Posted on 2006-05-03 23:22
奔跑的阿甘 阅读(1360)
评论(0) 编辑 收藏 引用 所属分类:
ATM Technology/EMV Notes
DDA(Dynamic data authentication) is performed by the terminal using a digital signature
scheme based on public key techniques to authenticate the ICC, and confirm the
legitimacy of critical ICC-resident/generated data and data received from the
terminal. This precludes the counterfeiting of any such card.
DDA的思路是把每个CERTIFICATE作为输入通过指定的算法进行还原(RECOVER),对还原
后的结果数据进行逐项地校验,若有任何一项不满足则DDA失败,当且仅当所有的项目都通过
后DDA才成功。
一 ICC必须包含的数据
a) Certification Authority Public Key Index
b) Issuer Public Key Certificate
c) ICC Public Key Certificate
d) Issuer Public Key Remainder
e) Issuer Public Key Exponent
f) ICC Public Key Remainder
g) ICC Public Key Exponent
h) ICC Private Key : An ICC internal variable-length data element used to
generate the Signed Dynamic Application Data.
i) Signed Dynamic Application Data: A variable-length data element generated by
the ICC using the private key that corresponds to the public key authenticated
in the ICC Public Key Certificate. It is a digital signature covering critical ICCresident/
generated and terminal data elements,
二 Terminal应保存数据:
a) Six CA public keys per RID(Registered Application Provider Identifier)
b) Key-related information for each CA public key
c) Corresponding algorithm
三 DDA的执行过程按次序分为四个步骤,任何一个步骤若出现异常则DDA失败,只有所有
步骤都完成后DDA才成功:
a) Retrieval of the Certification Authority Public Key
The terminal reads the Certification Authority Public Key Index. Using this index
and the RID, the terminal can identify and retrieve the terminal-stored
Certification Authority Public Key Modulus and Exponent and the associated keyrelated
information, and the corresponding algorithm to be used. If the terminal
does not have the key stored associated with this index and RID, dynamic data
authentication has failed.
b) Retrieval of the Issuer Public Key
1. If the Issuer Public Key Certificate has a length different from the length of the
Certification Authority Public Key Modulus obtained in the previous section,
dynamic data authentication has failed.
2. In order to obtain the recovered data specified in Table 9, apply the recovery
function specified in Annex A2.1 on the Issuer Public Key Certificate using the
Certification Authority Public Key in conjunction with the corresponding
algorithm. If the Recovered Data Trailer is not equal to ‘BC’, dynamic data
authentication has failed.
3. Check the Recovered Data Header. If it is not ‘6A’, dynamic data authentication
has failed.
4. Check the Certificate Format. If it is not ‘02’, dynamic data authentication has
failed.
5. Concatenate from left to right the second to the tenth data elements in Table 9
(that is, Certificate Format through Issuer Public Key or Leftmost Digits of the
Issuer Public Key), followed by the Issuer Public Key Remainder (if present) and
finally the Issuer Public Key Exponent.
6. Apply the indicated hash algorithm (derived from the Hash Algorithm Indicator)
to the result of the concatenation of the previous step to produce the hash result.
7. Compare the calculated hash result from the previous step with the recovered
Hash Result. If they are not the same, dynamic data authentication has failed.
8. Verify that the Issuer Identification Number matches the leftmost 3-8 PAN digits
(allowing for the possible padding of the Issuer Identification Number with
hexadecimal ‘F’s). If not, dynamic data authentication has failed.
9. Verify that the last day of the month specified in the Certificate Expiration Date
is equal to or later than today's date. If the Certificate Expiration Date is earlier
than today's date, the certificate has expired, in which case dynamic data
authentication has failed.
10.Verify that the concatenation of RID, Certification Public Key Index, and
Certificate Serial Number is valid. If not, dynamic data authentication has
failed.
11.If the Issuer Public Key Algorithm Indicator is not recognised, dynamic data
authentication has failed.
12.If all the checks above are correct, concatenate the Leftmost Digits of the Issuer
Public Key and the Issuer Public Key Remainder (if present) to obtain the Issuer
Public Key Modulus, and continue with the next steps for the retrieval of the ICC
Public Key.
c) Retrieval of the ICC Public Key
1. If the ICC Public Key Certificate has a length different from the length of the
Issuer Public Key Modulus obtained in the previous section, dynamic data
authentication has failed.
2. In order to obtain the recovered data specified in Table 10, apply the recovery
function specified in Annex A2.1 on the ICC Public Key Certificate using the
Issuer Public Key in conjunction with the corresponding algorithm. If the
Recovered Data Trailer is not equal to ‘BC’, dynamic data authentication has
failed.
3. Check the Recovered Data Header. If it is not ‘6A’, dynamic data authentication
has failed.
4. Check the Certificate Format. If it is not ‘04’, dynamic data authentication has
failed.
5. Concatenate from left to right the second to the tenth data elements in Table 10
(that is, Certificate Format through ICC Public Key or Leftmost Digits of the ICC
Public Key), followed by the ICC Public Key Remainder (if present), the ICC
Public Key Exponent and finally the static data to be authenticated specified in
Part II of Book 3 of these specifications. If the Static Data Authentication Tag
List is present and contains tags other than ‘82’, then dynamic data
authentication has failed.
6. Apply the indicated hash algorithm (derived from the Hash Algorithm Indicator)
to the result of the concatenation of the previous step to produce the hash result.
7. Compare the calculated hash result from the previous step with the recovered
Hash Result. If they are not the same, dynamic data authentication has failed.
8. Check if the recovered PAN is equal to the Application PAN, read from the ICC.
If not, dynamic data authentication has failed.
9. Verify that the last day of the month specified in the Certificate Expiration Date
is equal to or later than today's date. If not, dynamic data authentication has
failed.
10.If the ICC Public Key Algorithm Indicator is not recognised, dynamic data
authentication has failed.
11.If all the checks above are correct, concatenate the Leftmost Digits of the ICC
Public Key and the ICC Public Key Remainder (if present) to obtain the ICC
Public Key Modulus, and continue with the actual dynamic data authentication
described in the two sections below.
d) Dynamic Data Authentication
分为STANDARD和COMBINED两种方式。
d.1 Standard Dynamic Data Authentication
d.1.1. Dynamic Signature Generation
Terminal向ICC发送一个INTERNAL AUTHENTICATE命令并附带DDOL中定义的数据(
称为Terminal Dynamic Data)。
ICC对Terminal Dynamic Data重新组合及格式化处理后生成Dynamic Application Data。
ICC对Dynamic Application Data用自己的私钥和相应算法进行签名,最终生成
Signed Dynamic Application Data.
d.1.2. Dynamic Signature Verification
接下来的过程和SDA类似。
1. If the Signed Dynamic Application Data has a length different from the length of
the ICC Public Key Modulus, dynamic data authentication has failed.
2. To obtain the recovered data specified in Table 13, apply the recovery function
specified in Annex A2.1 on the Signed Dynamic Application Data using the ICC
Public Key in conjunction with the corresponding algorithm. If the Recovered
Data Trailer is not equal to ‘BC’, dynamic data authentication has failed.
3. Check the Recovered Data Header. If it is not ‘6A’, dynamic data authentication
has failed.
4. Check the Signed Data Format. If it is not ‘05’, dynamic data authentication has
failed.
5. Concatenate from left to right the second to the sixth data elements in Table 13
(that is, Signed Data Format through Pad Pattern), followed by the data
elements specified by the DDOL.
6. Apply the indicated hash algorithm (derived from the Hash Algorithm Indicator)
to the result of the concatenation of the previous step to produce the hash result.
7. Compare the calculated hash result from the previous step with the recovered
Hash Result. If they are not the same, dynamic data authentication has failed.
If all the above steps were executed successfully, dynamic data authentication was
successful. The ICC Dynamic Number contained in the ICC Dynamic Data
recovered in Table 13 shall be stored in Tag ‘9F4C’.
d.2 Combined Dynamic Data Authentication/Application Cryptogram Generation
和d.1一样需要Signature creation和verification两步,不同的是在creation中,d.2需要
Cryptogram Information Data object参与组成 ICC Dynamic Data,进而格式化成相应
的Dynamic Application Data,然后用其私钥和算法进行签名,形成Signed Dynamic
Application Data.
Verification过程同d.1类似。