SecMMC_Spec_prel_V1_0(MMC卡资料).pdf

发布时间：2022-04-02 发布人：admin 分类：互联网资料大小：0.37M 资料格式：pdf 举报版权申诉

第1页 / 共47页

SecMMC_Spec_prel_V1_0(MMC卡资料).pdf-第2页.png

第2页 / 共47页

SecMMC_Spec_prel_V1_0(MMC卡资料).pdf-第3页.png

第3页 / 共47页

SecMMC_Spec_prel_V1_0(MMC卡资料).pdf-第4页.png

第4页 / 共47页

SecMMC_Spec_prel_V1_0(MMC卡资料).pdf-第5页.png

第5页 / 共47页

SecMMC_Spec_prel_V1_0(MMC卡资料).pdf-第6页.png

第6页 / 共47页

SecMMC_Spec_prel_V1_0(MMC卡资料).pdf-第7页.png

第7页 / 共47页

SecMMC_Spec_prel_V1_0(MMC卡资料).pdf-第8页.png

第8页 / 共47页

1 Scope

2 General description of the SecureMMC

2.1 Standard MMC versus SecureMMC

2.2 Memory partitions

2.3 File Structure for the operation system in the SecureMMC

2.4 The secure command set

2.5 Logical channels

3 Secure command structure and transport through standard MMC

3.1 Framing of the Security Commands and Responses

3.2 Transport of the SecCMD tokens through the standard MMC interface

3.3 The Status Word for the SecureMMC

4 Description of the Secure Command Set

4.1 Overview of the Secure Commands

4.2 Detailed description of the Security Commands and Responses

4.2.1 OPEN_CHANNEL

4.2.2 CLOSE_CHANNEL

4.2.3 VERIFY

4.2.4 DISABLE_VERIFICATION_REQUIREMENT

4.2.5 ENABLE_VERIFICATION_REQUIREMENT

4.2.6 CHANGE_REFERENCE_DATA

4.2.7 RESET_RETRY_COUNTER

4.2.8 OPEN_FILE

4.2.9 CLOSE_FILE

4.2.10 WRITE_FILE

4.2.11 READ_FILE

4.2.12 MANAGE_SECURITY_ENVIRONMENT (MSE)

4.2.12.1 MSE_RESTORE

4.2.12.2 MSE_SET

4.2.12.3 MSE_DERIVE_KEY

4.2.13 PERFORM_SECURITY_OPERATION (PSO)

4.2.13.1 PSO_ENCIPHER

4.2.13.2 PSO_DECIPHER

4.2.13.3 PSO_COMPUTE_DIGITAL_SIGNATURE

4.2.13.4 PSO_VERIFY_DIGITAL_SIGNATURE

4.2.13.5 PSO_COMPUTE_CRYPTOGRAPHIC_CHECKSUM

4.2.13.6 ASK_RANDOM

5 Cryptographic features of the SecureMMC

5.1 How to use these algorithms

5.2 Asymmetric cryptoalgorithms

5.3 Elliptic curves

5.4 Symmetric cryptoalgorithms for bulk encryption

5.5 Hash functions

6 SecureMMC characterization

6.1 Card Package

6.2 Robustness level

7 Glossary

8 References

Secure MultiMediaCard (SecureMMC) The A internal use only C M For M System Specification Version 1.0 Infineon Technologies AG

SecureMMC Revision History Version Date Section/ Page Author Changes compared to previous issue 0.1 0.2 0.3 1.0 11.00 01.01 03.01 05.01 all all all 5 Dr. Th. Böker, Infineon Dr. Th. Böker, Infineon Dr. Th. Böker, Infineon Dr. Th. Böker, Infineon first draft specification of SecureMMC major changes in Chapter 3 after MMCA meeting Nov.2000, Hawaii overall review after MMCA meeting Feb.2001, Orlando setting the mandatory and optional cryptoalgo- rithms after MMCA meeting Apr. 2001, Rome 2 SecureMMC Specification Version 1.0 Preliminary 5/16/01 Infineon Technologies AG

SecureMMC 1 Scope............................................................................................................................. 5 2 General description of the SecureMMC ..................................................................... 7 2.1 Standard MMC versus SecureMMC ....................................................................... 7 2.2 Memory partitions.................................................................................................... 7 2.3 File Structure for the operation system in the SecureMMC .................................... 8 2.4 The secure command set...................................................................................... 10 2.5 Logical channels ................................................................................................... 11 3 Secure command structure and transport through standard MMC ...................... 13 3.1 Framing of the Security Commands and Responses............................................ 13 3.2 Transport of the SecCMD tokens through the standard MMC interface ............... 14 3.3 The Status Word for the SecureMMC ................................................................... 17 4 Description of the Secure Command Set................................................................. 18 A internal use only 4.1 Overview of the Secure Commands ..................................................................... 18 4.2 Detailed description of the Security Commands and Responses ......................... 19 4.2.1 OPEN_CHANNEL ......................................................................................................20 4.2.2 CLOSE_CHANNEL ....................................................................................................21 4.2.3 VERIFY.......................................................................................................................22 4.2.4 DISABLE_VERIFICATION_REQUIREMENT.............................................................23 4.2.5 ENABLE_VERIFICATION_REQUIREMENT..............................................................23 4.2.6 CHANGE_REFERENCE_DATA ................................................................................24 4.2.7 RESET_RETRY_COUNTER......................................................................................24 4.2.8 OPEN_FILE................................................................................................................25 4.2.9 CLOSE_FILE..............................................................................................................26 4.2.10 WRITE_FILE ............................................................................................................26 4.2.11 READ_FILE ..............................................................................................................27 4.2.12 MANAGE_SECURITY_ENVIRONMENT (MSE) ......................................................27 4.2.12.1 MSE_RESTORE...............................................................................................28 4.2.12.2 MSE_SET .........................................................................................................28 4.2.12.3 MSE_DERIVE_KEY .........................................................................................29 4.2.13 PERFORM_SECURITY_OPERATION (PSO) .........................................................29 4.2.13.1 PSO_ENCIPHER..............................................................................................30 4.2.13.2 PSO_DECIPHER..............................................................................................31 4.2.13.3 PSO_COMPUTE_DIGITAL_SIGNATURE .......................................................32 4.2.13.4 PSO_VERIFY_DIGITAL_SIGNATURE ............................................................32 4.2.13.5 PSO_COMPUTE_CRYPTOGRAPHIC_CHECKSUM ......................................33 4.2.13.6 ASK_RANDOM.................................................................................................34 For M C M SecureMMC Specification Version 1.0 Preliminary 5/16/01 Infineon Technologies AG 3

SecureMMC 5 Cryptographic features of the SecureMMC.............................................................. 35 5.1 How to use these algorithms................................................................................. 35 5.2 Asymmetric cryptoalgorithms ................................................................................ 35 5.3 Elliptic curves ........................................................................................................ 38 5.4 Symmetric cryptoalgorithms for bulk encryption ................................................... 38 5.5 Hash functions ...................................................................................................... 40 6 SecureMMC characterization .................................................................................... 41 6.1 Card Package ....................................................................................................... 41 6.2 Robustness level................................................................................................... 41 7 Glossary ...................................................................................................................... 44 8 References .................................................................................................................. 46 A internal use only C M For M SecureMMC Specification Version 1.0 Preliminary 5/16/01 Infineon Technologies AG 4

SecureMMC 1 Scope The scope of the SecureMMC is to support applications that need from low to high level security. Figure 1.1 shows different applications that require different levels of security. For example, it makes no sense to apply security protection to freely distributed data such as advertising or demonstration material (e.g., low quality MP3 files). At a slightly higher secu- rity level, since the news in newspapers is usually outdated after a couple of days or weeks, simple content scrambling is probably sufficient. At a yet higher security level, content pro- tection (e.g., for digital music like MP3 files), is seen as a mid-level security application with e/m-commerce and payment applications as being more sensitive applications requiring a higher level of security.The SecureMMC is designed to be used up to the highest level of security by using public key infrastructures (PKI) as well as chip card technologies such as tamper resistant modules (TRM) to prevent hardware hacker attacks. typical applications money: e/m-commerce, online banking GSM/WAP: identification, authentication personal data: banking receipts, PIN, ... protected content: music, video, books, .… personal data: EMail, addresses, .. newspaper free distributable data: advertising, demos, .. y t i r u c e s f o l e v e l crypto-features Public Key Infrastructure (PKI) Digital Signatures Certificates RSA, Elliptic Curves 3-DES, 112bit key DES, 56bit key C2 cipher, 56bit key symmetric encryption with <56bit secret key content scrambling % Figure 1.1: Different levels of security It should be noted that of course the SecureMMC is capable of applying lower level security applications such as content protection schemes as well. An example of a music distribu- tion and content protection system using a PKI is the Keitaide-Music System (see http:\\www.keitaide-music.org). It uses a standard MMC with an additional set of security related commands. The tamper resistant design guarantees low risk for content providers SecureMMC Specification Version 1.0 Preliminary 5/16/01 Infineon Technologies AG 5

SecureMMC to have unlimited copies of their content by unauthorized users. This system is SDMI com- pliant and started service in November 2000. The SecureMMC has a more sophisticated command set that is based on chip card com- mands. The focus has been placed on the mobile e-commerce market. When used as a security element (SE) the SecureMMC may be used in a mobile phone to create a personal trusted device (PTD) as proposed by the MeT forum (Mobile electronic Transaction forum; see [MeT_White]). The WIM functionality (WAP Identity Module; see [WAP_WIM]) is a key feature in the secu- rity element for mobile transactions and has therefore been chosen to be the target applica- tion for the SecureMMC. By adding to the WIM standard primitive command set chip card related commands (see [ISO7816-4] and [ISO7816-8]) the SecureMMC becomes more flexible. This is to benefit a wider variety of applications such as banks, financial services, online-shops, and many more. These well-known standards make it easy for any service provider to implement their security scheme by using the SecureMMC. 6 SecureMMC Specification Version 1.0 Preliminary 5/16/01 Infineon Technologies AG

SecureMMC 2 General description of the SecureMMC The following chapter gives an overview of the additional features of the SecureMMC in contrast to the standard MMC. It also describes the general setup of the SecureMMC such as memory partitioning, the file structure, and the command set. 2.1 Standard MMC versus SecureMMC The SecureMMC is meant to be fully compliant with the standard MMC system specification [MMC_Spec3.0]. All features described in there such as command and data structures to transport (i.e. read, write, and erase) any type of data are the same for the SecureMMC. However, like in the standard MMC the SecureMMC may not support all command classes but class 0 is mandatory. The SecureMMC has an extended CSD register which provides the information that the new opcode set for the security mode is supported. With the SWITCH command the host must switch to the SecureMMC mode in which the transport commands for the security functions are enabled. The host must not switch to other modes during a security session. 2.2 Memory partitions The standard MMC possesses memory areas that can be directly accessed from the host analogous to Flash and ROM cards. However, for security reasons, some information needs to be kept secret such as private keys and verification data (such as a PIN). Even if such data are stored on the Flash or ROM payload area and protected by the password mechanism (see [MMC_Spec3.0] Chapter 4.4.4) the level of security is not sufficient for most applications using a PKI. Therefore an additional memory area is present in the SecureMMC. Figure 2.1 depicts the different memory areas consisting of the standard user data or payload area and a tamper resistant area. As mentioned above the user has unlimited access rights to the payload area which typically contains all kinds of user data. However, a number of security related data may be stored as well in this area as far as they are not sensitive. Such data could be certificates, public keys, and also receipt depending on their specific content. The access rights to the tamper resistant memory area is managed by the operating sys- tem of the SecureMMC. Only after a certain authentication process which is dependent on the application currently using the SecureMMC the user (i.e. its application) gets access to the data in this area which belong to this specific application. Each application can only get access to its corresponding data. The latter memory area will be typically an embedded non-volatile memory area of the security controller. As a tamper resistant module the controller is protected against hard- ware attacks as well. This means sensitive data such as private keys, secret keys, authen- tication data, and so forth are well protected against unauthorized access. SecureMMC Specification Version 1.0 Preliminary 5/16/01 Infineon Technologies AG 7

SecureMMC access rights memory partition typical data hardware accessible only through special security commands r/w rights are managed by controller OS r/w as normal disk at PC access through standard MMC commands tamper resistant memory area private keys secret keys authentication data log files special data objects certificates public keys non-volatile memory on controller as tamper resistant module (TRM) e.g. MP3 Files encrypted content all kinds of user data certificates public keys Flash or ROM payload area user data area (sizes not to scale) Figure 2.1: Memory partitions of the SecureMMC In the case where some security related data (e.g., a certificate) is stored in the payload area the operating system of the SecureMMC must be able to access these data. There- fore, at least this part of the payload area must be formatted in a DOS FAT 16 file structure as specified in [MMC_Spec3.0], Chapter 11.1. The security related data must be stored in certain files which are marked as write-protected for a DOS application. 2.3 File Structure for the operation system in the SecureMMC It is very important for the O/S of the controller to handle the access rights to certain data stored in different files in the tamper resistant memory area. Therefore the files are orga- nized in a hierarchical structure and are of one of three types as defined below.These files may be either administrative or application specific. Files are composed of a header, which is internally managed by the O/S of the SecureMMC, and a body part. The information of the header is related to the structure and attributes of the file, while the body part contains the data of the file. Files will be addressed or identified by their specific file ID which consists of two bytes and shall be coded in hexadecimal notation. As depicted in Figure 2.2 there are three types of files: • Master File (MF) SecureMMC Specification Version 1.0 Preliminary 5/16/01 Infineon Technologies AG 8

分享到：

赞收藏

资料库

SecMMC_Spec_prel_V1_0(MMC卡资料).pdf

相关推荐

最新资料