Monday, February 20, 2012

Mutual Authentication between ICC and IFD

ICC - Integrated Circuit Card (aka smart card)
IFD - Interface Device (aka smart card reader)

There are variety standards or methods for such. Among others are ISO 7816-4, EN 1546, and Unilateral Authentication. The following table displays an example of mutual authentication according to ISO 7816-4 standards.

IFD (Terminal)
ICC (Chip)
Remarks
XIFD =
E(KIFD, RNDIFD||RNDICC)


A figure XIFD is sent to ICC to decrypt. XIFD is the encryption of Master Key KIFD which is the combination of seed keys from both IFD and ICC (RNDIFD   and RNDICC ).
Mutual Authenticate(XIFD)

RND’IFD||RND’ICC =
 D(KICC, XIFD)

XIFD will be decrypted at ICC to obtain the value of Master Key KICC , which will then revealed the calculated seed keys (RND’IFD   and RND’ICC ).         

RND’ICC = RNDICC   ?
The calculated value RND’ICC is compared with RNDICC . If seed keys matched, ICC regards IFD as a trusted source.

XICC =
E(KICC, RNDICC||RND’IFD)

A figure XICC is sent to IFD to decrypt. XICC is the encryption of Master Key KICC which is the combination of seed keys from ICC (RNDICC) and calculated seed key of IFD (RND’IFD). This time, the arrangement of the seed keys has been reversed.
RND’ICC||RND’IFD =
D(KIFD, XICC)


XICC  will be decrypted at IFD to obtain the value of Master Key KIFD , which will then revealed the calculated seed keys
(RND’ICC   and RND’IFD ).         
RNDIFD = RND’IFD   ?

The calculated value RND’IFD is compared with RNDIFD. If seed keys matched, IFD regards ICC as a trusted source.

No comments: