Posted on 2006-05-03 23:22
奔跑的阿甘 閱讀(1389)
評論(0) 編輯 收藏 引用 所屬分類:
ATM Technology/EMV Notes
DDA(Dynamic data authentication) is performed by the terminal using a digital signature
scheme based on public key techniques to authenticate the ICC, and confirm the
legitimacy of critical ICC-resident/generated data and data received from the
terminal. This precludes the counterfeiting of any such card.
DDA的思路是把每個CERTIFICATE作為輸入通過指定的算法進行還原(RECOVER),對還原
后的結果數據進行逐項地校驗,若有任何一項不滿足則DDA失敗,當且僅當所有的項目都通過
后DDA才成功。
一 ICC必須包含的數據
a) Certification Authority Public Key Index
b) Issuer Public Key Certificate
c) ICC Public Key Certificate
d) Issuer Public Key Remainder
e) Issuer Public Key Exponent
f) ?ICC Public Key Remainder
g) ICC Public Key Exponent
h) ICC Private Key : An ICC internal variable-length data element used to
generate the Signed Dynamic Application Data.
i)? Signed Dynamic Application Data: A variable-length data element generated by
the ICC using the private key that corresponds to the public key authenticated
in the ICC Public Key Certificate. It is a digital signature covering critical ICCresident/
generated and terminal data elements,
二 Terminal應保存數據:
a) Six CA public keys per RID(Registered Application Provider Identifier)
b) Key-related information for each CA public key
c) Corresponding algorithm
三 DDA的執行過程按次序分為四個步驟,任何一個步驟若出現異常則DDA失敗,只有所有
步驟都完成后DDA才成功:
a) Retrieval of the Certification Authority Public Key
The terminal reads the Certification Authority Public Key Index. Using this index
and the RID, the terminal can identify and retrieve the terminal-stored
Certification Authority Public Key Modulus and Exponent and the associated keyrelated
information, and the corresponding algorithm to be used. If the terminal
does not have the key stored associated with this index and RID, dynamic data
authentication has failed.
b) Retrieval of the Issuer Public Key
1. If the Issuer Public Key Certificate has a length different from the length of the
Certification Authority Public Key Modulus obtained in the previous section,
dynamic data authentication has failed.
2. In order to obtain the recovered data specified in Table 9, apply the recovery
function specified in Annex A2.1 on the Issuer Public Key Certificate using the
Certification Authority Public Key in conjunction with the corresponding
algorithm. If the Recovered Data Trailer is not equal to ‘BC’, dynamic data
authentication has failed.
3. Check the Recovered Data Header. If it is not ‘6A’, dynamic data authentication
has failed.
4. Check the Certificate Format. If it is not ‘02’, dynamic data authentication has
failed.
5. Concatenate from left to right the second to the tenth data elements in Table 9
(that is, Certificate Format through Issuer Public Key or Leftmost Digits of the
Issuer Public Key), followed by the Issuer Public Key Remainder (if present) and
finally the Issuer Public Key Exponent.
6. Apply the indicated hash algorithm (derived from the Hash Algorithm Indicator)
to the result of the concatenation of the previous step to produce the hash result.
7. Compare the calculated hash result from the previous step with the recovered
Hash Result. If they are not the same, dynamic data authentication has failed.
8. Verify that the Issuer Identification Number matches the leftmost 3-8 PAN digits
(allowing for the possible padding of the Issuer Identification Number with
hexadecimal ‘F’s). If not, dynamic data authentication has failed.
9. Verify that the last day of the month specified in the Certificate Expiration Date
is equal to or later than today's date. If the Certificate Expiration Date is earlier
than today's date, the certificate has expired, in which case dynamic data
authentication has failed.
10.Verify that the concatenation of RID, Certification Public Key Index, and
Certificate Serial Number is valid. If not, dynamic data authentication has
failed.
11.If the Issuer Public Key Algorithm Indicator is not recognised, dynamic data
authentication has failed.
12.If all the checks above are correct, concatenate the Leftmost Digits of the Issuer
Public Key and the Issuer Public Key Remainder (if present) to obtain the Issuer
Public Key Modulus, and continue with the next steps for the retrieval of the ICC
Public Key.
c) Retrieval of the ICC Public Key
1. If the ICC Public Key Certificate has a length different from the length of the
Issuer Public Key Modulus obtained in the previous section, dynamic data
authentication has failed.
2. In order to obtain the recovered data specified in Table 10, apply the recovery
function specified in Annex A2.1 on the ICC Public Key Certificate using the
Issuer Public Key in conjunction with the corresponding algorithm. If the
Recovered Data Trailer is not equal to ‘BC’, dynamic data authentication has
failed.
3. Check the Recovered Data Header. If it is not ‘6A’, dynamic data authentication
has failed.
4. Check the Certificate Format. If it is not ‘04’, dynamic data authentication has
failed.
5. Concatenate from left to right the second to the tenth data elements in Table 10
(that is, Certificate Format through ICC Public Key or Leftmost Digits of the ICC
Public Key), followed by the ICC Public Key Remainder (if present), the ICC
Public Key Exponent and finally the static data to be authenticated specified in
Part II of Book 3 of these specifications. If the Static Data Authentication Tag
List is present and contains tags other than ‘82’, then dynamic data
authentication has failed.
6. Apply the indicated hash algorithm (derived from the Hash Algorithm Indicator)
to the result of the concatenation of the previous step to produce the hash result.
7. Compare the calculated hash result from the previous step with the recovered
Hash Result. If they are not the same, dynamic data authentication has failed.
8. Check if the recovered PAN is equal to the Application PAN, read from the ICC.
If not, dynamic data authentication has failed.
9. Verify that the last day of the month specified in the Certificate Expiration Date
is equal to or later than today's date. If not, dynamic data authentication has
failed.
10.If the ICC Public Key Algorithm Indicator is not recognised, dynamic data
authentication has failed.
11.If all the checks above are correct, concatenate the Leftmost Digits of the ICC
Public Key and the ICC Public Key Remainder (if present) to obtain the ICC
Public Key Modulus, and continue with the actual dynamic data authentication
described in the two sections below.
d) Dynamic Data Authentication
分為STANDARD和COMBINED兩種方式。
d.1 Standard Dynamic Data Authentication
d.1.1. Dynamic Signature Generation
Terminal向ICC發送一個INTERNAL AUTHENTICATE命令并附帶DDOL中定義的數據(
稱為Terminal Dynamic Data)。
ICC對Terminal Dynamic Data重新組合及格式化處理后生成Dynamic Application Data。
ICC對Dynamic Application Data用自己的私鑰和相應算法進行簽名,最終生成
Signed Dynamic Application Data.
d.1.2. Dynamic Signature Verification
接下來的過程和SDA類似。
1. If the Signed Dynamic Application Data has a length different from the length of
the ICC Public Key Modulus, dynamic data authentication has failed.
2. To obtain the recovered data specified in Table 13, apply the recovery function
specified in Annex A2.1 on the Signed Dynamic Application Data using the ICC
Public Key in conjunction with the corresponding algorithm. If the Recovered
Data Trailer is not equal to ‘BC’, dynamic data authentication has failed.
3. Check the Recovered Data Header. If it is not ‘6A’, dynamic data authentication
has failed.
4. Check the Signed Data Format. If it is not ‘05’, dynamic data authentication has
failed.
5. Concatenate from left to right the second to the sixth data elements in Table 13
(that is, Signed Data Format through Pad Pattern), followed by the data
elements specified by the DDOL.
6. Apply the indicated hash algorithm (derived from the Hash Algorithm Indicator)
to the result of the concatenation of the previous step to produce the hash result.
7. Compare the calculated hash result from the previous step with the recovered
Hash Result. If they are not the same, dynamic data authentication has failed.
If all the above steps were executed successfully, dynamic data authentication was
successful. The ICC Dynamic Number contained in the ICC Dynamic Data
recovered in Table 13 shall be stored in Tag ‘9F4C’.
d.2 Combined Dynamic Data Authentication/Application Cryptogram Generation
和d.1一樣需要Signature creation和verification兩步,不同的是在creation中,d.2需要
Cryptogram Information?Data object參與組成 ICC Dynamic Data,進而格式化成相應
的Dynamic Application Data,然后用其私鑰和算法進行簽名,形成Signed Dynamic
Application Data.
Verification過程同d.1類似。