inputs to their design process. The areas that are impacted by this document are:
− Design of the Data Preparation process for the application.
− Design of the structure for the application on the IC card.
− Design of the IC card commands used to personalize the application.
• The designers of Personalization Device processing. This audience will use this document as a
Guide for part of the design for their processing.
1.3 Document Structure
The document is organized as follows:
• Chapter 1 is this chapter and contains an overview of the document and a list of references.
• Chapter 2 provides an overview of the personalization process.
• Chapter 3 describes the Data Preparation process.
• Chapter 4 describes the Personalization Device processing.
• Chapter 5 describes specific requirements for IC card applications.
• Chapter 6 describes the cryptography used in the personalization process.
• Chapter 7 is the data dictionary.
• Chapter 8 provides examples of the use of the Common Personalization approach.
Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use
of this information is governed by the GlobalPlatform license agreement and any use inconsistent with that
agreement is strictly prohibited.
GlobalPlatform Guide to Common Personalization v1.0
03/26/2003
1.4 Normative References
The following documents are referenced in this specification:
2
Standard / Specification
GlobalPlatform Card
Specification 2.1, 2001
CAMS v3.0, 2000
ISO 9564-1, 1991
ISO/IEC 7816-3, 1997
ISO/IEC 7816-4, 1997
ISO/IEC 8825, 1990
GlobalPlatform Systems
Profiles Specification, 1.0,
2002
GlobalPlatform Systems
Scripting Specification, 1.0,
2002
GlobalPlatform Systems
Card Customization Guide,
1.0, 2002
Implementation Primer for
SCMS v1.0, 2000
GlobalPlatform Load and
Personalization Interface,
1.0, 2003
Description
Chip-card specifications for GlobalPlatform products
Card and Application Management System Business Architecture
Banking – Personal Identification Number management and
security –“Part1: PIN protection principles and techniques
Identification Cards – Integrated circuit(s) cards with contacts –
Part 3: Electronic signals and transmission protocols, Second
Edition
Identification Cards – Integrated circuit(s) cards with contacts –
Part 4: Inter-industry commands for interchange, First Edition 1st
September 1995; with Amendment 1
Information technology – Open Systems Interconnection –
Specifications of Basic Encoding Rules for Abstract Syntax
Notation One (ASN. 1)
Description of the contents, format and usage of GlobalPlatform
Profiles
Overview of GlobalPlatform Personalization architecture and the
role of scripts within it
Defines how multi-application smart cards can be managed using
GlobalPlatform Profiles and Scripts
Describes Roles and responsibilities and interactions with other
roles for a Smart Card Management System
Describes a standard interface between a data preparation system
and a personalization system
Table 1-1 – Normative References
1.5 Abbreviations and Notations
Table 1-2 contains the abbreviation used in this document. For an exhaustive list refer to section 7.
Abbreviation Meaning
APDU
ATR
BER–TLV
CA
CAD
CAMS
CBC
CDK
Application Protocol Data Unit
Answer-to-Reset
Basic Encoding Rules – Tag, Length, Value
Certification Authority
Card Acceptance Device
Card and Application Management System (see section 1.4)
Cipher Block Chaining
Updated Derived Key
Copyright 2003 GlobalPlatform Inc. All Rights Reserved.
The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use
of this information is governed by the GlobalPlatform license agreement and any use inconsistent with that
agreement is strictly prohibited.
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
