ImageVerifierCode 换一换
格式:PDF , 页数:118 ,大小:1.23MB ,
资源ID:435814      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-435814.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ANSI INCITS 504-1-2013 Information Technology - Generic Identity Command Set - Part 1 Card Application Command Set.pdf)为本站会员(王申宇)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ANSI INCITS 504-1-2013 Information Technology - Generic Identity Command Set - Part 1 Card Application Command Set.pdf

1、American National StandardDeveloped byfor Information Technology Generic Identity Command Set Part 1: Card Application Command SetINCITS 504-1-2013INCITS 504-1-2013INCITS 504-1-2013American National Standardfor Information Technology Generic Identity Command Set Part 1: Card Application Command SetS

2、ecretariatInformation Technology Industry CouncilApproved April 24, 2013American National Standards Institute, Inc.Approval of an American National Standard requires review by ANSI that therequirements for due process, consensus, and other criteria for approval havebeen met by the standards develope

3、r.Consensus is established when, in the judgement of the ANSI Board ofStandards Review, substantial agreement has been reached by directly andmaterially affected interests. Substantial agreement means much more thana simple majority, but not necessarily unanimity. Consensus requires that allviews an

4、d objections be considered, and that a concerted effort be madetowards their resolution.The use of American National Standards is completely voluntary; theirexistence does not in any respect preclude anyone, whether he has approvedthe standards or not, from manufacturing, marketing, purchasing, or u

5、singproducts, processes, or procedures not conforming to the standards.The American National Standards Institute does not develop standards andwill in no circumstances give an interpretation of any American NationalStandard. Moreover, no person shall have the right or authority to issue aninterpreta

6、tion of an American National Standard in the name of the AmericanNational Standards Institute. Requests for interpretations should beaddressed to the secretariat or sponsor whose name appears on the titlepage of this standard.CAUTION NOTICE: This American National Standard may be revised orwithdrawn

7、 at any time. The procedures of the American National StandardsInstitute require that action be taken periodically to reaffirm, revise, orwithdraw this standard. Purchasers of American National Standards mayreceive current information on all standards by calling or writing the AmericanNational Stand

8、ards Institute.American National StandardPublished byAmerican National Standards Institute, Inc.25 West 43rd Street, New York, NY 10036Copyright 2013 by Information Technology Industry Council (ITI)All rights reserved.No part of this publication may be reproduced in anyform, in an electronic retriev

9、al system or otherwise,without prior written permission of ITI, 1101 K Street NW, Suite 610, Washington, DC 20005. Printed in the United States of AmericaCAUTION: The developers of this standard have requested that holders of patents that may be re-quired for the implementation of the standard discl

10、ose such patents to the publisher. However, nei-ther the developers nor the publisher have undertaken a patent search in order to identify which, ifany, patents may apply to this standard. As of the date of publication of this standard, followingcalls for the identification of patents that may be re

11、quired for the implementation of the standard,notice of one or more such claims has been received. By publication of this standard, no positionis taken with respect to the validity of this claim or of any rights in connection therewith. The knownpatent holder(s) has (have), however, filed a statemen

12、t of willingness to grant a license underthese rights on reasonable and nondiscriminatory terms and conditions to applicants desiring to ob-tain such a license. Details may be obtained from the publisher. No further patent search is con-ducted by the developer or publisher in respect to any standard

13、 it processes. No representation ismade or implied that this is the only license that may be required to avoid infringement in the use ofthis standard.Table of Contents Foreword . vii 1. Overview 1 1.1 Scope 1 1.2 Purpose . 2 1.3 Normative References 2 2. Definitions, abbreviations and conventions .

14、 4 2.1 Terms and Definitions . 4 2.2 Acronyms, Abbreviations and Symbols 5 2.3 Conventions 8 3. Data Structures for GICS-Applications 10 3.1 Global Objects . 10 3.1.1 EF.ATR/INFO 10 3.1.2 EF.DIR . 11 3.1.3 Card Capability Description . 11 3.2 Files . 11 3.2.1 Application Dedicated Files . 12 3.2.2 E

15、lementary Files 12 3.2.3 Certificate Formats 13 3.3 Data Objects 15 3.3.1 File Templates . 16 4. Security Architecture 17 4.1 Access Control Rule 17 4.2 Security Status 17 4.3 Security Attributes . 17 4.3.1 Security Condition Byte . 19 5. Assigned Values 20 5.1 Class Byte . 20 5.2 Control Parameters

16、 . 20 5.2.1 Control Parameters for ADF 20 5.2.2 Control Parameters for Files . 20 5.2.3 Control Parameters for Security Object DO 21 5.3 Security Parameter Template . 22 5.4 File Management Data 23 5.5 Application Template Data Object . 23 5.6 File Descriptor Byte . 23 5.7 Life Cycle Status . 23 5.8

17、 Security Environment 24 5.9 Access Mode Byte for Data Objects . 24 5.10 Access Mode Byte for Authentication Objects 25 5.11 Access Mode Byte for Private Keys 25 5.12 Access Mode Byte for Secret Keys . 25 5.13 Access Mode Byte for ADF . 25 5.14 Cryptographic Mechanisms . 26 5.15 Reference Data Quali

18、fier . 27 5.16 Control Reference Templates . 27 5.16.1 Authentication (AT) . 30 5.16.2 Key Agreement (KAT) . 30 5.16.3 Hash Template (HT) 30 5.16.4 Cryptographic Checksum (CCT) . 31 5.16.5 Digital Signature (DST) . 31 5.16.6 Confidentiality (CT) . 32 5.17 Secure Message Data Objects . 32 5.18 Paddin

19、g-Content Indicator Byte 33 iii 5.19 PIN Usage Policy 33 6. Generic Identity Command Set Application 35 6.1 SELECT 35 6.1.1 Description 35 6.1.2 Conditions of Use 35 6.1.3 Impact on Security Status . 35 6.1.4 Command APDU . 35 6.2 SELECT DATA 38 6.2.1 Description 38 6.2.2 Conditions of Use 38 6.2.3

20、Impact on Security Status . 38 6.2.4 Command APDU . 38 6.2.5 Status Word . 38 6.3 GET DATA 39 6.3.1 Description 39 6.3.2 Conditions of Use 39 6.3.3 Impact on Security Status . 39 6.3.4 Command APDU . 39 6.3.5 Command Data Field 39 6.3.6 Response Data Field . 40 6.3.7 Status Word . 40 6.4 PUT DATA .

21、41 6.4.1 Description 41 6.4.2 Conditions of Use 41 6.4.3 Impact on Security Status . 41 6.4.4 Command APDU . 41 6.4.5 Command Data Field 41 6.4.6 Response Data Field . 42 6.4.7 Status Word . 42 6.5 VERIFY . 42 6.5.1 Description 42 6.5.2 Conditions of Use 42 6.5.3 Impact on Security Status . 43 6.5.4

22、 Command APDU . 43 6.5.5 Command Data Field 43 6.5.6 Response Data Field . 43 6.5.7 Status Word . 43 6.6 CHANGE REFERENCE DATA . 44 6.6.1 Description 44 6.6.2 Conditions of Use 44 6.6.3 Impact on Security Status . 44 6.6.4 Command APDU . 45 6.6.5 Command Data Field 45 6.6.6 Response Data Field . 45

23、6.6.7 Status Word . 45 6.7 RESET RETRY COUNTER 46 6.7.1 Description 46 6.7.2 Conditions of Use 46 6.7.3 Impact on Security Status . 46 6.7.4 Command APDU . 46 6.7.5 Command Data Field 46 6.7.6 Response Data Field . 47 6.7.7 Status Word . 47 6.8 MANAGE SECURITY ENVIRONMENT Set . 47 6.8.1 Description

24、47 6.8.2 Conditions of Use 47 iii 6.8.3 Impact on Security Status . 47 6.8.4 Command APDU . 47 6.8.5 Command Data Field 48 6.8.6 Response Data Field . 48 6.8.7 Status Word . 48 6.9 GENERAL AUTHENTICATE 48 6.9.1 Description 48 6.9.2 Conditions of Use 49 6.9.3 Impact on Security Status . 49 6.9.4 Comm

25、and APDU . 49 6.9.5 Command Data Field 49 6.9.6 Response Data Field . 50 6.9.7 Status Word . 50 6.10 PERFORM SECURITY OPERATION . 50 6.10.1 Description 50 6.10.2 Conditions of Use 50 6.10.3 Impact on Security Status . 50 6.10.4 Command APDU . 50 6.10.5 Command Data Field 51 6.10.6 Response Data Fiel

26、d . 51 6.10.7 Status Word . 51 6.11 GET RESPONSE (for Transmission Handling) 52 6.11.1 Description 52 6.11.2 Conditions of Use 52 6.11.3 Impact on Security Status . 52 6.11.4 Command APDU . 52 6.11.5 Command Data Field 52 6.11.6 Response Data Field . 52 6.11.7 Status Word . 52 7. Operation . 53 7.1

27、Model of Computation . 53 7.2 Interindustry Data Objects . 53 8. Signature and Key Establishment Protocols 54 8.1 Signature Protocols . 54 8.1.1 Signature with Partial On-Card Hashing . 54 8.1.2 Signature with Full On-Card Hashing 54 8.1.3 Signature with Off-Card Hashing 54 8.1.4 Signature with Off-

28、Card Hashing using GENERAL AUTHENTICATE 55 8.1.5 Signature with ECC using GENERAL AUTHENTICATE 55 8.2 Key Establishment Protocols 55 8.2.1 Key Establishment using Symmetric Key (Internal Authenticate) . 55 8.2.2 Key Establishment using Symmetric Key (Mutual Authenticate) 56 8.2.3 Key Establishment u

29、sing Symmetric Key (Mutual Authenticate and Data Integrity) 58 8.2.4 Key Establishment using Symmetric Key (based on SCP03) . 59 8.2.5 RSA Key Transport . 61 8.2.6 Key Establishment using an RSA Key Pair . 62 8.2.7 Key Establishment with an ECC Key Pair, Diffie-Hellman C(1,1,ECC CDH) . 63 8.2.8 OPAC

30、ITY with Zero Key Management . 66 8.2.9 OPACITY with Full Secrecy 73 8.2.10 Notations Used in This Section . 78 8.3 Session Key Establishment . 80 8.3.1 Session keys . 80 8.3.2 Session key type as a function of authentication key . 80 8.3.3 Key derivation function from pre-master secret 81 8.3.4 Key

31、 derivation function using Pseudo-random Function 81 8.3.5 Key derivation type as a function of key establishment protocol 82 iv 9. Secure Messaging . 83 9.1 AES Secure Messaging 83 9.1.1 Abbreviations Used in this Section 83 9.1.2 Computation Rules 83 9.1.3 Command MAC without confidentiality . 84

32、9.1.4 Command MAC with Confidentiality . 85 9.1.5 Response MAC without confidentiality 86 9.1.6 Response MAC with Confidentiality 87 Annex A Examples (Informative) . 88 A.1 Retrieving Data from Inside Constructed Data Objects 88 A.2 Examples of GENERAL AUTHENTICATE . 89 A.2.1 INTERNAL AUTHENTICATE .

33、 89 A.2.2 GET CHALLENGE . 89 A.2.3 EXTERNAL AUTHENTICATE 90 A.2.4 MUTUAL AUTHENTICATE 90 A.3 Efficient Mutual Authentication using GENERAL AUTHENTICATE . 90 A.4 Computing a Cryptographic Checksum 91 A.5 Evolution . 92 A.5.1 Nesting of Application Dedicated Files . 92 A.6 Encoding Security Objects 92

34、 A.7 Security Attribute Examples 93 Annex B SAM Interface for Opacity (Informative) 95 B.1 OPACITY with Full Secrecy . 95 B.2 OPACITY with Zero Key Management . 100 Annex C - Bibliography (Informative). 104 Table 1: EF ATR/INFO Data Object 11 Table 2: Card Verifiable Certificate Data Objects . 13 Ta

35、ble 3: Card Verifiable Certificate format 15 Table 4: X.509 Certificate format 15 Table 5: Security Attribute specific to Physical Interface (tag A3) 18 Table 6: Physical Interface Byte (tag 91) 18 Table 7: Security Attribute in Compact Form 18 Table 8: Security Condition Byte . 19 Table 9: Class By

36、te . 20 Table 10: Control Parameter DOs for ADF . 20 Table 11: Control Parameter DOs for EF 21 Table 12: Control Parameters DOs for Security Object 21 Table 13: Data Usage Parameters in Security Parameter Template (tag AD) . 22 Table 14: File Management Data Objects 23 Table 15: Application Template

37、 Data Objects . 23 Table 16: File Descriptor Byte . 23 Table 17: Life Cycle Status Byte . 24 Table 18: Security Environment Data Objects 24 Table 19: Access Mode Byte for Data Objects . 24 Table 20: Access Mode Byte for Authentication Objects 25 Table 21: Access Mode Byte for Private Keys 25 Table 2

38、2: Access Mode Byte for Secret Keys . 25 Table 23: Cryptographic Mechanism Reference Values 26 Table 24: Cryptographic Mechanism Identifier Template . 27 Table 25: Reference Data Qualifier 27 Table 26: Control Reference Templates . 28 Table 27: Key Security Object Tags in Control Reference Templates

39、 . 28 Table 28: Authentication Security Object Tags in Control Reference Templates . 28 Table 29: Usage Qualifier Byte . 29 Table 30: Hash Algorithm Assignment 31 v Table 31: DST Assignment . 31 Table 32: Digest Values 31 Table 33: Cryptographic Mechanism Reference (symmetric keys) for CT CRT . 32 T

40、able 34: Cryptographic Mechanism Reference (asymmetric keys) for CT CRT . 32 Table 35: Secure Message Data Objects . 33 Table 36: Padding-Content Indicator Byte 33 Table 37: First byte of a PIN Usage Policy Data Object . 33 Table 38: Second byte of a PIN Usage Policy Data Object 34 Table 39: SELECT

41、Command 35 Table 40: Encoding P2 for SELECT Command 36 Table 41: SELECT Status Words . 36 Table 42: SELECT Command 37 Table 43: Encoding P2 for SELECT Command 37 Table 44: SELECT Status Words . 37 Table 45: SELECT DATA Command 38 Table 46: Encoding P2 for SELECT DATA Command . 38 Table 47: SELECT DA

42、TA Status Words . 38 Table 48: GET DATA Command 39 Table 49: GET DATA Status Words . 40 Table 50: PUT DATA Command . 41 Table 51: PUT DATA Status Words 42 Table 52: VERIFY Command 43 Table 53: VERIFY Data Objects . 43 Table 54: VERIFY Status Words 44 Table 55: CHANGE REFERENCE DATA Command . 45 Tabl

43、e 56: CHANGE REFERENCE DATA Status Words 45 Table 57: RESET RETRY COUNTER Command 46 Table 58: RESET RETRY COUNTER Status Words . 47 Table 59: MANAGE SECURITY ENVIRONMENT Command 47 Table 60: Operation of MANAGE SECURITY ENVIRONMENT . 48 Table 61: MANAGE SECURITY ENVIRONMENT Status Words . 48 Table

44、62: GENERAL AUTHENTICATE Command 49 Table 63: GENERAL AUTHENTICATE Data Objects 49 Table 64: GENERAL AUTHENTICATE Status Words . 50 Table 65: PERFORM SECURITY OPERATION Command . 50 Table 66: P1-P2 of PERFORM SECURITY OPERATION Command 51 Table 67: PERFORM SECURITY OPERATION Status Words 51 Table 68

45、: GET RESPONSE Command 52 Table 69: GET RESPONSE Command Status Words . 52 Table 70: Interindustry Data Objects 53 Table 71: Signature with Partial On-Card Hashing . 54 Table 72: Signature with Full On-Card Hashing . 54 Table 73: Signature with Off-Card Hashing 54 Table 74: Signature with Off-Card H

46、ashing using GENERAL AUTHENTICATE . 55 Table 75: Signature with ECC using GENERAL AUTHENTICATE 55 Table 76: Internal Authentication using a Symmetric Key 56 Table 77: Mutual Authentication using a Symmetric Key . 57 Table 78: Mutual Authentication using a Symmetric Key with Data Integrity . 59 Table

47、 79: Key Establishment using Symmetric Key (based on SCP03) 60 Table 80: Explanation of terms . 61 Table 81: Security Level Encoding . 61 Table 82: Minimum Security Level Encoding 61 Table 83: RSA Key Transport . 62 Table 84: Key Establishment using an RSA Key Pair 63 Table 85: Key Establishment usi

48、ng ECC Algorithm 64 Table 86: Key Establishment using an ECC Key Pair 65 vi Table 87: Opacity ZKM Client Application Steps 68 Table 88: Opacity ZKM ICC Steps 70 Table 89: IFD Control Byte Encoding . 70 Table 90: ICC Control Byte Encoding . 71 Table 91: Cipher Suites Encoding 71 Table 92: Opacity ZKM

49、, APDU Protocol . 72 Table 93: Opacity Full Secrecy Client Application Steps 75 Table 94: Opacity Full Secrecy ICC Steps 77 Table 95: Opacity Full Secrecy APDU Steps 78 Table 96: Notation and Glossary for Section 8 . 79 Table 97: Session Key established as a function of authentication key used 80 Table 98: Cryptographic Algorithm and Required Pre-master Secret Size 81 Table 99: Data Derivation Constants 82 Table 100: KDF as a Function of Key Establishment Protocol . 82 Table 101: INTERNAL AUTHENTICATE 89 Table 102: GET CHALLENGE 89

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1