ANSI INCITS 504-1-2013 Information Technology - Generic Identity Command Set - Part 1 Card Application Command Set.pdf

1、American National StandardDeveloped byfor Information Technology Generic Identity Command Set Part 1: Card Application Command SetINCITS 504-1-2013INCITS 504-1-2013INCITS 504-1-2013American National Standardfor Information Technology Generic Identity Command Set Part 1: Card Application Command SetS

2、ecretariatInformation Technology Industry CouncilApproved April 24, 2013American National Standards Institute, Inc.Approval of an American National Standard requires review by ANSI that therequirements for due process, consensus, and other criteria for approval havebeen met by the standards develope

3、r.Consensus is established when, in the judgement of the ANSI Board ofStandards Review, substantial agreement has been reached by directly andmaterially affected interests. Substantial agreement means much more thana simple majority, but not necessarily unanimity. Consensus requires that allviews an

4、d objections be considered, and that a concerted effort be madetowards their resolution.The use of American National Standards is completely voluntary; theirexistence does not in any respect preclude anyone, whether he has approvedthe standards or not, from manufacturing, marketing, purchasing, or u

5、singproducts, processes, or procedures not conforming to the standards.The American National Standards Institute does not develop standards andwill in no circumstances give an interpretation of any American NationalStandard. Moreover, no person shall have the right or authority to issue aninterpreta

6、tion of an American National Standard in the name of the AmericanNational Standards Institute. Requests for interpretations should beaddressed to the secretariat or sponsor whose name appears on the titlepage of this standard.CAUTION NOTICE: This American National Standard may be revised orwithdrawn

7、 at any time. The procedures of the American National StandardsInstitute require that action be taken periodically to reaffirm, revise, orwithdraw this standard. Purchasers of American National Standards mayreceive current information on all standards by calling or writing the AmericanNational Stand

8、ards Institute.American National StandardPublished byAmerican National Standards Institute, Inc.25 West 43rd Street, New York, NY 10036Copyright 2013 by Information Technology Industry Council (ITI)All rights reserved.No part of this publication may be reproduced in anyform, in an electronic retriev

9、al system or otherwise,without prior written permission of ITI, 1101 K Street NW, Suite 610, Washington, DC 20005. Printed in the United States of AmericaCAUTION: The developers of this standard have requested that holders of patents that may be re-quired for the implementation of the standard discl

10、ose such patents to the publisher. However, nei-ther the developers nor the publisher have undertaken a patent search in order to identify which, ifany, patents may apply to this standard. As of the date of publication of this standard, followingcalls for the identification of patents that may be re

11、quired for the implementation of the standard,notice of one or more such claims has been received. By publication of this standard, no positionis taken with respect to the validity of this claim or of any rights in connection therewith. The knownpatent holder(s) has (have), however, filed a statemen

12、t of willingness to grant a license underthese rights on reasonable and nondiscriminatory terms and conditions to applicants desiring to ob-tain such a license. Details may be obtained from the publisher. No further patent search is con-ducted by the developer or publisher in respect to any standard

13、 it processes. No representation ismade or implied that this is the only license that may be required to avoid infringement in the use ofthis standard.Table of Contents Foreword . vii 1. Overview 1 1.1 Scope 1 1.2 Purpose . 2 1.3 Normative References 2 2. Definitions, abbreviations and conventions .

14、 4 2.1 Terms and Definitions . 4 2.2 Acronyms, Abbreviations and Symbols 5 2.3 Conventions 8 3. Data Structures for GICS-Applications 10 3.1 Global Objects . 10 3.1.1 EF.ATR/INFO 10 3.1.2 EF.DIR . 11 3.1.3 Card Capability Description . 11 3.2 Files . 11 3.2.1 Application Dedicated Files . 12 3.2.2 E

15、lementary Files 12 3.2.3 Certificate Formats 13 3.3 Data Objects 15 3.3.1 File Templates . 16 4. Security Architecture 17 4.1 Access Control Rule 17 4.2 Security Status 17 4.3 Security Attributes . 17 4.3.1 Security Condition Byte . 19 5. Assigned Values 20 5.1 Class Byte . 20 5.2 Control Parameters

16、 . 20 5.2.1 Control Parameters for ADF 20 5.2.2 Control Parameters for Files . 20 5.2.3 Control Parameters for Security Object DO 21 5.3 Security Parameter Template . 22 5.4 File Management Data 23 5.5 Application Template Data Object . 23 5.6 File Descriptor Byte . 23 5.7 Life Cycle Status . 23 5.8

17、 Security Environment 24 5.9 Access Mode Byte for Data Objects . 24 5.10 Access Mode Byte for Authentication Objects 25 5.11 Access Mode Byte for Private Keys 25 5.12 Access Mode Byte for Secret Keys . 25 5.13 Access Mode Byte for ADF . 25 5.14 Cryptographic Mechanisms . 26 5.15 Reference Data Quali

18、fier . 27 5.16 Control Reference Templates . 27 5.16.1 Authentication (AT) . 30 5.16.2 Key Agreement (KAT) . 30 5.16.3 Hash Template (HT) 30 5.16.4 Cryptographic Checksum (CCT) . 31 5.16.5 Digital Signature (DST) . 31 5.16.6 Confidentiality (CT) . 32 5.17 Secure Message Data Objects . 32 5.18 Paddin

19、g-Content Indicator Byte 33 iii 5.19 PIN Usage Policy 33 6. Generic Identity Command Set Application 35 6.1 SELECT 35 6.1.1 Description 35 6.1.2 Conditions of Use 35 6.1.3 Impact on Security Status . 35 6.1.4 Command APDU . 35 6.2 SELECT DATA 38 6.2.1 Description 38 6.2.2 Conditions of Use 38 6.2.3

20、Impact on Security Status . 38 6.2.4 Command APDU . 38 6.2.5 Status Word . 38 6.3 GET DATA 39 6.3.1 Description 39 6.3.2 Conditions of Use 39 6.3.3 Impact on Security Status . 39 6.3.4 Command APDU . 39 6.3.5 Command Data Field 39 6.3.6 Response Data Field . 40 6.3.7 Status Word . 40 6.4 PUT DATA .

21、41 6.4.1 Description 41 6.4.2 Conditions of Use 41 6.4.3 Impact on Security Status . 41 6.4.4 Command APDU . 41 6.4.5 Command Data Field 41 6.4.6 Response Data Field . 42 6.4.7 Status Word . 42 6.5 VERIFY . 42 6.5.1 Description 42 6.5.2 Conditions of Use 42 6.5.3 Impact on Security Status . 43 6.5.4

22、 Command APDU . 43 6.5.5 Command Data Field 43 6.5.6 Response Data Field . 43 6.5.7 Status Word . 43 6.6 CHANGE REFERENCE DATA . 44 6.6.1 Description 44 6.6.2 Conditions of Use 44 6.6.3 Impact on Security Status . 44 6.6.4 Command APDU . 45 6.6.5 Command Data Field 45 6.6.6 Response Data Field . 45

23、6.6.7 Status Word . 45 6.7 RESET RETRY COUNTER 46 6.7.1 Description 46 6.7.2 Conditions of Use 46 6.7.3 Impact on Security Status . 46 6.7.4 Command APDU . 46 6.7.5 Command Data Field 46 6.7.6 Response Data Field . 47 6.7.7 Status Word . 47 6.8 MANAGE SECURITY ENVIRONMENT Set . 47 6.8.1 Description

24、47 6.8.2 Conditions of Use 47 iii 6.8.3 Impact on Security Status . 47 6.8.4 Command APDU . 47 6.8.5 Command Data Field 48 6.8.6 Response Data Field . 48 6.8.7 Status Word . 48 6.9 GENERAL AUTHENTICATE 48 6.9.1 Description 48 6.9.2 Conditions of Use 49 6.9.3 Impact on Security Status . 49 6.9.4 Comm

25、and APDU . 49 6.9.5 Command Data Field 49 6.9.6 Response Data Field . 50 6.9.7 Status Word . 50 6.10 PERFORM SECURITY OPERATION . 50 6.10.1 Description 50 6.10.2 Conditions of Use 50 6.10.3 Impact on Security Status . 50 6.10.4 Command APDU . 50 6.10.5 Command Data Field 51 6.10.6 Response Data Fiel

26、d . 51 6.10.7 Status Word . 51 6.11 GET RESPONSE (for Transmission Handling) 52 6.11.1 Description 52 6.11.2 Conditions of Use 52 6.11.3 Impact on Security Status . 52 6.11.4 Command APDU . 52 6.11.5 Command Data Field 52 6.11.6 Response Data Field . 52 6.11.7 Status Word . 52 7. Operation . 53 7.1

27、Model of Computation . 53 7.2 Interindustry Data Objects . 53 8. Signature and Key Establishment Protocols 54 8.1 Signature Protocols . 54 8.1.1 Signature with Partial On-Card Hashing . 54 8.1.2 Signature with Full On-Card Hashing 54 8.1.3 Signature with Off-Card Hashing 54 8.1.4 Signature with Off-

28、Card Hashing using GENERAL AUTHENTICATE 55 8.1.5 Signature with ECC using GENERAL AUTHENTICATE 55 8.2 Key Establishment Protocols 55 8.2.1 Key Establishment using Symmetric Key (Internal Authenticate) . 55 8.2.2 Key Establishment using Symmetric Key (Mutual Authenticate) 56 8.2.3 Key Establishment u

29、sing Symmetric Key (Mutual Authenticate and Data Integrity) 58 8.2.4 Key Establishment using Symmetric Key (based on SCP03) . 59 8.2.5 RSA Key Transport . 61 8.2.6 Key Establishment using an RSA Key Pair . 62 8.2.7 Key Establishment with an ECC Key Pair, Diffie-Hellman C(1,1,ECC CDH) . 63 8.2.8 OPAC

30、ITY with Zero Key Management . 66 8.2.9 OPACITY with Full Secrecy 73 8.2.10 Notations Used in This Section . 78 8.3 Session Key Establishment . 80 8.3.1 Session keys . 80 8.3.2 Session key type as a function of authentication key . 80 8.3.3 Key derivation function from pre-master secret 81 8.3.4 Key

31、 derivation function using Pseudo-random Function 81 8.3.5 Key derivation type as a function of key establishment protocol 82 iv 9. Secure Messaging . 83 9.1 AES Secure Messaging 83 9.1.1 Abbreviations Used in this Section 83 9.1.2 Computation Rules 83 9.1.3 Command MAC without confidentiality . 84

32、9.1.4 Command MAC with Confidentiality . 85 9.1.5 Response MAC without confidentiality 86 9.1.6 Response MAC with Confidentiality 87 Annex A Examples (Informative) . 88 A.1 Retrieving Data from Inside Constructed Data Objects 88 A.2 Examples of GENERAL AUTHENTICATE . 89 A.2.1 INTERNAL AUTHENTICATE .

33、 89 A.2.2 GET CHALLENGE . 89 A.2.3 EXTERNAL AUTHENTICATE 90 A.2.4 MUTUAL AUTHENTICATE 90 A.3 Efficient Mutual Authentication using GENERAL AUTHENTICATE . 90 A.4 Computing a Cryptographic Checksum 91 A.5 Evolution . 92 A.5.1 Nesting of Application Dedicated Files . 92 A.6 Encoding Security Objects 92

34、 A.7 Security Attribute Examples 93 Annex B SAM Interface for Opacity (Informative) 95 B.1 OPACITY with Full Secrecy . 95 B.2 OPACITY with Zero Key Management . 100 Annex C - Bibliography (Informative). 104 Table 1: EF ATR/INFO Data Object 11 Table 2: Card Verifiable Certificate Data Objects . 13 Ta

35、ble 3: Card Verifiable Certificate format 15 Table 4: X.509 Certificate format 15 Table 5: Security Attribute specific to Physical Interface (tag A3) 18 Table 6: Physical Interface Byte (tag 91) 18 Table 7: Security Attribute in Compact Form 18 Table 8: Security Condition Byte . 19 Table 9: Class By

36、te . 20 Table 10: Control Parameter DOs for ADF . 20 Table 11: Control Parameter DOs for EF 21 Table 12: Control Parameters DOs for Security Object 21 Table 13: Data Usage Parameters in Security Parameter Template (tag AD) . 22 Table 14: File Management Data Objects 23 Table 15: Application Template

37、 Data Objects . 23 Table 16: File Descriptor Byte . 23 Table 17: Life Cycle Status Byte . 24 Table 18: Security Environment Data Objects 24 Table 19: Access Mode Byte for Data Objects . 24 Table 20: Access Mode Byte for Authentication Objects 25 Table 21: Access Mode Byte for Private Keys 25 Table 2

38、2: Access Mode Byte for Secret Keys . 25 Table 23: Cryptographic Mechanism Reference Values 26 Table 24: Cryptographic Mechanism Identifier Template . 27 Table 25: Reference Data Qualifier 27 Table 26: Control Reference Templates . 28 Table 27: Key Security Object Tags in Control Reference Templates

39、 . 28 Table 28: Authentication Security Object Tags in Control Reference Templates . 28 Table 29: Usage Qualifier Byte . 29 Table 30: Hash Algorithm Assignment 31 v Table 31: DST Assignment . 31 Table 32: Digest Values 31 Table 33: Cryptographic Mechanism Reference (symmetric keys) for CT CRT . 32 T

40、able 34: Cryptographic Mechanism Reference (asymmetric keys) for CT CRT . 32 Table 35: Secure Message Data Objects . 33 Table 36: Padding-Content Indicator Byte 33 Table 37: First byte of a PIN Usage Policy Data Object . 33 Table 38: Second byte of a PIN Usage Policy Data Object 34 Table 39: SELECT

41、Command 35 Table 40: Encoding P2 for SELECT Command 36 Table 41: SELECT Status Words . 36 Table 42: SELECT Command 37 Table 43: Encoding P2 for SELECT Command 37 Table 44: SELECT Status Words . 37 Table 45: SELECT DATA Command 38 Table 46: Encoding P2 for SELECT DATA Command . 38 Table 47: SELECT DA

42、TA Status Words . 38 Table 48: GET DATA Command 39 Table 49: GET DATA Status Words . 40 Table 50: PUT DATA Command . 41 Table 51: PUT DATA Status Words 42 Table 52: VERIFY Command 43 Table 53: VERIFY Data Objects . 43 Table 54: VERIFY Status Words 44 Table 55: CHANGE REFERENCE DATA Command . 45 Tabl

43、e 56: CHANGE REFERENCE DATA Status Words 45 Table 57: RESET RETRY COUNTER Command 46 Table 58: RESET RETRY COUNTER Status Words . 47 Table 59: MANAGE SECURITY ENVIRONMENT Command 47 Table 60: Operation of MANAGE SECURITY ENVIRONMENT . 48 Table 61: MANAGE SECURITY ENVIRONMENT Status Words . 48 Table

44、62: GENERAL AUTHENTICATE Command 49 Table 63: GENERAL AUTHENTICATE Data Objects 49 Table 64: GENERAL AUTHENTICATE Status Words . 50 Table 65: PERFORM SECURITY OPERATION Command . 50 Table 66: P1-P2 of PERFORM SECURITY OPERATION Command 51 Table 67: PERFORM SECURITY OPERATION Status Words 51 Table 68

45、: GET RESPONSE Command 52 Table 69: GET RESPONSE Command Status Words . 52 Table 70: Interindustry Data Objects 53 Table 71: Signature with Partial On-Card Hashing . 54 Table 72: Signature with Full On-Card Hashing . 54 Table 73: Signature with Off-Card Hashing 54 Table 74: Signature with Off-Card H

46、ashing using GENERAL AUTHENTICATE . 55 Table 75: Signature with ECC using GENERAL AUTHENTICATE 55 Table 76: Internal Authentication using a Symmetric Key 56 Table 77: Mutual Authentication using a Symmetric Key . 57 Table 78: Mutual Authentication using a Symmetric Key with Data Integrity . 59 Table

47、 79: Key Establishment using Symmetric Key (based on SCP03) 60 Table 80: Explanation of terms . 61 Table 81: Security Level Encoding . 61 Table 82: Minimum Security Level Encoding 61 Table 83: RSA Key Transport . 62 Table 84: Key Establishment using an RSA Key Pair 63 Table 85: Key Establishment usi

48、ng ECC Algorithm 64 Table 86: Key Establishment using an ECC Key Pair 65 vi Table 87: Opacity ZKM Client Application Steps 68 Table 88: Opacity ZKM ICC Steps 70 Table 89: IFD Control Byte Encoding . 70 Table 90: ICC Control Byte Encoding . 71 Table 91: Cipher Suites Encoding 71 Table 92: Opacity ZKM

49、, APDU Protocol . 72 Table 93: Opacity Full Secrecy Client Application Steps 75 Table 94: Opacity Full Secrecy ICC Steps 77 Table 95: Opacity Full Secrecy APDU Steps 78 Table 96: Notation and Glossary for Section 8 . 79 Table 97: Session Key established as a function of authentication key used 80 Table 98: Cryptographic Algorithm and Required Pre-master Secret Size 81 Table 99: Data Derivation Constants 82 Table 100: KDF as a Function of Key Establishment Protocol . 82 Table 101: INTERNAL AUTHENTICATE 89 Table 102: GET CHALLENGE 89